I-Master Master DNS ye-LAN ku-Debian 6.0 (III)

Kungumzamo omkhulu ukunciphisa kuma-athikili amancane ama-5 Ulwazi Langaphambilini, ukufakwa, Ukucushwa, kanye nokudalwa Kwezindawo kanye Namasheke WOKUBOPHA, ukuze iqondakale ngenani elikhulu labafundi okuyinjongo yethu eyisisekelo.

Labo ababekezele ukuyifunda ngokucophelela 1 y 2da ingxenye yalesi sihloko, bakulungele ukuqhubeka nokucushwa nokusetha i-Domain Name Server ye-LAN.

Okwamuva, nalabo abangacacisiseki kahle ngemiqondo efingqiwe enikezwe ezingxenyeni ezedlule, sincoma ukuthi uzifunde futhi uzitadishe ngaphambi kokuqhubeka. Abasolwa Abajwayelekile Bokuphelelwa Yithemba! emuva uma ungafundanga kahle.

Sizobona ngezansi:

• Imininingwane eyinhloko ye-LAN
• Ukulungiswa kokubamba okuncane
• Ukulungiswa kufayela le / /etc/resolv.conf
• Ukulungiswa kufayela le /etc/bind/named.conf
• Ukulungiswa kufayela le /etc/bind/named.conf.option
• Ukulungiswa kufayela le /etc/bind/named.conf.local

 Imininingwane eyinhloko ye-LAN

Igama Lesizinda se-LAN: amigos.cu LAN Subnet: 192.168.10.0/255.255.255.0 BIND Server IP: 192.168.10.10 Server NetBIOS Name: ns

Noma kusobala, khumbula ukushintsha idatha yangaphambilini ibe ngeyakho.

Ukulungiswa kokubamba okuncane

Kubaluleke kakhulu ukuthi amafayela amiswe kahle / njll / inethiwekhi / ukuxhumana y/ njll / amabamba ukuthola ukusebenza okuhle kwe-DNS. Uma yonke idatha imenyezelwe ngesikhathi sokufakwa, akukho ukuguqulwa okuzodingeka. Okuqukethwe yilowo nalowo kubo kumele kube okulandelayo:

# okuqukethwe kwefayela le- / etc / network / interfaces # Leli fayela lichaza izixhumi zenethiwekhi ezitholakala kusistimu yakho # nokuthi ungazisebenzisa kanjani. Ngemininingwane engaphezulu, bheka izixhumi (5). # I-loopback network interface auto lo iface lo inet loopback # I-interface eyinhloko yenethiwekhi ivumela-hotplug eth0 iface eth0 inet static ikheli 192.168.10.10 netmask 255.255.255.0 network 192.168.10.0 ukusakaza 192.168.10.255 isango 192.168.10.2 # dns- * izinketho kusetshenziswe iphakethe le-resolutionvconf, uma kufakwe i-dns-nameservers 192.168.10.10 dns-search amigos.cu # okuqukethwe kwe- / etc / hosts 127.0.0.1 localhost 192.168.10.10 ns.amigos.cu ns # Le migqa elandelayo iyadingeka kuma-host ane-IPv6 anekhono :: 1 ip6-localhost ip6-loopback fe00 :: 0 ip6-localnet ff00 :: 0 ip6-mcastprefix ff02 :: 1 ip6-allnodes ff02 :: 2 ip6-allrouters

Ukulungiswa kufayela le / /etc/resolv.conf

Ukuze imibuzo yethu namasheke asebenze kahle, kuyadingeka ukumemezela ekucushweni kwasendaweni komgcini, okuzoba yisizinda sethu sokusesha futhi okuzoba yi-DNS yangakini. Ngaphandle kwamapharamitha angenhla okungenani, noma imuphi umbuzo we-DNS uzohluleka. Futhi leli yiphutha elenziwa abaqalayo abaningi. Ngakho-ke asihlele ifayela /etc/resolv.conf futhi sikushiya nokuqukethwe okulandelayo:

# okuqukethwe kwe- /etc/resolv.conf search friends.cu nameserver 192.168.10.10

Kukhompyutha lapho sine-DNS server efakiwe singabhala:

sesha abangani.cu nameserver 127.0.0.1

Kokuqukethwe okungenhla, isitatimende nameserver 127.0.0.1, kukhombisa ukuthi imibuzo izokwenziwa localhost.

