Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso
Sanibonani zihlobo !. Sinikela le ndatshana ku dnsmasq uhlelo olulula kakhulu olunikeza izinsizakalo DNS - DHCP usebenzisa isoftware eyodwa. Imibhalo engcono kakhulu ekhona kule software iyona efakwe nephakeji uqobo lwayo /usr/share/doc/dnsmasq-2.66/, ifayela lokumiswa ligcwele izibonelo- /etc/dnsmasq.conf, naleyo etholwe ngomyalo indoda dnsmasq. Kuyimpilo futhi ukuvakashela i- Isiza esisemthethweni.
[izimpande @ dns ~] # ls -l / usr/share/doc/dnsmasq-2.66/ ingqikithi ye-136 -rw-r-r--. Impande eyi-1 impande 18007 Apr 17 2013 UKUKOPISHA -rw-r - r--. Impande eyi-1 impande 59811 Nov 11 13: 20 CHANGELOG -rw-r-r--. Impande eyi-1 impande 5164 17 Apr 2013 1 DBus-interface -rw-r - r--. Impande eyi-5009 impande 17 Apr 2013 1 doc.html -rw-r - r--. Impande eyi-25075 impande 17 Apr 2013 1 FAQ -rw-r - r--. Impande eyi-12019 impande 17 Apr 2013 XNUMX setup.html
- Inqubo echazwe kokuthunyelwe nayo isebenza ku-Debian 8 "Jessie". Ifayela lokumiswa kwe- / etc / dnsmasq liyafana. KuJessie, mhlawumbe udinga kuphela ukufaka iphakethe lakho le-dnsmasq hhayi okunye. Ngikubhala ngoba ngikubona kungadingekile ukwenza i-athikili ehlukile ye-Dnsmasq eDebian. Ngenhlanhla, izinkomba ezihlobene nemibhalo nokucushwa ziyefana. 😉
I-Dnsmaq iyindalo ye- USimon Kelley.
Yini iDnsmasq?
Isoftware yamahhala dnsmasq iseva DNS Phambili y DHCP yamanethiwekhi amancane ekhompyutha. Isibonelo esivamile amaNethiwekhi akhona kuma-SME ethu. Kudinga izinsizakusebenza ezimbalwa zehardware ekusebenzeni kwayo futhi ingaqhutshwa kuzingxenyekazi ezahlukahlukene ezinjengeLinux, BSD, i-Android ne-OS X. Ifakiwe cishe kuwo wonke amakhosombe weLinux neBSD.
Iseva DHCP i-del dnsmasq ungaqashisa amakheli e-IP ngamandla nangokwezibalo, ngamanethiwekhi amaningi anezinhlaka ezihlukene zamakheli we-IP. Ihlanganiswe neseva DNS futhi ivumela imishini yendawo ethola ikheli le-IP ukuthi ibonakale njengebhaliswe ku-DNS ngamarekhodi ayo e-DNS, aqondile futhi ahlehlisiwe.
Indlela yendabuko yokusebenza kwe- dnsmasq ukulanda okwesikhashana amarekhodi e-DNS atholwe ngemibuzo eya kubo Abadlulisi, yehlisa umthwalo kulezi futhi ithuthukise ukusebenza okuphelele kwejubane lokuphendula emibuzweni ehlukile ye-DNS.
Isekela izindinganiso zesimanje ezifana I-IPv6 y DNSSEC, Qala - Boot ngaphezulu kwenethiwekhi ngokusekelwa kwamaphrothokholi IBHODI, I-TFTP, futhi I-PXE.
Emkhathini weLinux, iDnsmasq isetshenziswa kakhulu kumaseva weMishini ngaphandle kweHard Disk kanye neKlayenti Elincane. Ku-Microsoft® Windows, ne-software I-ARDENCE®, okulingana ne-Dnsmasq- isetshenziswa njengeseva ye-DHCP ebizwa ngokuthi E-Sayurian.
Kukusiphi isimo esingasebenzisa i-Dnsmasq?
Uma sikhipha indoda dnsmasq Ku-CentOS, sizothola ikhasi lalelo bhukwana ngolimi lwesiNgisi. Kufayela dnsmasq.8.gz - ngesiSpanish- efakwe nokusatshalaliswa kwe-Debian 8 «Jessie», kuyabonakala ncamashi Okulandelayo:
IMIKHAWULO
- Amanani wokuzenzakalelayo wemikhawulo yezinsiza ngokuvamile ayalondolozwa, futhi afanele ukusetshenziswa kumadivayisi wohlobo lomzila. kubhajwe ngama-processor slow and memory low. Ku-hardware ngaphezulu onekhono, kungenzeka ukwandisa imingcele, futhi usekele abaningi amakhasimende. Lokhu okulandelayo kusebenza ku-dnsmasq-2.37: izinhlobo zangaphambilini azenzi bakhuphuke kahle kakhulu.
- I-Dnsmasq iyakwazi ukuxhasa i-DNS ne-DHCP okungenani inkulungwane eyodwa (1,000) amakhasimende. Izikhathi zokuqashisa akufanele zibe mfushane kakhulu (ngaphansi koyedwa isikhathi). Inani le -dns-forward-max lingakhushulwa: qala ngo- inani elilinganayo lamakhasimende futhi ulinyuse uma ngabe I-DNS. Qaphela ukuthi ukusebenza kwe-DNS futhi kuya ngamaseva I-DNS engenhla. Usayizi wenqolobane ye-DNS ungakhuphuka: umkhawulo Okudingekayo ngamagama ayi-10,000 futhi okuzenzakalelayo (150) kuphansi kakhulu. Ukuthumela i-SIGUSR1 ku-dnsmasq kwenza imininingwane ye-bitacore leyo ilusizo ekuhleleni kahle usayizi wenqolobane. Bona isigaba se-NOTES ukuthola imininingwane.
