I-Dnsmasq ku-CentOS 7.3 - Amanethiwekhi we-SME

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Sanibonani zihlobo !. Sinikela le ndatshana ku dnsmasq uhlelo olulula kakhulu olunikeza izinsizakalo DNS - DHCP usebenzisa isoftware eyodwa. Imibhalo engcono kakhulu ekhona kule software iyona efakwe nephakeji uqobo lwayo /usr/share/doc/dnsmasq-2.66/, ifayela lokumiswa ligcwele izibonelo- /etc/dnsmasq.conf, naleyo etholwe ngomyalo indoda dnsmasq. Kuyimpilo futhi ukuvakashela i- Isiza esisemthethweni.

[izimpande @ dns ~] # ls -l / usr/share/doc/dnsmasq-2.66/
ingqikithi ye-136 -rw-r-r--. Impande eyi-1 impande 18007 Apr 17 2013 UKUKOPISHA -rw-r - r--. Impande eyi-1 impande 59811 Nov 11 13: 20 CHANGELOG -rw-r-r--. Impande eyi-1 impande 5164 17 Apr 2013 1 DBus-interface -rw-r - r--. Impande eyi-5009 impande 17 Apr 2013 1 doc.html -rw-r - r--. Impande eyi-25075 impande 17 Apr 2013 1 FAQ -rw-r - r--. Impande eyi-12019 impande 17 Apr 2013 XNUMX setup.html
  • Inqubo echazwe kokuthunyelwe nayo isebenza ku-Debian 8 "Jessie". Ifayela lokumiswa kwe- / etc / dnsmasq liyafana. KuJessie, mhlawumbe udinga kuphela ukufaka iphakethe lakho le-dnsmasq hhayi okunye. Ngikubhala ngoba ngikubona kungadingekile ukwenza i-athikili ehlukile ye-Dnsmasq eDebian. Ngenhlanhla, izinkomba ezihlobene nemibhalo nokucushwa ziyefana. 😉

I-Dnsmaq iyindalo ye- USimon Kelley.

Yini iDnsmasq?

Isoftware yamahhala dnsmasq iseva DNS Phambili y DHCP yamanethiwekhi amancane ekhompyutha. Isibonelo esivamile amaNethiwekhi akhona kuma-SME ethu. Kudinga izinsizakusebenza ezimbalwa zehardware ekusebenzeni kwayo futhi ingaqhutshwa kuzingxenyekazi ezahlukahlukene ezinjengeLinux, BSD, i-Android ne-OS X. Ifakiwe cishe kuwo wonke amakhosombe weLinux neBSD.

Iseva DHCP i-del dnsmasq ungaqashisa amakheli e-IP ngamandla nangokwezibalo, ngamanethiwekhi amaningi anezinhlaka ezihlukene zamakheli we-IP. Ihlanganiswe neseva DNS futhi ivumela imishini yendawo ethola ikheli le-IP ukuthi ibonakale njengebhaliswe ku-DNS ngamarekhodi ayo e-DNS, aqondile futhi ahlehlisiwe.

Indlela yendabuko yokusebenza kwe- dnsmasq ukulanda okwesikhashana amarekhodi e-DNS atholwe ngemibuzo eya kubo Abadlulisi, yehlisa umthwalo kulezi futhi ithuthukise ukusebenza okuphelele kwejubane lokuphendula emibuzweni ehlukile ye-DNS.

Isekela izindinganiso zesimanje ezifana I-IPv6 y DNSSEC, Qala - Boot ngaphezulu kwenethiwekhi ngokusekelwa kwamaphrothokholi IBHODI, I-TFTP, futhi I-PXE.

Emkhathini weLinux, iDnsmasq isetshenziswa kakhulu kumaseva weMishini ngaphandle kweHard Disk kanye neKlayenti Elincane. Ku-Microsoft® Windows, ne-software I-ARDENCE®, okulingana ne-Dnsmasq- isetshenziswa njengeseva ye-DHCP ebizwa ngokuthi E-Sayurian.

Kukusiphi isimo esingasebenzisa i-Dnsmasq?

Uma sikhipha indoda dnsmasq Ku-CentOS, sizothola ikhasi lalelo bhukwana ngolimi lwesiNgisi. Kufayela dnsmasq.8.gz - ngesiSpanish- efakwe nokusatshalaliswa kwe-Debian 8 «Jessie», kuyabonakala ncamashi Okulandelayo:

