Ṣiṣeto Didi Bi Oluṣakoso DNS Aladani lori RHEL 8
Eto Orukọ Aṣẹ (DNS) jẹ ọna ti a lo lati tumọ awọn orukọ ìkápá ti eniyan le ka (tabi Awọn orukọ Aṣẹ Pipe Ni kikun (FQDN)) si awọn adirẹsi IP ti o le ka, lati wa kọnputa kan ninu nẹtiwọọki bii Intanẹẹti.
Ninu kọnputa ati awọn ọna nẹtiwọọki, eyi jẹ pataki nitori, botilẹjẹpe awọn FQDNs rọrun fun eniyan lati ranti ati lo, awọn kọnputa (awọn alabara) wọle si awọn orisun tabi awọn iṣẹ lori awọn kọnputa miiran (olupin) ti o da lori awọn adirẹsi IP.
Ni eleyi, olupin DNS kan (ti a tun mọ gẹgẹbi olupin orukọ) ṣetọju itọsọna ti awọn FQDN ati ṣe itumọ wọn si awọn adirẹsi IP; o tun le da adirẹsi IP kan pada nigbati a ba pese orukọ olupin/FQDN kan. Awọn oriṣi oriṣiriṣi awọn olupin DNS pẹlu olupin orukọ aṣẹ, olupin orukọ caching ati ọpọlọpọ awọn omiiran.
Ninu àpilẹkọ yii, a yoo rin ọ nipasẹ awọn igbesẹ lati fi sori ẹrọ ati tunto ikọkọ/ti abẹnu, olupin DNS aṣẹ lori RHEL 8 nipa lilo BIND orisun orisun software.
- RHEL 8 pẹlu Fifi sori ẹrọ Pọọku
- RHEL 8 pẹlu Ṣiṣe alabapin RedHat Ti muu ṣiṣẹ
- RHEL 8 pẹlu Adirẹsi IP Aimi
Domain: tecmint.lan DNS Server IP and hostname: 192.168.56.100, dns-primary.tecmint.lan DNS Client IP and hostname: 192.168.56.104, tecmint.tecmint.lan
Igbesẹ 1: Fifi DNS Bind sori RHEL 8
1. Lati fi sori ẹrọ asopọ ati awọn ohun elo rẹ lori olupin rẹ, ṣiṣe aṣẹ cdnf atẹle.
# dnf install bind bind-utils
2. Itele, bẹrẹ iṣẹ DNS fun bayi, lẹhinna muu ṣiṣẹ lati bẹrẹ-adaṣe ni bata eto ati ṣayẹwo ti o ba wa ni oke ati ṣiṣe ni lilo awọn aṣẹ systemctl.
# systemctl start named # systemctl enable named # systemctl status named
Igbesẹ 2: Tito leto DIN DNS lori RHEL 8
3. Lati tunto olupin Bind DNS, akọkọ o nilo lati mu afẹyinti ti faili iṣeto atilẹba /etc/named.conf ni lilo pipaṣẹ cp atẹle.
# cp /etc/named.conf /etc/named.conf.orig
4. Bayi ṣii faili iṣeto /etc/named.conf fun ṣiṣatunkọ nipa lilo oluṣatunkọ laini aṣẹ aṣẹ ayanfẹ rẹ bi atẹle.
# vi /etc/named.conf
Labẹ apakan awọn aṣayan , ṣe asọye awọn ila wọnyi.
options {
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
5. Nigbamii, wa fun paramita allow-query ki o ṣeto iye rẹ si nẹtiwọọki rẹ, eyiti o tumọ si pe awọn ogun nikan lori nẹtiwọọki agbegbe rẹ le beere olupin DNS naa.
allow-query {localhost; 192.168.56.0/24}
Igbesẹ 3: Ṣiṣẹda Awọn agbegbe Dari ati Yiyipada DNS
Agbegbe Iwaju ni ibi ti orukọ orukọ olupin (tabi FQDN) si awọn ibatan adirẹsi IP wa ni fipamọ; o pada adirẹsi IP kan nipa lilo orukọ olupin. Akiyesi pe awọn ibeere DNS deede jẹ awọn ibeere wiwa siwaju. Ni apa keji, Agbegbe Yiyipada pada FQDN ti ile-iṣẹ kan da lori adirẹsi IP rẹ.