- Iseva ye-TFTP eyakhelwe ngaphakathi iyakwazi ukuxhasa ukudluliswa okuningi amafayela afanayo ngasikhathi sinye: umkhawulo ophelele uhlobene nenani leziphathi zefayela ezivunyelwe kwinqubo kanye nekhono le-sys‐tem call select () ukuxhasa izinombolo ezinkulu zokuphathwa kwamafayela. Uma umkhawulo usethwe waba mkhulu kakhulu nge-tftp-max uzosuswa futhi umkhawulo wangempela uzobekwa iwashi ekuqaleni. Qaphela ukuthi ukudluliswa okuningi kungenzeka uma ifayili elifanayo lithunyelwa kuthiwani lapho kudluliswa ngakunyeI-ferencia ithumela ifayela elihlukile. Kungenzeka usebenzise i-dnsmasq ukuphika ukukhangisa kweWebhu usebenzisa uhlu lwe amaseva we-banner aziwa kahle, konke kuxazululeka ku-127.0.0.1 noma 0.0.0.0 ku- / etc / Sebawoti noma kufayela elingeziwe le-Host. Uhlu lungakwazi yinde kakhulu. I-Dnsmasq ihlolwe ngempumelelo ngamagama ayisigidi. Lolo sayizi wefayela lidinga i-1GHz CPU nokulinganiselwa60MB RAM.
Angizange ngibhale noma ngihlele lezi zigaba ezingenhla nhlobo. Ziyabonakala njengoba zingena ku- eyodwa ngeSpanishi kusuka dnsmasq 2.72 kusuka endaweni yokugcina ye-Debian 8.6. Kusuka kubo kanye nasenkambisweni yokusetshenziswa kwale software, singasho ukuthi kuyaqabukela - kungenzeki - ukuthola isimo kumanethiwekhi ethu ama-SME adlula inani le 1000 amaklayenti noma amakhompyutha axhunywe kwi-LAN.
- I-Dnsmasq iyakwazi ukuxhasa i-DNS ne-DHCP okungenani inkulungwane eyodwa (1,000) amaklayenti.
Ukucatshangelwa eceleni
Kuhlale kungithinta ukuthi isoftware ewine imiklomelo I-ClearOS Enterprise 5.2 SP1 izosebenzisa iDnsmasq-ehlotshaniswa ne- NTP- njengeseva yengqalasizinda ngokuzenzakalela, nokuqhubeka nokuyisebenzisa kanjalo - okungenani kuze kube yinguqulo 7.xxx- in ukukhishwa Ukhokhela ukufaka i-Active Directory® ngokususelwa ku-Samba 4. Kubi kakhulu kithina, bathandi be-Free Software, ukuthi inkampani I-clearFoundationizoyeka ukuhlinzeka ngesoftware yaleyo khwalithi kuzinguqulo ngemuva kuka-5.xxx ngenxa esobala lokuzuza okungcono kwemali. Ngicabanga ukuthi kunenkinga enkampanini uqobo.
Noma ngingu- Fan I-Debian -futhi angifuni ukwenza inkulumo-ze engizikhethele yona- Bengihlala ngincoma iNkampani I-Red Hat®, Inc. imodeli yebhizinisi lakhe eliyibeke njengomholi ongenakuphikwa weFree Software. Ngaphezu kwalokho, kunguMxhasi we-clone kanambambili we-CentOS - isoftware yamahhala engu-100% - yohlelo lwayo lwenkanyezi I-Red Hat® Enterprise Linux - i-RHEL. Kokunye kuthiwa i-CentOS iyi-RHEL engasekelwa (I.
- Ngine-a ISamba Clasic NT 4.0 Isilawuli Sesizinda Esisisekelo Sesitayela ngokususelwa ku- I-ClearOS Enterprise 5.2 SP1 iminyaka engaphezu kwengu-4 kunethiwekhi yenkampani enamakhasimende weWindows XP, 7, 8, Windows Server 2003 neWindows server 2012. Yini ekhona ukukitaza amanani wokubhalisa ambalwa weklayenti ngalinye leWindows elinenguqulo ephakeme kune-XP? Kuyiqiniso. Yini okusebenza kahle kakhulu? Kuyiqiniso futhi. Ukuthi inani lamaqembu alifiki ku-100? Futhi kuyiqiniso.
Yenza umqondo
- Yize kimi «I-Common Sense iyona ejwayelekile kakhulu kwezinzwa», zibeke wena kuqala kuZidingo Zakho bese ukhetha indawo yobuciko ngokwalokho Odinga ukukuveza nokukuxazulula ngokwe-Your Own Script.
- Ungasebenzisi umcibisholo onqamula amazwekazi ukubulala umiyane. Musa ukwenza impilo kube nzima ngokungadingekile: qala ngesixazululo esilula. Uma ungaxazululi ngalokho, phakamisa ubunzima iphuzu elilodwa, njalonjalo.