IMIKHAWULO

  • Amanani wokuzenzakalelayo wemikhawulo yezinsiza ngokuvamile ayalondolozwa, futhi afanele ukusetshenziswa kumadivayisi wohlobo lomzila. kubhajwe ngama-processor slow and memory low. Ku-hardware ngaphezulu  onekhono, kungenzeka ukwandisa imingcele, futhi usekele abaningi amakhasimende. Lokhu okulandelayo kusebenza ku-dnsmasq-2.37: izinhlobo zangaphambilini azenzi bakhuphuke kahle kakhulu.
  • I-Dnsmasq iyakwazi ukuxhasa i-DNS ne-DHCP okungenani inkulungwane eyodwa (1,000) amakhasimende. Izikhathi zokuqashisa akufanele zibe mfushane kakhulu (ngaphansi koyedwa isikhathi). Inani le -dns-forward-max lingakhushulwa: qala ngo- inani elilinganayo lamakhasimende futhi ulinyuse uma ngabe I-DNS. Qaphela ukuthi ukusebenza kwe-DNS futhi kuya ngamaseva I-DNS engenhla. Usayizi wenqolobane ye-DNS ungakhuphuka: umkhawulo Okudingekayo ngamagama ayi-10,000 futhi okuzenzakalelayo (150) kuphansi kakhulu. Ukuthumela i-SIGUSR1 ku-dnsmasq kwenza imininingwane ye-bitacore leyo ilusizo ekuhleleni kahle usayizi wenqolobane. Bona isigaba se-NOTES ukuthola imininingwane.
  • Iseva ye-TFTP eyakhelwe ngaphakathi iyakwazi ukuxhasa ukudluliswa okuningi amafayela afanayo ngasikhathi sinye: umkhawulo ophelele uhlobene nenani leziphathi zefayela ezivunyelwe kwinqubo kanye nekhono le-sys‐tem call select () ukuxhasa izinombolo ezinkulu zokuphathwa kwamafayela. Uma umkhawulo usethwe waba mkhulu kakhulu nge-tftp-max uzosuswa futhi umkhawulo wangempela uzobekwa iwashi ekuqaleni. Qaphela ukuthi ukudluliswa okuningi kungenzeka uma ifayili elifanayo lithunyelwa kuthiwani lapho kudluliswa ngakunyeI-ferencia ithumela ifayela elihlukile. Kungenzeka usebenzise i-dnsmasq ukuphika ukukhangisa kweWebhu usebenzisa uhlu lwe amaseva we-banner aziwa kahle, konke kuxazululeka ku-127.0.0.1 noma 0.0.0.0 ku- / etc / Sebawoti noma kufayela elingeziwe le-Host. Uhlu lungakwazi yinde kakhulu. I-Dnsmasq ihlolwe ngempumelelo ngamagama ayisigidi. Lolo sayizi wefayela lidinga i-1GHz CPU nokulinganiselwa60MB RAM.

Angizange ngibhale noma ngihlele lezi zigaba ezingenhla nhlobo. Ziyabonakala njengoba zingena ku- eyodwa ngeSpanishi kusuka dnsmasq 2.72 kusuka endaweni yokugcina ye-Debian 8.6. Kusuka kubo kanye nasenkambisweni yokusetshenziswa kwale software, singasho ukuthi kuyaqabukela - kungenzeki - ukuthola isimo kumanethiwekhi ethu ama-SME adlula inani le 1000 amaklayenti noma amakhompyutha axhunywe kwi-LAN.

  • I-Dnsmasq iyakwazi ukuxhasa i-DNS ne-DHCP okungenani inkulungwane eyodwa (1,000) amaklayenti.

Ukucatshangelwa eceleni

Kuhlale kungithinta ukuthi isoftware ewine imiklomelo I-ClearOS Enterprise 5.2 SP1 izosebenzisa iDnsmasq-ehlotshaniswa ne- NTP- njengeseva yengqalasizinda ngokuzenzakalela, nokuqhubeka nokuyisebenzisa kanjalo - okungenani kuze kube yinguqulo 7.xxx- in ukukhishwa Ukhokhela ukufaka i-Active Directory® ngokususelwa ku-Samba 4. Kubi kakhulu kithina, bathandi be-Free Software, ukuthi inkampani I-clearFoundationizoyeka ukuhlinzeka ngesoftware yaleyo khwalithi kuzinguqulo ngemuva kuka-5.xxx ngenxa esobala lokuzuza okungcono kwemali. Ngicabanga ukuthi kunenkinga enkampanini uqobo.

Noma ngingu- Fan I-Debian -futhi angifuni ukwenza inkulumo-ze engizikhethele yona- Bengihlala ngincoma iNkampani I-Red Hat®, Inc. imodeli yebhizinisi lakhe eliyibeke njengomholi ongenakuphikwa weFree Software. Ngaphezu kwalokho, kunguMxhasi we-clone kanambambili we-CentOS - isoftware yamahhala engu-100% - yohlelo lwayo lwenkanyezi I-Red Hat® Enterprise Linux - i-RHEL. Kokunye kuthiwa i-CentOS iyi-RHEL engasekelwa (I.

  • Ngine-a ISamba Clasic NT 4.0 Isilawuli Sesizinda Esisisekelo Sesitayela ngokususelwa ku- I-ClearOS Enterprise 5.2 SP1 iminyaka engaphezu kwengu-4 kunethiwekhi yenkampani enamakhasimende weWindows XP, 7, 8, Windows Server 2003 neWindows server 2012. Yini ekhona ukukitaza amanani wokubhalisa ambalwa weklayenti ngalinye leWindows elinenguqulo ephakeme kune-XP? Kuyiqiniso. Yini okusebenza kahle kakhulu? Kuyiqiniso futhi. Ukuthi inani lamaqembu alifiki ku-100? Futhi kuyiqiniso.

Yenza umqondo

  • Yize kimi «I-Common Sense iyona ejwayelekile kakhulu kwezinzwa», zibeke wena kuqala kuZidingo Zakho bese ukhetha indawo yobuciko ngokwalokho Odinga ukukuveza nokukuxazulula ngokwe-Your Own Script.
  • Ungasebenzisi umcibisholo onqamula amazwekazi ukubulala umiyane. Musa ukwenza impilo kube nzima ngokungadingekile: qala ngesixazululo esilula. Uma ungaxazululi ngalokho, phakamisa ubunzima iphuzu elilodwa, njalonjalo.