6. Lati ṣalaye awọn agbegbe iwaju ati yiyipada, ṣafikun awọn ila wọnyi ni ipari faili /etc/named.conf.
//forward zone
zone "tecmint.lan" IN {
type master;
file "tecmint.lan.db";
allow-update { none; };
allow-query {any; }
};
//backward zone
zone "56.168.192.in-addr.arpa" IN {
type master;
file "tecmint.lan.rev";
allow-update { none; };
allow-query { any; }
};
Jẹ ki a ṣalaye ni ṣoki awọn aṣayan ninu awọn atunto agbegbe agbegbe ti o wa loke:
- iru: Ṣalaye ipa ti olupin yii fun agbegbe naa. Iye “oluwa” tumọ si pe o jẹ olupin aṣẹ kan nibiti a daakọ ẹda titunto si ti data agbegbe.
- faili: ṣalaye faili ibi ipamọ data ti agbegbe naa.
- imudojuiwọn-ṣalaye: ṣalaye awọn ogun ti o fun laaye lati fi awọn imudojuiwọn DNS Dynamic fun awọn agbegbe oluwa han. Ko si ọkan ninu ọran yii.
Igbesẹ 4: Ṣiṣẹda Faili Agbegbe Iwaju DNS
7. Ni akọkọ, ṣẹda faili agbegbe Iwaju kan labẹ itọsọna/var/ti a npè ni.
# vi /var/named/tecmint.lan.db
Ṣafikun iṣeto ni atẹle ninu rẹ.
$TTL 86400
@ IN SOA dns-primary.tecmint.lan. admin.tecmint.lan. (
2019061800 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS dns-primary.tecmint.lan.
;IP for Name Server
dns-primary IN A 192.168.56.100
;A Record for IP address to Hostname
www IN A 192.168.56.5
mail IN A 192.168.56.10
docs IN A 192.168.56.20
Jẹ ki a ṣalaye ni ṣoki asọye agbegbe agbegbe ti o wa loke ati awọn ipilẹ.
- TTL: ṣafihan akoko-si-laaye ti ilana RR ati $TTL fun TTL aiyipada fun gbogbo RR laisi ipilẹ TTL kan pato.
- @: O jẹ inagijẹ fun orukọ ìkápá naa (fun apẹẹrẹ tecmint.lan) ti a ṣalaye ninu faili iṣeto akọkọ.
- IN: tumọ si Intanẹẹti.
- SOA: ṣe afihan Ibẹrẹ ti Aṣẹ: tani olupin orukọ aṣẹ jẹ (dns-primary.tecmint.lan), alaye olubasọrọ ti oludari (admin.tecmint.lan, ami @ ti rọpo nipasẹ akoko kan) ati ibatan miiran alaye.
- NS: tumọ si olupin orukọ.
- Tẹlentẹle: iye yii ni o lo nipasẹ olupin DNS lati rii daju pe awọn akoonu ti faili agbegbe kan pato wa ni imudojuiwọn.
- Sọ: ṣalaye bawo ni igbagbogbo olupin DNS ẹrú yẹ ki o ṣe gbigbe agbegbe lati ọdọ oluwa.
- Tun gbiyanju: o ṣalaye bawo ni igbagbogbo ẹrú yẹ ki o tun gbiyanju gbigbe gbigbe agbegbe ti o kuna.
- pari: pinnu bi o ṣe yẹ ki olupin ẹrú duro de ṣaaju didahun ibeere alabara nigbati oluwa ko ba le de ọdọ rẹ. Ti o kere ju: ṣeto TTL to kere julọ fun agbegbe naa.
- A: Adirẹsi alejo kan.
Igbesẹ 5: Ṣiṣẹda Faili Agbegbe Agbegbe DNS
8. afijq, ṣẹda faili ibi agbegbe yiyipada labẹ itọsọna/var/orukọ.
# vi /var/named/tecmint.lan.rev
Lẹhinna ṣafikun awọn ila wọnyi ninu rẹ. Nibi, PTR jẹ idakeji A igbasilẹ ti a lo lati ṣe apamọ adirẹsi IP si orukọ olupin.