Masifake i-CentOS 7 ne-Dnsmasq
Ngokufakwa kohlelo lwesisekelo siqondiswa yi-athikili I-CentOS 7 Hypervisor I futhi ekukhetheni amaphakheji sibeka kuphela inketho «Ingqalasizinda Server«. Imingcele ejwayelekile esizoyisebenzisa ekulungiseleleni le ndatshana yile elandelayo:
Nombre FQDN de la máquina virtual: dns.desdelinux.umlandeli Ikheli le-IP: 10.10.10.5
I-CentOS 7 ifaka i-dnsmasq
Yebo Bafundi Abathandekayo, ku-CentOS 7 iphakethe dnsmasq ifakiwe ngenkathi kufakwa i-Infrastructure Server futhi Ngicabanga kunezinye izinketho futhi.
[izimpande @ dns ~] # yum imininingwane dnsmasq Ama-plugins alayishiwe: i-fastestmirror, ama-langpacks alayisha isivinini sesibuko kusuka kufayela eligcinwe ngesinye isibukezo Amaphakheji afakiwe Igama: dnsmasq Architecture: x86_64 Inguqulo: 2.66 Ukukhishwa: 21.el7 Usayizi: 464 k Indawo yokugcina: ifakiwe Kusuka endaweni yokugcina: Isifinyezo se-centos-base: I-URL ye-DNS engasindi / okulondolozwe okwesikhashana ye-URL yeseva: http://www.thekelleys.org.uk/dnsmasq/ Ilayisense: Incazelo ye-GPLv2: I-Dnsmasq ayisindi, kulula ukuyilungiselela ukudlulisa i-DNS ne-DHCP: iseva. Idizayinelwe ukuhlinzeka nge-DNS futhi, ngokuzikhethela, i-DHCP, kunethiwekhi: encane. Ingasebenza ngamagama emishini yasendaweni okuyi: engekho kwi-DNS yomhlaba. Iseva ye-DHCP ihlangana ne-DNS: iseva futhi ivumela imishini enamakheli abelwe i-DHCP ukuthi avele: kwi-DNS enamagama amisiwe kusingathi ngasinye noma kufayela le-: central configuration. I-Dnsmasq isekela ukuma okungaguquguquki nokuguqukayo: ukuqashiswa kwe-DHCP ne-BOOTP yokuqalwa kwenethiwekhi yemishini engasebenzi.
Uhlobo lwe dnsmasq Ukufaka kungu-2.66, futhi kufana nenguqulo yeCentOS:
[izimpande @ dns ~] # ikati / i-proc / inguqulo Uhlobo lwe-Linux 3.10.0-514.6.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (I-Red Hat 4.8.5-11) (GCC)) # 1 SMP Wed Jan 18 13:06:36 UTC 2017
Masivumele futhi silungiselele i-dnsmasq
[izimpande @ dns ~] # nano / etc / hosts 127.0.0.1 i-localhost localhost.localdomain localhost4 localhost4.localdomain4 :: 1 i-localhost localhost.localdomain localhost6 i-localhost6.localdomain6 10.10.10.5 dns.desdelinux.fan dns [izimpande @ dns ~] # igama lomethuleli dns [izimpande @ dns ~] # igama lomethuleli -f dns.desdelinux.umlandeli [izimpande @ dns ~] # systemctl vumela i-dnsmasq [izimpande @ dns ~] # systemctl qala dnsmasq [izimpande @ dns ~] # isimo se-systemctl dnsmasq ● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngoSat 2017-02-18 11:47:19 EST; 4s ago Main PID: 1179 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1179 / usr / sbin / dnsmasq -k Feb 18 11:47:19 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 11:47:19 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 11:47:19 dns dnsmasq [1179]: started, version 2.66 cachesize 150 Feb 18 11:47:19 dns dnsmasq [1179 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 11:47:19 dns dnsmasq [1179]: reading /etc/resolv.conf Feb 18 11:47:19 dns dnsmasq [1179]: ukuziba i-nameserver I-127.0.0.1 - yendawo e ... ce Feb 18 11:47:19 dns dnsmasq [1179]: funda / njll / abasingathi - amakheli ama-3 Iseluleko: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele.
Ungakhohlwa isinyathelo esilandelayo:
[izimpande @ dns ~] # mv /etc/dnsmasq.conf /etc/dnsmasq.conf.original
Amakheli we-IP alungisiwe
Nge-Dnsmasq, amakheli amaseva noma amakhompyutha adinga i-IP engaguquki -ombili i-IPv4 ne-IPv6- amenyezelwa kufayela / njll / amabamba:
[izimpande @ dns ~] # nano / etc / hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 # Servidores 10.10.10.1 sysadmin.desdelinux.fan sysadmin 10.10.10.3 ad-dc.desdelinux.fan ad-dc 10.10.10.4 fileserver.desdelinux.fan fileserver 10.10.10.5 dns.desdelinux.fan dns 10.10.10.6 proxyweb.desdelinux.fan proxyweb 10.10.10.7 blog.desdelinux.fan blog 10.10.10.8 ftpserver.desdelinux.fan ftpserver 10.10.10.9 mail.desdelinux.fan mail
Masenze ifayela le /etc/dnsmasq.conf