Masifake i-CentOS 7 ne-Dnsmasq

Ngokufakwa kohlelo lwesisekelo siqondiswa yi-athikili I-CentOS 7 Hypervisor I futhi ekukhetheni amaphakheji sibeka kuphela inketho «Ingqalasizinda Server«. Imingcele ejwayelekile esizoyisebenzisa ekulungiseleleni le ndatshana yile elandelayo:

Nombre FQDN de la máquina virtual:  dns.desdelinux.umlandeli
Ikheli le-IP: 10.10.10.5

I-CentOS 7 ifaka i-dnsmasq

Yebo Bafundi Abathandekayo, ku-CentOS 7 iphakethe dnsmasq ifakiwe ngenkathi kufakwa i-Infrastructure Server futhi Ngicabanga kunezinye izinketho futhi.

[izimpande @ dns ~] # yum imininingwane dnsmasq
Ama-plugins alayishiwe: i-fastestmirror, ama-langpacks alayisha isivinini sesibuko kusuka kufayela eligcinwe ngesinye isibukezo Amaphakheji afakiwe Igama: dnsmasq Architecture: x86_64 Inguqulo: 2.66 Ukukhishwa: 21.el7 Usayizi: 464 k
Indawo yokugcina: ifakiwe
Kusuka endaweni yokugcina: Isifinyezo se-centos-base: I-URL ye-DNS engasindi / okulondolozwe okwesikhashana ye-URL yeseva: http://www.thekelleys.org.uk/dnsmasq/ Ilayisense: Incazelo ye-GPLv2: I-Dnsmasq ayisindi, kulula ukuyilungiselela ukudlulisa i-DNS ne-DHCP: iseva. Idizayinelwe ukuhlinzeka nge-DNS futhi, ngokuzikhethela, i-DHCP, kunethiwekhi: encane. Ingasebenza ngamagama emishini yasendaweni okuyi: engekho kwi-DNS yomhlaba. Iseva ye-DHCP ihlangana ne-DNS: iseva futhi ivumela imishini enamakheli abelwe i-DHCP ukuthi avele: kwi-DNS enamagama amisiwe kusingathi ngasinye noma kufayela le-: central configuration. I-Dnsmasq isekela ukuma okungaguquguquki nokuguqukayo: ukuqashiswa kwe-DHCP ne-BOOTP yokuqalwa kwenethiwekhi yemishini engasebenzi.

Uhlobo lwe dnsmasq Ukufaka kungu-2.66, futhi kufana nenguqulo yeCentOS:

[izimpande @ dns ~] # ikati / i-proc / inguqulo
Uhlobo lwe-Linux 3.10.0-514.6.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (I-Red Hat 4.8.5-11) (GCC)) # 1 SMP Wed Jan 18 13:06:36 UTC 2017

Masivumele futhi silungiselele i-dnsmasq

[izimpande @ dns ~] # nano / etc / hosts
127.0.0.1 i-localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 i-localhost localhost.localdomain localhost6 i-localhost6.localdomain6
10.10.10.5  dns.desdelinux.fan  dns

[izimpande @ dns ~] # igama lomethuleli
dns
[izimpande @ dns ~] # igama lomethuleli -f
dns.desdelinux.umlandeli


[izimpande @ dns ~] # systemctl vumela i-dnsmasq
[izimpande @ dns ~] # systemctl qala dnsmasq
[izimpande @ dns ~] # isimo se-systemctl dnsmasq
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngoSat 2017-02-18 11:47:19 EST; 4s ago Main PID: 1179 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1179 / usr / sbin / dnsmasq -k Feb 18 11:47:19 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 11:47:19 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 11:47:19 dns dnsmasq [1179]: started, version 2.66 cachesize 150 Feb 18 11:47:19 dns dnsmasq [1179 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 11:47:19 dns dnsmasq [1179]: reading /etc/resolv.conf Feb 18 11:47:19 dns dnsmasq [1179]: ukuziba i-nameserver I-127.0.0.1 - yendawo e ... ce Feb 18 11:47:19 dns dnsmasq [1179]: funda / njll / abasingathi - amakheli ama-3 Iseluleko: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele.

Ungakhohlwa isinyathelo esilandelayo:

[izimpande @ dns ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original

Amakheli we-IP alungisiwe

Nge-Dnsmasq, amakheli amaseva noma amakhompyutha adinga i-IP engaguquki -ombili i-IPv4 ne-IPv6- amenyezelwa kufayela / njll / amabamba:

[izimpande @ dns ~] # nano / etc / hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# Servidores
10.10.10.1      sysadmin.desdelinux.fan         sysadmin
10.10.10.3  ad-dc.desdelinux.fan            ad-dc
10.10.10.4      fileserver.desdelinux.fan       fileserver
10.10.10.5  dns.desdelinux.fan          dns
10.10.10.6  proxyweb.desdelinux.fan         proxyweb
10.10.10.7  blog.desdelinux.fan         blog
10.10.10.8  ftpserver.desdelinux.fan        ftpserver
10.10.10.9  mail.desdelinux.fan         mail

Masenze ifayela le /etc/dnsmasq.conf

[izimpande @ dns ~] # nano /etc/dnsmasq.conf
# -------------------------------------------------------------------
# O P C I O N E S   G E N E R A L E S
# -------------------------------------------------------------------
domain-needed   # No pasar nombres sin la parte del dominio
bogus-priv  # No pasar direcciones en el espacio no enrutado
expand-hosts    # Adiciona automaticamente el dominio al host
interface=eth0  # Interface. OJO con la Interface
# except-interface=eth1 # NO escuchar por esta NIC
strict-order    # Orden en que consulta el archivo /etc/resolv.conf

