Labo abalandela i- 1, 2da, 3 y 4 ingxenye yale ndatshana kanye nokubonisana okwenziwe ku-BIND yabo kubuyise imiphumela egculisayo, sezivele zingongoti ngale ndaba. :-) Futhi ngaphandle kokuqhubeka kwesinye isikhathi ake singene engxenyeni yokugcina:
- Ukwenziwa kwefayela le-Master Main Zone yohlobo "Inverse" 10.168.192.in-addr.arpa
- Ukuxazulula izinkinga
- Isifingqo
Ukwenziwa kwefayela le-Master Main Zone yohlobo "Inverse" 10.168.192.in-addr.arpa
Igama lendawo liletha kuwe, akunjalo? Futhi ukuthi amaReverse Zones kuphoqelekile ukuthi kube nokuxazululwa kwamagama okulungile ngokuya ngamazinga we-Intanethi. Akukho okunye esingakwenza ngaphandle kokudala leyo ehambelana nesizinda sethu. Kulokhu sisebenzisa njengesifanekiso ifayela /etc/bind/db.127:
cp /etc/bind/db.127 /var/cache/bind/192.168.10.rev
Sihlela ifayela /var/cache/bind/192.168.10.rev futhi sikushiya kanjena:
; /var/cache/bind/192.168.10.rev; ; Bopha ifayela ledatha elihlehlisiwe le-master zone 10.168.192.in-addr.arpa; Bopha Amafayela Wedatha we-Master Zone (Reverse) 10.168.192.in-addr.arpa; $ TTL 604800 @ IN SOA ns.amigos.cu. impande.amigos.cu. (2; serial 604800; Vuselela i-86400; Phinda uzame i-2419200; Kuphela i-604800); I-TTL Yemibhalo Engalungile; @ IN NS ns. 10 KWE-PTR ns.amigos.cu. 1 KWE-PTR gandalf.amigos.cu. 9 KWE-PTR mail.amigos.cu. 20 KU-PTR web.amigos.cu. 100 KU-PTR fedex.amigos.cu. ; singabhala futhi nekheli eliphelele le-IP. Isb :; 192.168.10.1 KU-PTR gandalf.amigos.cu.
- Bheka ukuthi kuleli cala sishiye kanjani isikhathi ngemizuzwana njengoba senziwa ngokuzenzakalela lapho ifayela le- bopha9. Kusebenza okufanayo. Yizikhathi ezifanayo nalezo ezikhonjiswe kufayela abangane.cu.host. Lapho ungabaza, hlola.
- Futhi qaphela ukuthi simemezela kuphela amarekhodi ahlehlisiwe wabasingathi abane-IP eyabelwe noma "yangempela" ku-LAN yethu, futhi lokho kuyikhomba ngokukhethekile.
- Khumbula ukuvuselela ifayela leReverse Zone ngawo WONKE amakheli we-IP afanele amenyezelwe ku-Direct Zone.
- Khumbula ukwandisa i- Inombolo Yomkhiqizo Yesizinda ngaso sonke isikhathi lapho beguqula ifayela nangaphambi kokuqalisa kabusha ISIBOPHO.
Ake sihlole indawo esanda kwenziwa:
okuthiwa-checkzone 10.168.192.in-addr.arpa /var/cache/bind/192.168.10.rev
Sihlola ukumiswa:
okuthiwa-checkconf -z ogama lakhe lingu-checkconf -p
Uma konke kuhambe kahle, siqala kabusha insiza:
insiza bind9 iqala kabusha
Kusukela manje kuqhubeke, njalo lapho siguqula amafayela ezoni, kufanele sisebenzise nje:
rndc ulayishe kabusha
Ngalokho simemezela ukhiye ku- /etc/bind/named.conf.options, cha?