[izimpande @ dns ~] # nano /etc/dnsmasq.conf # ------------------------------------------------------------------- # O P C I O N E S G E N E R A L E S # ------------------------------------------------------------------- domain-needed # No pasar nombres sin la parte del dominio bogus-priv # No pasar direcciones en el espacio no enrutado expand-hosts # Adiciona automaticamente el dominio al host interface=eth0 # Interface. OJO con la Interface # except-interface=eth1 # NO escuchar por esta NIC strict-order # Orden en que consulta el archivo /etc/resolv.conf # Incluya muchas mas opciones de configuración # mediante un archivo o ubicando los archivos # de configuración adicionales en un directorio # conf-file=/etc/dnsmasq.more.conf conf-dir=/etc/dnsmasq.d # Relativos al Nombre del Dominio domain=desdelinux.fan # Nombre del dominio # El Servidor de Tiempo es 10.10.10.1 address=/time.windows.com/10.10.10.1 # Envía una opción vacía del valor WPAD. Se requiere para que # se comporten bien los clientes Windos 7 y posteriores. ;-) dhcp-option=252,"\n" # Archivo donde declararemos los HOSTS que serán "baneados" addn-hosts=/etc/banner_add_hosts # ------------------------------------------------------------------- # R E G I S T R O S C N A M E M X T X T # ------------------------------------------------------------------- # Este tipo de registro requiere de una entrada # en el archivo /etc/hosts # ej: 10.10.0.7 blog.desdelinux.fan blog # cname=ALIAS,REAL_NAME cname=www.desdelinux.fan,blog.desdelinux.umlandeli # MX RECORDS # Ibuyisela irekhodi le-MX elinegama "desdelinux.fan" imiselwe # ethimbeni lemeyili.desdelinux.umlandeli nokubalulekile kwe-10 mx-host=desdelinux.umlandeli,imeyili.desdelinux.fan,10 # Indawo okuyiwa kuyo ezenzakalelayo yamarekhodi e-MX adalwe # kusetshenziswa inketho ye-localmx kuzoba: mx-target=mail.desdelinux.umlandeli # Ibuyisela irekhodi le-MX elikhomba ku-mx-thagethi YAWO YONKE # imishini yendawomx # TXT amarekhodi. Futhi singamemezela irekhodi le-SPF txt-record=desdelinux.fan,"v=spf1 a -konke" txt-record=desdelinux.umlandeli,"DesdeLinux, su Blog dedicado al Software Libre" # ------------------------------------------------------------------- # ------------------------------------------------------------------- # R A N G O Y S U S O P C I O N E S # ------------------------------------------------------------------- # Rango IPv4 y tiempo de arrendamiento # De la 1 a la 29 son para los Servidores y otras necesidades dhcp-range=10.10.10.30,10.10.10.250,8h dhcp-lease-max = 222 # Inani eliphakeme lamakheli okuqashisa # ngokuzenzakalela kungu-150 # Rango IPV6 # dhcp-range=1234::, ra-only # Opciones para el RANGO # O P C I O N E S dhcp-option=1,255.255.255.0 # NETMASK dhcp-option=3,10.10.10.253 # ROUTER GATEWAY dhcp-option=6,10.10.10.5 # DNS Servers dhcp-option=15,desdelinux.fan # DNS Domain Name dhcp-option=19,1 # option ip-forwarding ON dhcp-option=28,10.10.10.255 # BROADCAST dhcp-option=42,10.10.10.1 # NTP # dhcp-option=40,DCH # NIS Domain Name # dhcp-option=41,10.10.10.5 # NIS Server # SERVIDOR WINS SAMBA4 EXTERNO # # dhcp-option=44,10.10.10.5 # WINS # dhcp-option=45,10.10.10.5 # Datagramas NetBIOS # SERVIDOR WINS SAMBA4 EXTERNO # # dhcp-option=46,8 # Nodo NetBIOS # dhcp-option=73,10.10.10.3 # Finger Server dhcp-authoritative # DHCP Autoritario en la subnet # ------------------------------------------------------------------- # ------------------------------------------------------------------- # L O G G I N G A L /var/log/messages # ------------------------------------------------------------------- log-queries # UKUPHELA kwefayela le /etc/dnsmasq.conf # ----------------------------------------------------- ------------------
Ake sibheke i-syntax bese siqala kabusha insiza
[izimpande @ dns ~] # dnsmasq - isivivinyo dnsmasq: isheke le-syntax KULUNGILE. [root @ dns ~] # systemctl qala kabusha i-dnsmasq [izimpande @ dns ~] # isimo se-systemctl dnsmasq ● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Sat 2017-02-18 12:48:05 EST; 5s ago Main PID: 1288 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1288 / usr / sbin / dnsmasq -k Feb 18 12:48:05 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 12:48:05 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 12:48:05 dns dnsmasq [1288]: iqalile, inguqulo 2.66 i-cachedize 150 Feb 18 12:48:05 dns dnsmasq [1288 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 12:48:05 dns dnsmasq-dhcp [1288]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:48: 05 dns dnsmasq [1288]: reading /etc/resolv.conf Feb 18 12:48:05 dns dnsmasq [1288]: ukuziba i-nameserver 127.0.0.1 - local in ... ce Feb 18 12:48:05 dns dnsmasq [1288] ]: funda / njll / imikhosi - amakheli ayi-11 Feb 18 12:48:05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama kusuka /etc/banner_ad...ry Isiqephu: Ezinye imigqa yayine-ellipsized, sebenzisa-ukukhombisa ngokugcwele.
Qaphela ukuthi kokukhipha kwangaphambilini ifayela le- isimo se-systemctl dnsmasq ibuyisa iphutha:
Feb 18 12:48:05 dns dnsmasq [1288]: yehlulekile ukulayisha amagama kusuka /etc/banner_ad...ry
ekhononda ngokuthi awukwazi ukuthola ifayili / njll / banner_add_hosts.