# Incluya muchas mas opciones de configuración
# mediante un archivo o ubicando los archivos
# de configuración adicionales en un directorio
# conf-file=/etc/dnsmasq.more.conf
conf-dir=/etc/dnsmasq.d

# Relativos al Nombre del Dominio
domain=desdelinux.fan   # Nombre del dominio

# El Servidor de Tiempo es 10.10.10.1
address=/time.windows.com/10.10.10.1

# Envía una opción vacía del valor WPAD. Se requiere para que 
# se comporten bien los clientes Windos 7 y posteriores. ;-)
dhcp-option=252,"\n"

# Archivo donde declararemos los HOSTS que serán "baneados"
addn-hosts=/etc/banner_add_hosts

# -------------------------------------------------------------------
# R E G I S T R O S   C N A M E    M X    T X T
# -------------------------------------------------------------------
# Este tipo de registro requiere de una entrada
# en el archivo /etc/hosts
# ej: 10.10.0.7 blog.desdelinux.fan blog
# cname=ALIAS,REAL_NAME
cname=www.desdelinux.fan,blog.desdelinux.umlandeli # MX RECORDS # Ibuyisela irekhodi le-MX elinegama "desdelinux.fan" imiselwe # ethimbeni lemeyili.desdelinux.umlandeli nokubalulekile kwe-10 mx-host=desdelinux.umlandeli,imeyili.desdelinux.fan,10 # Indawo okuyiwa kuyo ezenzakalelayo yamarekhodi e-MX adalwe # kusetshenziswa inketho ye-localmx kuzoba: mx-target=mail.desdelinux.umlandeli # Ibuyisela irekhodi le-MX elikhomba ku-mx-thagethi YAWO YONKE # imishini yendawomx # TXT amarekhodi. Futhi singamemezela irekhodi le-SPF txt-record=desdelinux.fan,"v=spf1 a -konke" txt-record=desdelinux.umlandeli,"DesdeLinux, su Blog dedicado al Software Libre"

# -------------------------------------------------------------------

# -------------------------------------------------------------------
# R A N G O   Y   S U S   O P C I O N E S
# -------------------------------------------------------------------
# Rango IPv4 y tiempo de arrendamiento
# De la 1 a la 29 son para los Servidores y otras necesidades
dhcp-range=10.10.10.30,10.10.10.250,8h

dhcp-lease-max = 222 # Inani eliphakeme lamakheli okuqashisa
                        # ngokuzenzakalela kungu-150
# Rango IPV6
# dhcp-range=1234::, ra-only

# Opciones para el RANGO
# O P C I O N E S
dhcp-option=1,255.255.255.0 # NETMASK
dhcp-option=3,10.10.10.253  # ROUTER GATEWAY
dhcp-option=6,10.10.10.5    # DNS Servers
dhcp-option=15,desdelinux.fan   # DNS Domain Name
dhcp-option=19,1        # option ip-forwarding ON
dhcp-option=28,10.10.10.255 # BROADCAST
dhcp-option=42,10.10.10.1   # NTP
# dhcp-option=40,DCH        # NIS Domain Name
# dhcp-option=41,10.10.10.5 # NIS Server
# SERVIDOR WINS SAMBA4 EXTERNO  #
# dhcp-option=44,10.10.10.5 # WINS
# dhcp-option=45,10.10.10.5 # Datagramas NetBIOS
# SERVIDOR WINS SAMBA4 EXTERNO  #
# dhcp-option=46,8      # Nodo NetBIOS
# dhcp-option=73,10.10.10.3 # Finger Server

dhcp-authoritative              # DHCP Autoritario en la subnet
# -------------------------------------------------------------------

# -------------------------------------------------------------------
# L O G G I N G   A L    /var/log/messages
# -------------------------------------------------------------------
log-queries

# UKUPHELA kwefayela le /etc/dnsmasq.conf
# ----------------------------------------------------- ------------------

Ake sibheke i-syntax bese siqala kabusha insiza

[izimpande @ dns ~] # dnsmasq - isivivinyo
dnsmasq: isheke le-syntax KULUNGILE.
[root @ dns ~] # systemctl qala kabusha i-dnsmasq
[izimpande @ dns ~] # isimo se-systemctl dnsmasq
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Sat 2017-02-18 12:48:05 EST; 5s ago Main PID: 1288 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1288 / usr / sbin / dnsmasq -k Feb 18 12:48:05 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 12:48:05 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 12:48:05 dns dnsmasq [1288]: iqalile, inguqulo 2.66 i-cachedize 150 Feb 18 12:48:05 dns dnsmasq [1288 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 12:48:05 dns dnsmasq-dhcp [1288]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:48: 05 dns dnsmasq [1288]: reading /etc/resolv.conf Feb 18 12:48:05 dns dnsmasq [1288]: ukuziba i-nameserver 127.0.0.1 - local in ... ce Feb 18 12:48:05 dns dnsmasq [1288] ]: funda / njll / imikhosi - amakheli ayi-11
Feb 18 12:48:05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama kusuka /etc/banner_ad...ry
Isiqephu: Ezinye imigqa yayine-ellipsized, sebenzisa-ukukhombisa ngokugcwele.

Qaphela ukuthi kokukhipha kwangaphambilini ifayela le- isimo se-systemctl dnsmasq ibuyisa iphutha:

Feb 18 12:48:05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama kusuka /etc/banner_ad...ry

ekhononda ngokuthi awukwazi ukuthola ifayili / njll / banner_add_hosts.