Ngemuva kokuthi i-BIND yethu ilungiselelwe kahle singenza noma yimuphi umbuzo we-DNS kusuka kumsingathi wethu, kungaba iseva uqobo bopha9 noma enye exhunywe kunethiwekhi futhi engeye-subnet efanayo futhi inemaski efanayo yenethiwekhi. Ukuze ufunde kabanzi ngefayela, sebenzisa umuntu resolutionv.conf.

Ukulungiswa kufayela le /etc/bind/named.conf

Ukukhawulela imibuzo ku-BIND yethu ukuze iphendule kuphela ku-subnet yethu futhi ivikele ukuhlaselwa Ukusakaza, simemezela kufayela igama.conf i-Access Control List noma i-ACL (Access Control List) futhi siyibiza kanjalo nqunu. Ifayelaigama.conf kufanele kube ngokulandelayo:

// /etc/bind/named.conf // Leli yifayela lokucushwa eliyinhloko le-BIND DNS server okuthiwa. // // Sicela ufunde / usr/share/doc/bind9/README.Debian.gz ukuze uthole ulwazi ngesakhiwo se- // samafayela wokumisa we-BIND ku-Debian, * NGAPHAMBI * wenze ngokwezifiso // leli fayela lokumisa. // // Uma umane nje ungeze izindawo, sicela ukwenze lokho ku- /etc/bind/named.conf.local // // Amazwana ngeSpanishi angawethu // Sishiya okwangempela ngesiNgisi // QAPHELA ukukopisha nokwenza namathisela // UNGASHIYI IZIKHUNDLA EZINAMAPHA EKUPHELENI KOMugqa NGAMUNYE // // Uhlu Lokulawula Ukufinyelela: // Kuzovumela imibuzo evela esizindeni sendawo naku-subnet yethu // Kuleli fayela elifakwe igama elithi.conf.opions esizolibhekisa kulo . i-acl ebunjiwe {127.0.0.0/8; 192.168.10.0/24; }; faka "/etc/bind/named.conf.options"; faka "/etc/bind/named.conf.local"; faka i - "/etc/bind/named.conf.default-zones"; // ukuphela kwefayela /etc/bind/named.conf

Ake sihlole ukumiswa kwe-BIND kuze kube manje bese siqala kabusha insiza:

i-named-checkconf -z service bind9 qala kabusha

Ukulungiswa kufayela le- /etc/bind/named.conf.options

Esigabeni sokuqala “izinketho"Sizomemezela kuphela i- Abadlulisi, futhi obani abazokwazi ukubheka ISIBOPHO sethu. Ngemuva kwalokho simemezela ukhiye noma ukhiye lapho singalawula khona bopha9, futhi ekugcineni singayilawula kumuphi umphathi. Ukwazi ukuthi yimuphi ukhiye noma ukhiye, kufanele sikwenze ikati /etc/bind/rndc.key. Sikopisha okukhiphayo bese sikunamathisela kufayela igama.conf.options. Ekugcineni, ifayili lethu kufanele libukeke kanjena:

// /etc/bind/named.conf.options options {// QAPHELA UKUKOPISHA NOKUNAMATHA, SICELA ... // Isiqondisi esizenzakalelayo ukuthola umkhombandlela wethu wamafayela weZones "/ var / cache / bind"; // Uma kukhona i-firewall phakathi kwakho nama-nameservers ofuna // ukukhuluma nawo, kungadingeka ukuthi ulungise i-firewall ukuze uvumele amachweba amaningi we-// ukuthi akhulume. Bona i-http: //www.kb.cert.org/vuls/id/800113 // Uma i-ISP yakho inikeze ikheli elilodwa noma amaningi e-IP kuma-nameservers ezinzile //, mhlawumbe ufuna ukuwasebenzisa njengabadlulisi. // Khipha ibhulokhi elandelayo, bese ufaka amakheli afaka esikhundleni se-placeholder se-all-0. // abadlulisela phambili {// 0.0.0.0; // 0.0.0.0; //} // Abadlulisela Phambili. Anginakho ukuhumusha okungcono // Amakheli asuka kumaseva e-ceniai.net.cu // Uma engenayo indlela yokuphuma eya kwi-Intanethi, AKUDINGEKI // ukumemezela, ngaphandle kokuthi une-LAN eyinkimbinkimbi ngokwengeziwe ngamaseva e-DNS asebenza njengabathumeli ngaphandle // kwebanga lekheli lakho le-IP le-subnet. Kuleso simo // kufanele umemezele ama-IP alawo maseva. Imibuzo yabadlulisi i-Cascade. abadlulisela phambili {169.158.128.136; 169.158.128.88; }; // Ku-LAN emiswe kahle, YONKE imibuzo ye-DNS // kufanele yenziwe kwiseva ye-DNS yendawo kuleyo LAN, // HHAYI kumaseva angaphandle kwe-LAN. // Ikakhulukazi uma unokufinyelela kwe-Intanethi, // kungaba kuzwelonke noma emhlabeni jikelele. Ngaleyo // simemezela abadlulisi auth-nxdomain cha; # vumelana ne-RFC1035 lalela-ku-v6 {noma yikuphi; }; // Vikela ekunqandeni imibuzo evumela ukusetshenziswa komoya {mired; }; }; // Okuqukethwe yifayela / etc / bind / rndc-key // etholwe ngekati / etc / bind / rndc-key // Khumbula ukuyiguqula uma sakha kabusha ukhiye "rndc-key" {algorithm hmac-md5; imfihlo "dlOFESXTp2wYLa86vQNU6w =="; }; // Kukuphi umsingathi esizolawula nokuthi iziphi izilawuli zokhiye {inet 127.0.0.1 ezivumela i- {localhost; } okhiye {rndc-key; }; }; // ifayela lokugcina /etc/bind/named.conf.options