[izimpande @ dns ~] # ukuthinta / njll / banner_add_hosts [root @ dns ~] # systemctl qala kabusha dnsmasq.service [root @ dns ~] # systemctl qala kabusha dnsmasq.service [root @ dns ~] # systemctl isimo dnsmasq.service ● dnsmasq.service - iseva yokulondolozwa kwesikhashana ye-DNS. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/dnsmasq.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: kuyasebenza (kuyasebenza) kusukela ngo-Sat 2017-02-18 12:54:26 EST; 7s ago Main PID: 1394 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1394 / usr / sbin / dnsmasq -k Feb 18 12:54:26 dns systemd [1]: Iqale iseva yokulondolozwa kwesikhashana ye-DNS .. Feb 18 12:54:26 dns systemd [1]: Iqala iseva yokulondolozwa kwesikhashana ye-DNS .... Feb 18 12:54:26 dns dnsmasq [1394]: iqalile, inguqulo 2.66 i-cachesize 150 Feb 18 12:54:26 dns dnsmasq [1394 ]: izinketho zesikhathi sokuhlanganisa: IPv6 GNU-getopt DB ... th Feb 18 12:54:26 dns dnsmasq-dhcp [1394]: DHCP, IP range 10.10.10.30 - 10.10 .... h Feb 18 12:54: 26 dns dnsmasq [1394]: reading /etc/resolv.conf Feb 18 12:54:26 dns dnsmasq [1394]: ukuziba nameserver 127.0.0.1 - local in ... ce Feb 18 12:54:26 dns dnsmasq [1394 ]: funda / njll / abasingathi - amakheli ayi-11 Feb 18 12:54:26 dns dnsmasq [1394]: funda / njll / banner_add_hosts - 0 amakheli Ukusikisela: Eminye imigqa yanqanyulwa, sebenzisa -l ukukhombisa ngokugcwele.
Futhi sesivele sinezinsizakalo ze-DNS ne-DHCP ezisebenzayo.
Kubalulekile
- Uma siguqula ifayela le /etc/dnsmasq.conf, kufanele siqale kabusha insiza ukuze ushintsho luqale ukusebenza.
- Uma siguqula ifayili le- / etc / hosts Ukususa, ukuguqula noma ukufaka i-IP engaguquki negama layo lomethuleli ohambelana nayo, kufanele siqale kabusha insiza ukuze ushintsho luqale ukusebenza..
- ukulayishwa kabusha kwe-systemctl dnsmasq.service akukwazi ukusetshenziswa nale nsizakalo.
Sivula amachweba adingekayo ku-Firewall
Esihlokweni somngani wami nozakwethu uLuigys Toro -isibankwa- "Uwavula kanjani amachweba ku-Centos 7 Firewall»Inqubo okufanele siyilandele ukuvula amachweba ku-Firewall efakwa yi-CentOS ngokuzenzakalela ichazwa kahle. Angazi namanje ukuthi ngiyisebenzisa kanjani imithetho yokuqukethwe kweSelinux kusevisi ye-dnsmasq kuCentOS. Uma kukhona omaziyo, sicela usikhanyisele.
Amafayela / njll / izivumelwano y / njll / amasevisi Ziwumhlahlandlela omuhle kakhulu wokwazi ukuthi yimaphi amachweba esidinga ukuwavula ukuze izinsizakalo ze-DNS ne-DHCP ezinikezwe yi-Dnsmasq zisebenze kahle.
[izimpande @ dns ~] # firewall-cmd - izindawo ezisebenzayo izixhumi zomphakathi: eth0
Isevisi domain o Iseva Yegama Lesizinda (dns). Isivumelwano iswayipha «IP ngokubethela»
[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 53 / tcp - ehlala njalo impumelelo [izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 53 / udp - ehlala njalo impumelelo
Isevisi ukuqaqa o Iseva ye-BOOTP (dhcp). Isivumelwano ippc «I-Internet Pluribus Packet Core»
[izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 67 / tcp - ehlala njalo impumelelo [izimpande @ dns ~] # i-firewall-cmd -zone = yomphakathi -add-port = 67 / udp - ehlala njalo impumelelo [izimpande @ dns ~] # firewall-cmd - phinda ulayishe impumelelo [root @ dns ~] # firewall-cmd - uhlu-konke umphakathi (osebenzayo): amabhulokhi e-icmp: imithetho ecebile:
Kubalulekile
- Uma sizonikezela ngezinsizakalo zokuqashisa ikheli le-IPv6, kumele futhi sivule amachweba i-dhcpv6-server 547 / tcp kanye ne-dhcpv6-server 547 / udp.
Amasheke
Ake sibheke imibuzo eminingi ye-DNS ukuthi iDnsmasq yethu entsha sha esanda kusebenza isebenza kanjani. Kulokhu sikhetha iqembu elaziwayo sysadmin.desdelinux.umlandeli, futhi kusuka kuleyo khompyutha, exhunywe kwi-LAN, sizokwenza imibuzo eminingana, kepha hhayi ngaphambi kokubheka ukuthi ifayela lihlelwe kahle /etc/resolv.conf:
buzz @ sysadmin: ~ $ cat /etc/resolv.conf # Generated by NetworkManager search desdelinux.fan nameserver 10.10.10.5
Izilungiselelo zefayela /etc/resolv.conf kulungile. Ake siqale ukubonisana
buzz @ sysadmin: ~ $ umphathi we-dns dns.desdelinux.fan has address 10.10.10.5 Host dns.desdelinux.fan not found: 5(REFUSED) dns.desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-1.desdelinux.umlandeli.