[izimpande @ dns ~] # ukuthinta / njll / banner_add_hosts
[root @ dns ~] # systemctl qala kabusha dnsmasq.service 
[root @ dns ~] # systemctl qala kabusha dnsmasq.service 
[root @ dns ~] # systemctl isimo dnsmasq.service 
● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Sat 2017-02-18 12:54:26 EST; 7s ago Main PID: 1394 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1394 / usr / sbin / dnsmasq -k Feb 18 12:54:26 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 12:54:26 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 12:54:26 dns dnsmasq [1394]: iqalile, inguqulo 2.66 i-cachesize 150 Feb 18 12:54:26 dns dnsmasq [1394 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 12:54:26 dns dnsmasq-dhcp [1394]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:54: 26 dns dnsmasq [1394]: reading /etc/resolv.conf Feb 18 12:54:26 dns dnsmasq [1394]: ukuziba nameserver 127.0.0.1 - local in ... ce Feb 18 12:54:26 dns dnsmasq [1394 ]: funda / njll / abasingathi - amakheli ayi-11 Feb 18 12:54:26 dns dnsmasq [1394]: funda / njll / banner_add_hosts - 0 amakheli Ukusikisela: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele.

Futhi sesivele sinezinsizakalo ze-DNS ne-DHCP ezisebenzayo.

Kubalulekile

  • Uma siguqula ifayela le /etc/dnsmasq.conf, kufanele siqale kabusha insiza ukuze ushintsho luqale ukusebenza.
  • Uma siguqula ifayili le- / etc / hosts Ukususa, ukuguqula noma ukufaka i-IP engaguquki negama layo lomethuleli ohambelana nayo, kufanele siqale kabusha insiza ukuze ushintsho luqale ukusebenza..
  • ukulayishwa kabusha kwe-systemctl dnsmasq.service akukwazi ukusetshenziswa nale nsizakalo.

Sivula amachweba adingekayo ku-Firewall

Esihlokweni somngani wami nozakwethu uLuigys Toro -isibankwa- "Uwavula kanjani amachweba ku-Centos 7 Firewall»Inqubo okufanele siyilandele ukuvula amachweba ku-Firewall efakwa yi-CentOS ngokuzenzakalela ichazwa kahle. Angazi namanje ukuthi ngiyisebenzisa kanjani imithetho yokuqukethwe kweSelinux kusevisi ye-dnsmasq kuCentOS. Uma kukhona omaziyo, sicela usikhanyisele.

Amafayela / njll / izivumelwano y / njll / amasevisi Ziwumhlahlandlela omuhle kakhulu wokwazi ukuthi yimaphi amachweba esidinga ukuwavula ukuze izinsizakalo ze-DNS ne-DHCP ezinikezwe yi-Dnsmasq zisebenze kahle.

[izimpande @ dns ~] # firewall-cmd - izindawo ezisebenzayo
izixhumi zomphakathi: eth0

Isevisi domain o Iseva Yegama Lesizinda (dns). Isivumelwano iswayipha «IP ngokubethela»

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 53 / tcp - ehlala njalo
impumelelo

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 53 / udp - ehlala njalo
impumelelo

Isevisi ukuqaqa o Iseva ye-BOOTP (dhcp). Isivumelwano ippc «I-Internet Pluribus Packet Core»

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 67 / tcp - ehlala njalo
impumelelo

[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 67 / udp - ehlala njalo
impumelelo

[izimpande @ dns ~] # firewall-cmd - phinda ulayishe
impumelelo

[root @ dns ~] # firewall-cmd - uhlu-konke
umphakathi (osebenzayo): amabhulokhi e-icmp: imithetho ecebile:

Kubalulekile

  • Uma sizonikezela ngezinsizakalo zokuqashisa ikheli le-IPv6, kumele futhi sivule amachweba i-dhcpv6-server 547 / tcp kanye ne-dhcpv6-server 547 / udp.

Amasheke

Ake sibheke imibuzo eminingi ye-DNS ukuthi iDnsmasq yethu entsha sha esanda kusebenza isebenza kanjani. Kulokhu sikhetha iqembu elaziwayo sysadmin.desdelinux.umlandeli, futhi kusuka kuleyo khompyutha, exhunywe kwi-LAN, sizokwenza imibuzo eminingana, kepha hhayi ngaphambi kokubheka ukuthi ifayela lihlelwe kahle /etc/resolv.conf:

buzz @ sysadmin: ~ $ cat /etc/resolv.conf 
# Generated by NetworkManager
search desdelinux.fan nameserver 10.10.10.5

Izilungiselelo zefayela /etc/resolv.conf kulungile. Ake siqale ukubonisana

buzz @ sysadmin: ~ $ umphathi we-dns
dns.desdelinux.fan has address 10.10.10.5
Host dns.desdelinux.fan not found: 5(REFUSED)
dns.desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-1.desdelinux.umlandeli.

Ngokucushwa okuhlongozwayo, singakulahla ukukhishwa komyalo Bamba ngaphandle kwezinketho uma kukhulunywa nge-Dnsmasq, lapho kubuyiselwa imigqa efana nale elandelayo:

Host dns.desdelinux.fan not found: 5(REFUSED)

Uma singafuni lolo hlobo lokukhiphayo, kufanele sisebenzise umyalo Bamba ngezinketho -t A, -t CNAME, -t NS, -t SOA, -t SIG, -t AXFR. Bheka umuntu ophethe ukuthola eminye imininingwane:

buzz@sysadmin:~$ host -t A dns.desdelinux.umlandeli
dns.desdelinux.fan has address 10.10.10.5

[izimpande @ dns ~] # umphathi -t Ku-dns
dns.desdelinux.fan has address 10.10.10.5

i-buzz @ sysadmin: ~ $ dig dns

buzz @ sysadmin: ~ $ umsingathi 10.10.10.5
5.10.10.10.in-addr.arpa domain name pointer dns.desdelinux.umlandeli.