Ukuxazulula izinkinga
Okubaluleke kakhulu okuqukethwe okulungile kwefayela /etc/resolv.conf njengoba sibonile esahlukweni esedlule. Khumbula ukukhombisa kuyo okungenani okulandelayo:
sesha abangani.cu nameserver 192.168.10.20
Umyalo ukumba kwephakeji dnsutil. Kwikhonsoli, thayipha imiyalo eyandulelwe ngu- #:
# bamba -x 127.0.0.1 ..... ;; IMPENDULO ISIGABA: 1.0.0.127.in-addr.arpa. 604800 KU-PTR indawo yangakini. .... # bamba -x 192.168.10.9 .... ;; IMPENDULO ISIGABA: 9.10.168.192.in-addr.arpa. 604800 KU-PTR imeyili.amigos.cu. .... # host gandalf gandalf.amigos.cu inekheli 192.168.10.1 # host gandalf.amigos.cu gandalf.amigos.cu inekheli 192.168.10.1 # dig gandalf; << >> I-DiG 9.7.2-P3 << >> i-gandalf ;; izinketho zomhlaba wonke: + cmd ;; uxhumano kuphelelwe yisikhathi; awekho amaseva angafinyelelwa # dig gandalf.amigos.cu .... ;; ISIGABA SEMPENDULO: gandalf.amigos.cu. 604800 IN A 192.168.10.1 .... Uma bekwazi ukufinyelela kwiCuba noma kwi-Global Internet, futhi Abadlulisela phambili kumenyezelwe ukuthi bazamile: # dig debian.org .... ;; ISIQEPHU SOMBUZO :; debian.org. KWI ;; ISIGABA SEMPENDULO: debian.org. I-3600 KU-86.59.118.148 debian.org. I-3600 IN A 128.31.0.51 .... # host bohemia.cu bohemia.cu inekheli 190.6.81.130 # host yahoo.es yahoo.es inekheli 77.238.178.122 yahoo.es inekheli 87.248.120.148 yahoo.es mail isingathwa ngu-10 mx-eu.mail.am0.yahoodns.net. # bamba -x 77.238.178.122 ;; IMPENDULO ISIGABA: 122.178.238.77.in-addr.arpa. 429 KU-PTR w2.rc.vip.ird.yahoo.com.
… Futhi ngokujwayelekile nezinye izizinda ezingaphandle kwe-LAN yethu. Bheka futhi uthole ngezinto ezithokozisayo kwi-Intanethi.
Enye yezindlela ezinhle kakhulu zokuhlola ukusebenza kweseva bopha9, futhi ngokuvamile kunoma iyiphi enye insizakalo efakiwe, ifunda umphumela wefayili ye- Imilayezo Yokungena Kwesistimu usebenzisa umyalo umsila -f / var / log / syslog sebenzisa njengomsebenzisiizimpande.
Kuyathakazelisa kakhulu ukubona ukukhishwa kwalowo myalo lapho sibuza i-BIND yethu yasendaweni umbuzo mayelana nesizinda sangaphandle noma umphathi. Kuleso simo, izimo ezimbalwa zingavezwa:
- Uma singenakho ukufinyelela kwi-Inthanethi, umbuzo wethu uzohluleka.
- Uma sikwazi ukungena ku-inthanethi futhi ASIKHO isimemezelo Sabadlulisela Phambili, cishe ngeke sithole mpendulo.
- Uma sikwazi ukungena kwi-Intanethi futhi simemezele abadlulisi, sizothola impendulo ngoba yibona abazophatha ukuxhumana neseva ye-DNS noma amaseva adingekayo.