Ngokucushwa okuhlongozwayo, singakulahla ukukhishwa komyalo Bamba ngaphandle kwezinketho uma kukhulunywa nge-Dnsmasq, lapho kubuyiselwa imigqa efana nale elandelayo:
Host dns.desdelinux.fan not found: 5(REFUSED)
Uma singafuni lolo hlobo lokukhiphayo, kufanele sisebenzise umyalo Bamba ngezinketho -t A, -t CNAME, -t NS, -t SOA, -t SIG, -t AXFR. Bheka umuntu ophethe ukuthola eminye imininingwane:
buzz@sysadmin:~$ host -t A dns.desdelinux.umlandeli dns.desdelinux.fan has address 10.10.10.5 [izimpande @ dns ~] # umphathi -t Ku-dns dns.desdelinux.fan has address 10.10.10.5 i-buzz @ sysadmin: ~ $ dig dns buzz @ sysadmin: ~ $ umsingathi 10.10.10.5 5.10.10.10.in-addr.arpa domain name pointer dns.desdelinux.umlandeli.
I-Dnsmasq ayihloselwe uhlelo lwe-Master - Slave
buzz@sysadmin:~$ host -t AXFR desdelinux.umlandeli Trying "desdelinux.fan" Host desdelinux.fan not found: 5(REFUSED) ; Transfer failed.
Akuhloselwe futhi ukubuyisa amarekhodi e-NS ne-SOA
buzz@sysadmin:~$ host -t NS desdelinux.umlandeli Host desdelinux.fan not found: 5(REFUSED) buzz@sysadmin:~$ host -t SOA desdelinux.umlandeli Host desdelinux.fan not found: 5(REFUSED) buzz@sysadmin:~$ dig IN SOA desdelinux.umlandeli buzz@sysadmin:~$ dig IN NS desdelinux.umlandeli
Uma isekela amarekhodi e-MX, CNAME, ne-TXT
buzz @ sysadmin: ~ $ host -t Ukuze www www.desdelinux.fan is an alias for blog.desdelinux.fan. blog.desdelinux.fan has address 10.10.10.7 buzz@sysadmin:~$ host -t MX desdelinux.umlandeli desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli. buzz @ sysadmin: ~ $ umphathi -t CNAME www www.desdelinux.fan is an alias for blog.desdelinux.umlandeli. buzz@sysadmin:~$ host -t A blog.desdelinux.umlandeli ibhulogi.desdelinux.fan has address 10.10.10.7 buzz@sysadmin:~$ host -t TXT desdelinux.umlandeli desdelinux.fan descriptive text "DesdeLinux, su Blog dedicado al Software Libre" desdelinux.fan descriptive text "v=spf1 a -all"
I-PTR iqopha imibuzo
buzz @ sysadmin: ~ $ umphathi -t PTR 10.10.10.7 7.10.10.10.in-addr.arpa domain name pointer blog.desdelinux.umlandeli. buzz @ sysadmin: ~ $ umsingathi 10.10.10.7 7.10.10.10.in-addr.arpa domain name pointer blog.desdelinux.umlandeli.
Amaklayenti e-Microsoft® Windows
Kuphilile kakhulu ukusebenzisa ikhonsoli yeseva dns.desdelinux.umlandeli umyalo iphephabhuku -f NGAPHAMBI kokuvula umshini osebenzisa isistimu yokusebenza ye-Microsoft® Windows, ukubona inani elikhulu lemibuzo ye-DNS eliyenzayo kumasayithi ahlukene. Kuyajabulisa ngempela. 😉
Uma sifuna ukuvimba imibuzo ephathelene namanye ala masayithi ekuhambeleni kumaseva eRoots Izimpande Zeseva noma ngase Abadlulisi ukuthi simemezele kufayela /etc/resolv.conf, singalisebenzisa kahle ifayela / etc / banner_add_host, ukuyigcwalisa ngamasayithi amaningi esidinga ukuwamemezela. Isibonelo:
[izimpande @ dns ~] # nano / njll / banner_add_hosts 127.0.0.1 windowsupdate.com 127.0.0.1 ctldl.windowsupdate.com 127.0.0.1 ocsp.verisign.com 127.0.0.1 csc3-2010-crl.verisign.com 127.0.0.1 www.msftncsi.com 127.0.0.1 ipv6.msftncsi.com 127.0.0.1 teredo.ipv6.microsoft.com 127.0.0.1 ds.download.windowsupdate.com 127.0.0.1 download.microsoft.com 127.0.0.1 fe2.update.microsoft.com 127.0.0.1 crl.microsoft.com 127.0.0.1 www .download.windowsupdate.com 127.0.0.1 win8.ipv6.microsoft.com 127.0.0.1 spynet.microsoft.com 127.0.0.1 spynet1.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynet3.microsoft.com 127.0.0.1. 4 spynet127.0.0.1.microsoft.com 5 spynet127.0.0.1.microsoft.com 15 office127.0.0.1client.microsoft.com 127.0.0.1 addons.mozilla.org XNUMX crl.verisign.com [izimpande @ dns ~] # dnsmasq - isivivinyo dnsmasq: isheke le-syntax KULUNGILE. [root @ dns ~] # systemctl qala kabusha dnsmasq.service [root @ dns ~] # systemctl isimo dnsmasq.service [root @ dns ~] # host -t Ku-spynet4.microsoft.com ispynet4.microsoft.com inekheli 127.0.0.1 [root @ dns ~] # host -t Ku-www.download.windowsupdate.com www.download.windowsupdate.com inekheli 127.0.0.1
- Ifomethi yefayela le- / etc / banner_add_hosts iyefana nefayela le- / etc / hosts. Khumbula ukuthi uhlu lwezizinda "zokuvimbela" lungaba lude ngangokunokwenzeka, ngokusho kwesigaba IMIKHAWULO yalesi sihloko.