I-Dnsmasq ayihloselwe uhlelo lwe-Master - Slave

buzz@sysadmin:~$ host -t AXFR desdelinux.umlandeli
Trying "desdelinux.fan"
Host desdelinux.fan not found: 5(REFUSED)
; Transfer failed.

Akuhloselwe futhi ukubuyisa amarekhodi e-NS ne-SOA

buzz@sysadmin:~$ host -t NS desdelinux.umlandeli
Host desdelinux.fan not found: 5(REFUSED)

buzz@sysadmin:~$ host -t SOA desdelinux.umlandeli
Host desdelinux.fan not found: 5(REFUSED)

buzz@sysadmin:~$ dig IN SOA desdelinux.umlandeli
buzz@sysadmin:~$ dig IN NS desdelinux.umlandeli

Uma isekela amarekhodi e-MX, CNAME, ne-TXT

buzz @ sysadmin: ~ $ host -t Ukuze www
www.desdelinux.fan is an alias for blog.desdelinux.fan.
blog.desdelinux.fan has address 10.10.10.7
buzz@sysadmin:~$ host -t MX desdelinux.umlandeli
desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli.

buzz @ sysadmin: ~ $ umphathi -t CNAME www
www.desdelinux.fan is an alias for blog.desdelinux.umlandeli.

buzz@sysadmin:~$ host -t A blog.desdelinux.umlandeli
ibhulogi.desdelinux.fan has address 10.10.10.7

buzz@sysadmin:~$ host -t TXT desdelinux.umlandeli
desdelinux.fan descriptive text "DesdeLinux, su Blog dedicado al Software Libre"
desdelinux.fan descriptive text "v=spf1 a -all"

I-PTR iqopha imibuzo

buzz @ sysadmin: ~ $ umphathi -t PTR 10.10.10.7
7.10.10.10.in-addr.arpa domain name pointer blog.desdelinux.umlandeli.

buzz @ sysadmin: ~ $ umsingathi 10.10.10.7
7.10.10.10.in-addr.arpa domain name pointer blog.desdelinux.umlandeli.

Amaklayenti e-Microsoft® Windows

Kuphilile kakhulu ukusebenzisa ikhonsoli yeseva dns.desdelinux.umlandeli umyalo iphephabhuku -f NGAPHAMBI kokuvula umshini osebenzisa isistimu yokusebenza ye-Microsoft® Windows, ukubona inani elikhulu lemibuzo ye-DNS eliyenzayo kumasayithi ahlukene. Kuyajabulisa ngempela. 😉

Uma sifuna ukuvimba imibuzo ephathelene namanye ala masayithi ekuhambeleni kumaseva eRoots Izimpande Zeseva noma ngase Abadlulisi ukuthi simemezele kufayela /etc/resolv.conf, singalisebenzisa kahle ifayela / etc / banner_add_host, ukuyigcwalisa ngamasayithi amaningi esidinga ukuwamemezela. Isibonelo:

[izimpande @ dns ~] # nano / njll / banner_add_hosts
127.0.0.1 windowsupdate.com 127.0.0.1 ctldl.windowsupdate.com 127.0.0.1 ocsp.verisign.com 127.0.0.1 csc3-2010-crl.verisign.com 127.0.0.1 www.msftncsi.com 127.0.0.1 ipv6.msftncsi.com 127.0.0.1 teredo.ipv6.microsoft.com 127.0.0.1 ds.download.windowsupdate.com 127.0.0.1 download.microsoft.com 127.0.0.1 fe2.update.microsoft.com 127.0.0.1 crl.microsoft.com 127.0.0.1 www .download.windowsupdate.com 127.0.0.1 win8.ipv6.microsoft.com 127.0.0.1 spynet.microsoft.com 127.0.0.1 spynet1.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynet3.microsoft.com 127.0.0.1. 4 spynet127.0.0.1.microsoft.com 5 spynet127.0.0.1.microsoft.com 15 office127.0.0.1client.microsoft.com 127.0.0.1 addons.mozilla.org XNUMX crl.verisign.com

[izimpande @ dns ~] # dnsmasq - isivivinyo
dnsmasq: isheke le-syntax KULUNGILE.

[root @ dns ~] # systemctl qala kabusha dnsmasq.service 
[root @ dns ~] # systemctl isimo dnsmasq.service

[root @ dns ~] # host -t Ku-spynet4.microsoft.com
ispynet4.microsoft.com inekheli 127.0.0.1

[root @ dns ~] # host -t Ku-www.download.windowsupdate.com
www.download.windowsupdate.com inekheli 127.0.0.1
  • Ifomethi yefayela le- / etc / banner_add_hosts iyefana nefayela le- / etc / hosts. Khumbula ukuthi uhlu lwezizinda "zokuvimbela" lungaba lude ngangokunokwenzeka, ngokusho kwesigaba IMIKHAWULO yalesi sihloko.