$TTL 86400
@ IN SOA dns-primary.tecmint.lan. admin.tecmint.lan. (
2019061800 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS dns-primary.tecmint.lan.
;Reverse lookup for Name Server
100 IN PTR dns-primary.tecmint.lan.
;PTR Record IP address to HostName
5 IN PTR www.tecmint.lan.
10 IN PTR mail.tecmint.lan.
20 IN PTR docs.tecmint.lan.
9. Ṣeto awọn igbanilaaye nini ẹtọ lori awọn faili agbegbe bi atẹle.
# chown :named /var/named/tecmint.lan.db # chown :named /var/named/tecmint.lan.rev
10. Lakotan, ṣayẹwo iṣeto DNS ati awọn faili agbegbe naa ni ilana ti o tọ lẹhin ṣiṣe awọn ayipada ti o wa loke, ni lilo ohun elo ti a npè ni-checkconf (ko si itupalẹ aṣiṣe kankan):
# named-checkconf # named-checkzone tecmint.lan /var/named/tecmint.lan.db # named-checkzone 192.168.56.100 /var/named/tecmint.lan.rev
11. Lọgan ti o ba ti ṣe gbogbo iṣeto ti o yẹ, o nilo lati tun bẹrẹ iṣẹ DNS fun awọn ayipada to ṣẹṣẹ lati ni ipa.
# systemctl restart named
12. Itele, ṣaaju ki eyikeyi awọn alabara le wọle si awọn atunto iṣẹ DNS lori olupin, o nilo lati ṣafikun iṣẹ DNS ninu atunto ogiriina eto ati tun gbe awọn eto ogiriina pada ni lilo iwulo ogiri-cmd, bi atẹle:
# firewall-cmd --permanent --zone=public --add-service=dns # firewall-cmd --reload
Igbesẹ 6: Idanwo Iṣẹ DNS Lati Onibara
13. Ni apakan yii, a yoo fihan bi a ṣe le ṣe idanwo iṣẹ DNS lati ẹgbẹ alabara kan. Wọle sinu ẹrọ alabara, tunto rẹ lati lo olupin DNS ti o wa loke. Lori eto Linux kan, ṣii faili /etc/resolve.conf nipa lilo olootu ọrọ ayanfẹ rẹ.
# vi /etc/resolve.conf
Ṣafikun titẹsi atẹle ninu rẹ, eyiti o sọ fun ipinnu lati lo olupilẹṣẹ orukọ pàtó.
nameserver 192.168.56.100
Fipamọ faili naa ki o pa. Akiyesi pe o tun ni lati ṣalaye olupin DNS ninu faili iṣeto ni wiwo nẹtiwọọki.
14. Ṣafikun awọn olupin DNS IP 192.168.56.100 bi oluyanju si faili iṣeto ni wiwo nẹtiwọọki ẹrọ onibara/abbl/sysconfig/awọn iwe afọwọkọ nẹtiwọọki/ifcfg-enp0s3 bi o ṣe han ninu eeya atẹle.
TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=enp0s3 UUID=aba298ca-fa65-48cd-add9-6c3f1f28cee2 DEVICE=enp0s3 ONBOOT=no DNS=192.168.56.100
15. Lẹhinna lo iwulo nslookup lati bibeere IP ni lilo orukọ olupin ati iyatọ, ti www, meeli ati awọn olupin docs ninu nẹtiwọọki rẹ bi a ti han.
# nslookup 192.168.56.5 # nslookup www.tecmint.lan # nslookup 192.168.56.10 # nslookup mail.tecmint.lan # nslookup 192.168.56.20 # nslookup docs.tecmint.lan # nslookup 192.168.56.100 # nslookup dns-primary.tecmint.lan
Ninu nkan yii, a ti fihan bi a ṣe le fi sori ẹrọ ati tunto ikọkọ, olupin DNS aṣẹ lori RHEL 8 nipa lilo software BIND. A nireti pe ohun gbogbo ṣiṣẹ daradara fun ọ, bibẹkọ, firanṣẹ awọn ibeere rẹ tabi eyikeyi awọn asọye miiran nipasẹ fọọmu esi ni isalẹ.