Ukuhlola kusuka kuklayenti Isikhombisa.desdelinux.umlandeli enikeze ikheli le-IP:
buzz @ sysadmin: ~ $ host -t A eziyisikhombisa Isikhombisa.desdelinux.fan has address 10.10.10.115
senza umyalo kuklayenti leWindows uqobo cmd:
I-Microsoft Windows [Inguqulo 6.1.7601] I-copyright (c) 2009 Microsoft Corporation. Wonke Amalungelo Agodliwe. C: \ Abasebenzisi \ buzz> nslookup Default Server: dns.desdelinux.fan Address: 10.10.10.5 > dns Server: dns.desdelinux.fan Address: 10.10.10.5 Name: dns.desdelinux.fan Address: 10.10.10.5 > ftpserver Server: dns.desdelinux.fan Address: 10.10.10.5 Name: ftpserver.desdelinux.fan Address: 10.10.10.8 > www Server: dns.desdelinux.fan Address: 10.10.10.5 Name: blog.desdelinux.fan Address: 10.10.10.7 Aliases: www.desdelinux.fan > mail Server: dns.desdelinux.fan Address: 10.10.10.5 Name: mail.desdelinux.fan Address: 10.10.10.9 > sysadmin Server: dns.desdelinux.fan Address: 10.10.10.5 Name: sysadmin.desdelinux.fan Address: 10.10.10.1 > www.download.windowsupdate.com Server: dns.desdelinux.fan Address: 10.10.10.5 Name: www.download.windowsupdate.com Address: 127.0.0.1 > quit C:\Users\buzz>
Isifingqo
Kuze kube manje sibonile izici ezimbalwa eziyinhloko ze-Dnsmasq. ngicabanga Funda futhi ufunde amafayela ashiwo esigabeni sokuqala sale ndatshana, uma ufuna ukwazi kabanzi ngalolu hlelo oluhle kakhulu nolumangazayo. Ngokusetshenziswa kwayo singakwazi ukwenza lula izimpilo zethu.
Cishe ngo-2014 ngifunde i-athikili «Kanjani: Samba4 AD PDC + Windows XP, Vista no-7«. Umsunguli wale ndatshana umemezela ngaphandle kokuchwayiza: «Ngiyakuzonda ukubopha, ngakho-ke yi-dnsmasq ukutakula»(Sic) okusho okuncane noma okuncane okushoyo«Ngiyakuzonda ukubopha, ngakho-ke uDnsmasq uyangisiza«. Kwerekhodi, leyo nkulumo ayishongo kimi.
Ekudluliseni ngiphawula ukuthi, kuleyo ndatshana uMlobi akacacisi umsuka wamanye amarekhodi e-DNS futhi ngamagama ajwayelekile akuyona inkomba enhle yokusebenzisa i-Active Directory® esekwe kuSamba 4. Uma uthanda ngokweqile iDnsmasq.
Angikuzondi ukubopha nhlobo. Izindatshana zami ezine -4- ezidlule zikufakazela lokhu:
- I-DNS ne-DHCP kuvuliweSUSE 13.2 "Harlequin"
- I-DNS ne-DHCP ku-CentOS 7
- I-DNS ne-DHCP ku-Debian 8 "Jessie"
- Bopha futhi Active Directory®
Njengoba ngike ngabhala ezikhathini ezedlule, cishe angikaze Ngisikisela, kodwa ngicabanga. Endabeni kaDnsmasq yebo Ngisikisela ukusetshenziswa kwayo kuma-SME Networks.
Ukulethwa okulandelayo
Isitolimende esilandelayo -ngicabanga ukuthi ngiyacabanga- Ngizoyinikela ekuhlanganisweni kweDnsmasq ne-Microsoft® Active Directory®. Kuzoba yindawo enhle yokungena ye-athikili -muy- ngokuhamba kwesikhathi lokho kuzobhekana nokuthi ungayenza kanjani i-AD-DC ngeSamba 4 neDnsmasq.
Sanibonani ekuseni !!! Ngiyaqinisekisa konke okushoyo futhi ngokweqiniso ukuthi ukusebenza kwale nethiwekhi kuze kube manje akunikezi sizathu sokukhononda. Angiseyona i-sysadmin yaleyo nethiwekhi, ngoba uyazi izinkinga ebenginazo ... kepha ngenkathi ngiphethe leyo nethiwekhi futhi kuze kube manje lapho ngixhumana nalowo ophambi kwayo, asikho isizathu sokukhononda. Okuhlangenwe nakho kwami okuhle nge-ClearOS ne-DNSmasq.
Mngani Joan, Ngiyabonga ngosizo lwakho ekuqinisekiseni engikubhalile mayelana nenkampani ene-ClearOS.
Engikuthanda kakhulu nge-dnsmasq ukuthi kungasebenziseka kanjani, kufayela elilodwa ulungiselela i-DNS ne-DHCP. Mayelana nokusebenza anginazikhalazo, esikhathini esithile esedlule ngacisha iseva ka-2003R2 eyayisebenza njenge-DC, amaklayenti amaningana e-Linux avela komasipala abakude "babelokhu belengisiwe" futhi njengoba ngangingenayo indlela yokushintsha izintandokazi zabo ze-DNS, engikwenzile ngakukhulisa uJessie onaleyo IP ne-dnsmasq balondoloze i-DNS entsha, konke kulungile.