Uma sisebenza ku I-LAN ivaliwe lapho kungenakwenzeka nganoma iyiphi indlela ukuya phesheya futhi asinabo Abadlulisela noma yiluphi uhlobo, singayiqeda imiyalezo yokucinga ye Izimpande Zeseva "Ikhipha" ifayela /etc/bind/db.root. Ukuze senze lokhu, siqala ngokugcina ifayili ngelinye igama bese sisusa konke okuqukethwe kukho. Ngemuva kwalokho sihlola ukumiswa bese siqala kabusha insiza:
cp /etc/bind/db.root /etc/bind/db.root.original cp / dev / null /etc/bind/db.root named-checkconf -z named-checkconf -p service bind9 restart
Isifingqo
Kuze kube manje, bantu, isingeniso esincane sesevisi ye-DNS. Esikwenzile kuze kube manje kungasisiza ngokuphelele ngebhizinisi lethu elincane. Futhi ngendlu uma sakha imishini ebonakalayo enamasistimu ahlukile wokusebenza namakheli e-IP ahlukile, futhi asifuni ukubhekisa kuyo nge-IP kepha ngegama. Ngihlala ngifaka ISIBOPHO kumphathi wami wasekhaya ukufaka, ukumisa, nokuhlola izinsizakalo ezithembele kakhulu kusevisi ye-DNS. Ngisebenzisa kakhulu amaDesktops namaSeva abonakalayo, futhi angithandi ukugcina ifayela / njll / amabamba emshinini ngamunye. Nginephutha kakhulu.
Uma ungakaze ufake futhi ulungiselele ISIBOPHO, sicela ungadikibali uma kukhona okungahambi kahle ekuzameni kokuqala futhi kufanele uqale phansi futhi. Sihlala sincoma kulezi zimo ukuthi uqale ngokufaka okuhlanzekile. Kuyafaneleka ukuzama!
Kulabo abadinga ukutholakala okuphezulu kunsizakalo yokuxazulula amagama, engatholwa ngokumisa iServer Master Secondary, sincoma ukuthi uqhubeke nathi ekuzideleni okulandelayo: I-Secondary Master DNS ye-LAN.
Sihalalisela labo abalandele zonke izindatshana bathole imiphumela elindelekile!
Ekugcineni! .. okuthunyelwe kokugcina: D!
Siyabonga ngokwabelana nomngane wami!
Ukubingelela!
Kuyathakazelisa kakhulu, izindatshana zenu, ngine-DNS enegunya efakwe kwi-freeBSD yesizinda se- .edu.mx, kuze kube manje isebenze kahle kimi, kepha ngenyanga edlule ngithole ukuhlaselwa okuningana, kubhekiswe kuseva, kungaba yini izindlela zokuzivikela ku-DNS eveziwe?, futhi angazi ukuthi kungenzeka yini, ngabe inkosi ivezwe i-inthanethi futhi eyesibili ekhonza i-lan elincane elicishe libe ngamakhompyutha angama-60, zombili i-DNS ixhunyiwe, noma ikwazi ukuchaza izingxenye ezimbili, eyodwa yangaphakathi neyodwa yangaphandle, ngiyabonga enkosini
Iphakethe le-squeeze bind9 linenkinga yokusebenza ne-samba, inguqulo engu-9.8.4 isivele itholakala egatsheni le-backports lokukhama, inguqulo ye-wheeze ayinayo le nkinga, ye-lenny venenux.net izokweseka iphakethe.
I-athikili enhle kakhulu.
Lesi yisihloko kuphela esenza konke kuchazwe kahle ..
Kumele kuqashelwe ukuthi i-acl yokufafaza ayisebenzi ngoba ngendlela efanayo izofakwa kusuka kunethiwekhi yangaphakathi, isixazululo kungaba ukuphika ukuqondiswa kabusha kwamakhasimende, nokwenza i-acl eyinkimbinkimbi evimbela ukwabiwa kabusha kwamagama (okuthile kufana ne-static dns)
ICEBISO ELIKHETHEKILE:
Kungakuhle ukuthi kube nokuhlelwa okwengeziwe kokuthi ungakwenza kanjani okuqukethwe kokuhlunga i-dns esikhundleni se-firewall
Siyabonga ngokuphawula @PICCORO !!!.
Ngimemezela ekuqaleni kwazo zonke izindatshana zami ukuthi angizibheki njengongoti. Kancane kakhulu enkingeni ye-DNS. Lapha sonke siyafunda. Ngizobheka izincomo zakho lapho ufaka i-DNS ebheke i-Intanethi hhayi i-LAN ejwayelekile nelula.