Ake sihlole ukumiswa kwe-BIND kuze kube manje bese siqala kabusha insiza:

i-named-checkconf -z service bind9 qala kabusha

Sinqume ukufaka njenge // Amazwana izici eziyisisekelo ezingasebenza njengesethenjwa sokubonisana okuzayo.

Iqiniso lokumemezela abadlulisi, liguqula i-BIND Local server yethu ibe yi-Caché server, igcine ukusebenza kwayo kwe-Primary Master. Lapho sicela ukusingathwa noma isizinda sangaphandle, impendulo -uma ilungile- izogcinwa kunqolobane yayo, ukuze kuthi lapho siphinda siyibuza umphathi oyedwa noma isizinda esifanayo sangaphandle, sithola impendulo esheshayo ngokungabonisi buyela kuma-DNSs angaphandle.

Ukulungiswa kufayela le /etc/bind/named.conf.local

Kuleli fayela simemezela izingxenye zesizinda sethu. Kumele sifake iZindawo zokudlulisela phambili nezokubuyela emuva okungenani. Khumbula lokho kufayela lokumisa/etc/bind/named.conf.options Simemezela ukuthi sikuphi umkhombandlela esizosingatha amafayela weZones sisebenzisa inkombandlela yomqondisi. Ekugcineni, ifayili kufanele libe ngale ndlela elandelayo:

// /etc/bind/named.conf.local // // Yenza noma yikuphi ukucushwa kwendawo lapha // // Cabanga ukungeza izindawo ze-1918 lapha, uma zingasetshenziswanga enhlanganweni yakho // zifaka "/ etc / bind /zones.rfc1918 "; // Amagama amafayili endaweni ngayinye kufanele // ukunambitheka kwabathengi. Sikhethe amigos.cu.hosts // no-192.168.10.rev ngoba zisicacisela ngokuqukethwe kwabo kwe- //. Akusekho imfihlakalo // // Amagama Ezindawo AWAZONA IZINHLANGANO // futhi azohambisana negama lesizinda sethu // kanye ne-LAN subnet // Main Master Zone: thayipha "Direct" zone "amigos.cu" { thayipha umphathi; ifayela "amigos.cu.hosts"; }; // Master Main Zone: thayipha indawo "Inverse" "10.168.192.in-addr.arpa" {type master; ifayela "192.168.10.rev"; }; // Ukuphela kwefayela le-named.conf

Ukuhlola ukumiswa kwe-BIND kuze kube manje:

okuthiwa-checkconf -z

Umyalo odlule uzobuyisa iphutha kuze kube yilapho amafayela wezoni engekho. Into esemqoka ukuthi iyasixwayisa ukuthi iZones ezimenyezelwe ku-name.conf.local ngeke zilayishwe, ngoba amafayela e-DNS aqopha nje awekho, okuyiqiniso okwamanje. Singaqhubeka.

Ake siqale kabusha insiza ukuze izinguquko zibhekwe:

insiza bind9 iqala kabusha

Njengoba singafuni ukwenza iposi ngalinye libe lide kakhulu, sizobhekana nenkinga yokwakha amafayela weZones Local engxenyeni elandelayo ye-4. Kuze kube yileso sikhathi bangani!