Ukuhlola kusuka kuklayenti Isikhombisa.desdelinux.umlandeli enikeze ikheli le-IP:

buzz @ sysadmin: ~ $ host -t A eziyisikhombisa
Isikhombisa.desdelinux.fan has address 10.10.10.115

senza umyalo kuklayenti leWindows uqobo cmd:

I-Microsoft Windows [Inguqulo 6.1.7601]
I-copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe.

C: \ Abasebenzisi \ buzz> nslookup
Default Server:  dns.desdelinux.fan
Address:  10.10.10.5

> dns
Server:  dns.desdelinux.fan
Address:  10.10.10.5

Name:    dns.desdelinux.fan
Address:  10.10.10.5

> ftpserver
Server:  dns.desdelinux.fan
Address:  10.10.10.5

Name:    ftpserver.desdelinux.fan
Address:  10.10.10.8

> www
Server:  dns.desdelinux.fan
Address:  10.10.10.5

Name:    blog.desdelinux.fan
Address:  10.10.10.7
Aliases:  www.desdelinux.fan

> mail
Server:  dns.desdelinux.fan
Address:  10.10.10.5

Name:    mail.desdelinux.fan
Address:  10.10.10.9

> sysadmin
Server:  dns.desdelinux.fan
Address:  10.10.10.5

Name:    sysadmin.desdelinux.fan
Address:  10.10.10.1

> www.download.windowsupdate.com
Server:  dns.desdelinux.fan
Address:  10.10.10.5

Name:    www.download.windowsupdate.com
Address:  127.0.0.1

> quit

C:\Users\buzz>

Isifingqo

Kuze kube manje sibonile izici ezimbalwa eziyinhloko ze-Dnsmasq. ngicabanga Funda futhi ufunde amafayela ashiwo esigabeni sokuqala sale ndatshana, uma ufuna ukwazi kabanzi ngalolu hlelo oluhle kakhulu nolumangazayo. Ngokusetshenziswa kwayo singakwazi ukwenza lula izimpilo zethu.

Cishe ngo-2014 ngifunde i-athikili «Kanjani: Samba4 AD PDC + Windows XP, Vista no-7«. Umsunguli wale ndatshana umemezela ngaphandle kokuchwayiza: «Ngiyakuzonda ukubopha, ngakho-ke yi-dnsmasq ukutakula»(Sic) okusho okuncane noma okuncane okushoyo«Ngiyakuzonda ukubopha, ngakho-ke uDnsmasq uyangisiza«. Kwerekhodi, leyo nkulumo ayishongo kimi.

Ekudluliseni ngiphawula ukuthi, kuleyo ndatshana uMlobi akacacisi umsuka wamanye amarekhodi e-DNS futhi ngamagama ajwayelekile akuyona inkomba enhle yokusebenzisa i-Active Directory® esekwe kuSamba 4. Uma uthanda ngokweqile iDnsmasq.

Angikuzondi ukubopha nhlobo. Izindatshana zami ezine -4- ezidlule zikufakazela lokhu:

Njengoba ngike ngabhala ezikhathini ezedlule, cishe angikaze Ngisikisela, kodwa ngicabanga. Endabeni kaDnsmasq yebo Ngisikisela ukusetshenziswa kwayo kuma-SME Networks.

Ukulethwa okulandelayo

Isitolimende esilandelayo -ngicabanga ukuthi ngiyacabanga- Ngizoyinikela ekuhlanganisweni kweDnsmasq ne-Microsoft® Active Directory®. Kuzoba yindawo enhle yokungena ye-athikili -muy- ngokuhamba kwesikhathi lokho kuzobhekana nokuthi ungayenza kanjani i-AD-DC ngeSamba 4 neDnsmasq.


Amazwana ayi-12, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   UJoan Hernandez kusho

    Sanibonani ekuseni !!! Ngiyaqinisekisa konke okushoyo futhi ngokweqiniso ukuthi ukusebenza kwale nethiwekhi kuze kube manje akunikezi sizathu sokukhononda. Angiseyona i-sysadmin yaleyo nethiwekhi, ngoba uyazi izinkinga ebenginazo ... kepha ngenkathi ngiphethe leyo nethiwekhi futhi kuze kube manje lapho ngixhumana nalowo ophambi kwayo, asikho isizathu sokukhononda. Okuhlangenwe nakho kwami ​​okuhle nge-ClearOS ne-DNSmasq.

  2.   frederico kusho

    Mngani Joan, Ngiyabonga ngosizo lwakho ekuqinisekiseni engikubhalile mayelana nenkampani ene-ClearOS.

  3.   isihlibhi kusho

    Engikuthanda kakhulu nge-dnsmasq ukuthi kungasebenziseka kanjani, kufayela elilodwa ulungiselela i-DNS ne-DHCP. Mayelana nokusebenza anginazikhalazo, esikhathini esithile esedlule ngacisha iseva ka-2003R2 eyayisebenza njenge-DC, amaklayenti amaningana e-Linux avela komasipala abakude "babelokhu belengisiwe" futhi njengoba ngangingenayo indlela yokushintsha izintandokazi zabo ze-DNS, engikwenzile ngakukhulisa uJessie onaleyo IP ne-dnsmasq balondoloze i-DNS entsha, konke kulungile.
    I-athikili enhle kakhulu uFico, maqondana nami.

