Fi sori ẹrọ ati Tunto Caching-Nikan DNS Server ni RHEL/CentOS 7 - Apakan 10

Awọn olupin DNS wa ni awọn oriṣi ọpọlọpọ bii oluwa, ẹrú, firanšẹ siwaju ati kaṣe, lati lorukọ awọn apẹẹrẹ diẹ, pẹlu kaṣe-nikan DNS ni ọkan ti o rọrun lati ṣeto. Niwọn igba ti DNS nlo ilana UDP, o ṣe ilọsiwaju akoko ibeere nitori ko nilo ijẹwọ kan.

A tun mọ olupin DNS kaṣe nikan bi ipinnu, eyi ti yoo beere awọn igbasilẹ DNS ati mu gbogbo awọn alaye DNS lati ọdọ awọn olupin miiran, ati tọju ibeere ibeere kọọkan ni kaṣe rẹ fun lilo nigbamii ki nigba ti a ba ṣe ibeere kanna ni ọjọ iwaju, yoo ṣiṣẹ lati ibi ipamọ rẹ, nitorinaa dinku akoko idahun paapaa diẹ sii.

Ti o ba n wa lati ṣeto DNS Caching-Nikan Server ni CentOS/RHEL 6, tẹle itọsọna yii nibi:

DNS server		:	dns.tecmintlocal.com (Red Hat Enterprise Linux 7.1)
Server IP Address	:	192.168.0.18
Client			:	node1.tecmintlocal.com (CentOS 7.1)
Client IP Address	:	192.168.0.29

Igbesẹ 1: Fifi olupin Cache-Nikan DNS ni RHEL/CentOS 7

1. Olupin DNS Kaṣe-Nikan, le fi sori ẹrọ nipasẹ package asopọ. Ti o ko ba ranti orukọ package, o le ṣe wiwa iyara fun orukọ akopọ nipa lilo aṣẹ ni isalẹ.

# yum search bind

2. Ninu abajade ti o wa loke, iwọ yoo wo awọn idii pupọ. Lati ọdọ wọnyẹn, a nilo lati yan ati fi sori ẹrọ nikan awọn isopọ ati awọn idii-awọn ohun elo lilo lilo titẹle yum atẹle.

# yum install bind bind-utils -y

Igbesẹ 2: Tunto Kaṣe-Nikan DNS ni RHEL/CentOS 7

3. Lọgan ti a ba fi awọn idii DNS sori ẹrọ a le lọ siwaju ati tunto DNS. Ṣii ati ṣatunkọ /etc/named.conf ni lilo oluṣatunkọ ọrọ ti o fẹ. Ṣe awọn ayipada daba ni isalẹ (tabi o le lo awọn eto rẹ gẹgẹbi fun awọn ibeere rẹ).

listen-on port 53 { 127.0.0.1; any; };
allow-query     { localhost; any; };
allow-query-cache       { localhost; any; };

Awọn itọsọna wọnyi kọ aṣẹ olupin DNS lati tẹtisi lori ibudo UDP 53, ati lati gba awọn ibeere ati awọn idahun caches laaye lati localhost ati ẹrọ miiran ti o de ọdọ olupin naa.

4. O ṣe pataki lati ṣe akiyesi pe ohun-ini ti faili yii gbọdọ wa ni ṣeto si root: ti a npè ni ati pe ti o ba ti muu SELinux ṣiṣẹ, lẹhin ṣiṣatunkọ faili iṣeto ni a nilo lati rii daju pe a ṣeto ipo rẹ si named_conf_t bi a ṣe han ni Fig 4 (ohun kanna fun faili oluranlọwọ /etc/named.rfc1912.zones ):

# ls -lZ /etc/named.conf
# ls -lZ /etc/named.rfc1912.zones

Bibẹẹkọ, tunto ọrọ SELinux ṣaaju tẹsiwaju:

# semanage fcontext -a -t named_conf_t /etc/named.conf
# semanage fcontext -a -t named_conf_t /etc/named.rfc1912.zones

5. Ni afikun, a nilo lati ṣe idanwo iṣeto DNS ni bayi fun diẹ ninu aṣiṣe sintasi ṣaaju ki o to bẹrẹ iṣẹ abuda:

# named-checkconf /etc/named.conf

6. Lẹhin awọn abajade ijẹrisi sintasi dabi pe o pe, tun bẹrẹ iṣẹ ti a daruko lati mu awọn ayipada tuntun si ipa ati tun ṣe iṣẹ naa lati bẹrẹ aifọwọyi kọja awọn bata bata eto, ati lẹhinna ṣayẹwo ipo rẹ:

# systemctl restart named
# systemctl enable named
# systemctl status named

7. Itele, ṣii ibudo 53 lori ogiriina.

# firewall-cmd --add-port=53/udp
# firewall-cmd --add-port=53/udp --permanent

Igbesẹ 3: Chroot Cache-Server DNS nikan ni RHEL ati CentOS 7

8. Ti o ba fẹ lati ran olupin Cache-nikan DNS olupin laarin agbegbe chroot, o nilo lati ni chroot package ti a fi sori ẹrọ eto naa ko si nilo atunto siwaju bi o ṣe jẹ nipasẹ ọna asopọ lile aiyipada si chroot.

# yum install bind-chroot -y

Lọgan ti a ti fi package chroot sori ẹrọ, o le tun bẹrẹ lorukọ lati mu awọn ayipada tuntun si ipa:

# systemctl restart named

9. Nigbamii, ṣẹda ọna asopọ aami (tun ti a npè ni /etc/named.conf ) inu /var/ti a npè ni/chroot/ati be be lo/:

# ln -s /etc/named.conf /var/named/chroot/etc/named.conf

Igbesẹ 4: Tunto DNS lori Ẹrọ Onibara

10. Ṣafikun awọn olupin Kaṣe DNS IP 192.168.0.18 bi ipinnu si ẹrọ alabara. Ṣatunkọ /etc/sysconfig/awọn iwe afọwọkọ nẹtiwọọki/ifcfg-enp0s3 bi o ṣe han ninu eeya atẹle:

DNS=192.168.0.18

Ati /etc/resolv.conf bi atẹle:

nameserver 192.168.0.18

11. Lakotan o to akoko lati ṣayẹwo olupin kaṣe wa. Lati ṣe eyi, o le lo pipaṣẹ nslookup.

Yan eyikeyi oju opo wẹẹbu ki o beere lọwọ rẹ lẹẹmeji (a yoo lo facebook.com bi apẹẹrẹ). Akiyesi pe pẹlu iwo igba keji ibeere naa ti pari yiyara pupọ nitori o ti n ṣiṣẹ lati ibi kaṣe.

# dig facebook.com

O tun le lo nslookup lati rii daju pe olupin DNS n ṣiṣẹ bi o ti ṣe yẹ.

# nslookup facebook.com

Akopọ

Ninu nkan yii a ti ṣalaye bi a ṣe le ṣeto olupin Kaṣe-DNS nikan ni Red Hat Enterprise Linux 7 ati CentOS 7, ati idanwo ni ẹrọ alabara kan. Ni ominira lati jẹ ki a mọ ti o ba ni ibeere eyikeyi tabi awọn didaba nipa lilo fọọmu ni isalẹ.