I-athikili enhle kakhulu uFico, maqondana nami.
Ucabangani ngomkhawulo olandelanayo wokunikeza amakhompyutha afinyelela ku-1000? Nginethuba lokuqinisekisa imininingwane nomngani ozinikele ekunikezeni izinsizakalo zewebhusayithi ethi "Captive» nge-WiFi, futhi muva nje unikeze insizakalo-nge-BIND + Isc-dhcp- kuma-mobiles angaphezu kwe-1000 eKarl Marx Theatre. Ungiqashe ukuthi ngimenze iseva enokusetshenziswa okuphansi kakhulu kwezinsizakusebenza, zalowo msebenzi.
Kufanele kucace ukuthi lawa abizwa ngokuthi "imingcele" alinganiswa eminyakeni embalwa eyedlule futhi nge-hardware engaphansi kwezinga lamanje, zombili i-dnsmasq namakhasimende aguquke kakhulu, ngiyaqiniseka ukuthi izobamba umthwalo walaba abasebenzisi. Hlala ubhala futhi uvimbele imibuzo eyinkulungwane neyodwa i-Android eyenza izame ukufonela ekhaya, hehe. Jabulela
Ngizosithatha ngokungathi sína iseluleko sakho, dhunter. ngiyabona futhi
Njengoba sekuyinsakavukela kulolu chungechunge lwama-SME, lokhu okuthunyelwe ku- "DNSMASQ" kungenye indatshana enhle umlobi asinika yona ama-sysadmins ukuze sizithuthukise ngobuchwepheshe nangethiyori.
Endabeni yami siqu ngangazi ngokungacacile nge-dnsmasq ngoba ngangibeke phambili i-DNS (Bind) ne-DHCP njengezinsizakalo ezimbili ezizimele. Kimi kukhulu! Into ye-dnsmasq yokuvumela ukumisa zombili kusevisi eyodwa (ngefayela /etc/dnsmasq.conf).
Kuhle! ekwazi ukuxhasa okungenani amaklayenti ayi-1,000 XNUMX nge-DNS ne-DHCP ngaphandle kokuthinta ukusebenza kwayo.
Okunye okuhle kakhulu yi-TIP yokuthi ungayibalekela kanjani imibuzo ephathelene nama-Root Servers noma i-Forwarders esebenzisa i- / etc / banner_add_host file where we insert the "N" sites that we need to declare as if were "localhosts".
Ekugcineni futhi njengoba bekulokhu kujwayelekile kumbhali ngesigaba sakhe esithi "Okulandelayo isitolimende", manje uhlela ukuletha elinye igugu "ukuhlanganiswa kweDnsmasq ne-Microsoft® Active Directory®".
Yebo, sesivele sikulangazelele.
Bengimatasa futhi angikwazi ukulandela izindatshana zakho. Ngiphuthelwe amanye. Umbhalo wakho omusha ngamunye uyisimanga esimnandi esiqukethe izimfundiso ezintsha. Qhubeka, mngani Fico
IDnsmasq, ngibona ukusebenza kwayo nsuku zonke, kungcono kakhulu. Bengihlala ngikutshela futhi ngiphikelela ekuhlanganisweni kwe-bind9 kanye ne-isc-dhcp-server (isixazululo engisithanda kakhulu, ngoba ukuzama kaningi ngafunda futhi ngabona futhi ngathola lokho okuncane engikwaziyo nge-dns ne-dhcp, i-VIIII, bengikwazi bona ukuthi yini iMicrosoft engakuvumeli uyigcine, lokho abangafuni ukuba ukufunde futhi ikugcine egumbini elimnyama futhi elikhiyiwe, empeleni kuyizinsizakalo okwakhulunywa ngazo sengathi ziyizilo futhi zingabantu abalungile, ongabhekana nazo iqiniso), futhi ngiyabonga Kulokhu uphoqeleke ukuthi uzithuthukise nakakhulu, empeleni sesivele siyibona yonke imiphumela yalo mzamo futhi siyabonga ngekhwalithi yokuthunyelwe kwakho.
Lokhu ikakhulukazi kuphezulu, angithathi isikweletu kwabanye, NGOKUQINISEKILE HHAYI, HHAYI NOMA UCABANGA NGAYO; kodwa kungenxa yakho ngihlangane nomngani wami dnsmasq futhi inethiwekhi ye-Residence yami ihlala ngaphezu kokujabula ukuhlangana nozakwethu omusha owenziwe nguSimon Kelley. Ngiyabonga nakuye.
IWO: Ngeke ulinde isikhathi eside ngokuthunyelwe okulandelayo. Angikayiqedi okwamanje ngoba ngimatasa kakhulu nomsebenzi wami wansuku zonke. Isikhathi ... Kepha ngokuqinisekile uzoba naso ngeviki elizayo.
I-Crespo88: Angikwazi ukungeza enye into ekuphawuleni kwakho okuphelele. Futhi sengivele nginesikhathi esincane ngoba ngo-7 ntambama ngiphelelwa ukuzulazula 😉
Ngiyabonga!.
Sawubona, FICO. I-athikili enhle kakhulu.
Ngingathanda ukwazi ukuthi ungayisebenzisa kanjani i-dnsmasq kwi-baremetal (HP Proliant gen 8) ebamba imishini ebonakalayo ye-KVM.
Ngabe ukucushwa kwe-dnsmasq kufanele kwenziwe kumsingathi noma kwelinye lama-VM asebenza njengeseva ye-dnsmasq?
Ngisenkingeni.
Ukubingelela