    1.    frederico kusho

      Ucabangani ngomkhawulo olandelanayo wokunikeza amakhompyutha afinyelela ku-1000? Nginethuba lokuqinisekisa imininingwane nomngani ozinikele ekunikezeni izinsizakalo zewebhusayithi ethi "Captive» nge-WiFi, futhi muva nje unikeze insizakalo-nge-BIND + Isc-dhcp- kuma-mobiles angaphezu kwe-1000 eKarl Marx Theatre. Ungiqashe ukuthi ngimenze iseva enokusetshenziswa okuphansi kakhulu kwezinsizakusebenza, zalowo msebenzi.

      1.    isihlibhi kusho

        Kufanele kucace ukuthi lawa abizwa ngokuthi "imingcele" alinganiswa eminyakeni embalwa eyedlule futhi nge-hardware engaphansi kwezinga lamanje, zombili i-dnsmasq namakhasimende aguquke kakhulu, ngiyaqiniseka ukuthi izobamba umthwalo walaba abasebenzisi. Hlala ubhala futhi uvimbele imibuzo eyinkulungwane neyodwa i-Android eyenza izame ukufonela ekhaya, hehe. Jabulela

  4.   frederico kusho

    Ngizosithatha ngokungathi sína iseluleko sakho, dhunter. ngiyabona futhi

  5.   IWO kusho

    Njengoba sekuyinsakavukela kulolu chungechunge lwama-SME, lokhu okuthunyelwe ku- "DNSMASQ" kungenye indatshana enhle umlobi asinika yona ama-sysadmins ukuze sizithuthukise ngobuchwepheshe nangethiyori.
    Endabeni yami siqu ngangazi ngokungacacile nge-dnsmasq ngoba ngangibeke phambili i-DNS (Bind) ne-DHCP njengezinsizakalo ezimbili ezizimele. Kimi kukhulu! Into ye-dnsmasq yokuvumela ukumisa zombili kusevisi eyodwa (ngefayela /etc/dnsmasq.conf).
    Kuhle! ekwazi ukuxhasa okungenani amaklayenti ayi-1,000 XNUMX nge-DNS ne-DHCP ngaphandle kokuthinta ukusebenza kwayo.
    Okunye okuhle kakhulu yi-TIP yokuthi ungayibalekela kanjani imibuzo ephathelene nama-Root Servers noma i-Forwarders esebenzisa i- / etc / banner_add_host file where we insert the "N" sites that we need to declare as if were "localhosts".
    Ekugcineni futhi njengoba bekulokhu kujwayelekile kumbhali ngesigaba sakhe esithi "Okulandelayo isitolimende", manje uhlela ukuletha elinye igugu "ukuhlanganiswa kweDnsmasq ne-Microsoft® Active Directory®".
    Yebo, sesivele sikulangazelele.

  6.   isikejana inflatable kusho

    Bengimatasa futhi angikwazi ukulandela izindatshana zakho. Ngiphuthelwe amanye. Umbhalo wakho omusha ngamunye uyisimanga esimnandi esiqukethe izimfundiso ezintsha. Qhubeka, mngani Fico

  7.   crespo88 kusho

    IDnsmasq, ngibona ukusebenza kwayo nsuku zonke, kungcono kakhulu. Bengihlala ngikutshela futhi ngiphikelela ekuhlanganisweni kwe-bind9 kanye ne-isc-dhcp-server (isixazululo engisithanda kakhulu, ngoba ukuzama kaningi ngafunda futhi ngabona futhi ngathola lokho okuncane engikwaziyo nge-dns ne-dhcp, i-VIIII, bengikwazi bona ukuthi yini iMicrosoft engakuvumeli uyigcine, lokho abangafuni ukuba ukufunde futhi ikugcine egumbini elimnyama futhi elikhiyiwe, empeleni kuyizinsizakalo okwakhulunywa ngazo sengathi ziyizilo futhi zingabantu abalungile, ongabhekana nazo iqiniso), futhi ngiyabonga Kulokhu uphoqeleke ukuthi uzithuthukise nakakhulu, empeleni sesivele siyibona yonke imiphumela yalo mzamo futhi siyabonga ngekhwalithi yokuthunyelwe kwakho.
    Lokhu ikakhulukazi kuphezulu, angithathi isikweletu kwabanye, NGOKUQINISEKILE HHAYI, HHAYI NOMA UCABANGA NGAYO; kodwa kungenxa yakho ngihlangane nomngani wami dnsmasq futhi inethiwekhi ye-Residence yami ihlala ngaphezu kokujabula ukuhlangana nozakwethu omusha owenziwe nguSimon Kelley. Ngiyabonga nakuye.

  8.   frederico kusho

    IWO: Ngeke ulinde isikhathi eside ngokuthunyelwe okulandelayo. Angikayiqedi okwamanje ngoba ngimatasa kakhulu nomsebenzi wami wansuku zonke. Isikhathi ... Kepha ngokuqinisekile uzoba naso ngeviki elizayo.

  9.   frederico kusho

    I-Crespo88: Angikwazi ukungeza enye into ekuphawuleni kwakho okuphelele. Futhi sengivele nginesikhathi esincane ngoba ngo-7 ntambama ngiphelelwa ukuzulazula 😉
    Ngiyabonga!.

  10.   i-caesareli kusho

    Sawubona, FICO. I-athikili enhle kakhulu.
    Ngingathanda ukwazi ukuthi ungayisebenzisa kanjani i-dnsmasq kwi-baremetal (HP Proliant gen 8) ebamba imishini ebonakalayo ye-KVM.
    Ngabe ukucushwa kwe-dnsmasq kufanele kwenziwe kumsingathi noma kwelinye lama-VM asebenza njengeseva ye-dnsmasq?
    Ngisenkingeni.
    Ukubingelela