ISIFUNDO ESIBALULEKILE !!! Kube wusizo olukhulu kimi selokhu ngiqale kulokhu kuphenduka kweseva, konke kusebenze kahle. Ngiyabonga futhi qhubeka ushicilela okokufundisa okuhle kangaka !!!
Fico, ngiyaphinda futhi ngiyakuhalalisela ngale nto enhle kangaka.
Angiyena uchwepheshe ku-BIND9, ngixolele uma nginephutha mayelana namazwana, kepha ngicabanga ukuthi awuchazanga indawo yokusesha okuphindayo kufayela le-named.
Kuyihlazo ukuthi uFico akakwazi ukukuphendula njengamanje.
Ukubingelela nokubonga, u-Elav, futhi nakhu ngiyaphendula. Njengenjwayelo, ngincoma ukuthi ufunde kancane ... 🙂
Okuthunyelwe: https://blog.desdelinux.net/dns-maestro-primario-para-una-lan-en-debian-6-0-iii/
Ngibhala okulandelayo:
Ukulungiswa kufayela le /etc/bind/named.conf.local
Kuleli fayela simemezela izingxenye zesizinda sethu. Kumele sifake iZindawo zokudlulisela phambili nezokubuyela emuva okungenani. Khumbula ukuthi kufayela lokumisa /etc/bind/named.conf.options simemezela ukuthi isiphi isiqondisi esizosingatha amafayela weZones sisebenzisa inkombandlela yomqondisi. Ekugcineni, ifayili kufanele libe ngale ndlela elandelayo:
// /etc/bind/named.conf.local
//
// Yenza noma yikuphi ukucushwa kwendawo lapha
//
// Cabanga ukungeza izindawo ze-1918 lapha, uma zingasetshenziswanga ku-
// inhlangano
// kufaka phakathi "/etc/bind/zones.rfc1918";
// Amagama wamafayela endaweni ngayinye angama-
// ukunambitheka kwabathengi. Sikhethe abangani.cu.hosts
// kanye 192.168.10.rev ngoba zisinika ukucaciseleka kwazo
// okuqukethwe. Akusekho imfihlakalo 😉
//
// Amagama Ezindawo AWAZONA IZINSUKU
// futhi zizohambisana negama lesizinda sethu
// naku-LAN subnet
// Master Main Zone: «Direct» uhlobo
indawo «amigos.cu» {
uhlobo lokubhala;
ifayela "amigos.cu.hosts";
};
// Master Main Zone: «Inverse» uhlobo
indawo "10.168.192.in-addr.arpa" {
uhlobo lokubhala;
ifayela "192.168.10.rev";
};
// Ukuphela kwefayela le-named.conf
Kuhle, kuyathandeka kakhulu okuthunyelwe kwakho mayelana ne-dns, bangisizile ukuthi ngiqale ngale ndaba, ngiyabonga. Ngiyacacisa ukuthi ngingu-newbie kulokhu. Kepha ngifunda imininingwane yakho eshicilelwe ngibonile ukuthi isebenza ngamakheli angahleliwe kubaphathi benethiwekhi yangaphakathi. Umbuzo wami uthi, bekungenziwa kanjani ngenethiwekhi yangaphakathi enamakheli we-ip ashukumisayo, anikezwe yiseva ye-dhcp, ukudala amafayela we-master zone enkulu yohlobo "eqondile" ne- "inverse"?
Ngizokuthokozela ukukhanya ongakunikeza odabeni oluphakanyisiwe. Ngiyabonga. Fv
Siyabonga ngokuphawula, @fabian. Ungahlola izindatshana ezilandelayo, engithemba ukuthi zizokusiza usebenzise inethiwekhi enamakheli ashukumisayo:
https://blog.desdelinux.net/servicio-de-directorio-con-ldap-2-ntp-y-dnsmasq/
https://blog.desdelinux.net/servicio-de-directorio-con-ldap-3-isc-dhcp-server-y-bind9/
Phendula ngokucaphuna