Eto Oluṣakoso-Ẹrú DNS Server Lilo Lilo "Awọn asopọ" Awọn irinṣẹ ni RHEL/CentOS 6.5
Server Name Name (DNS) ti a lo fun ipinnu orukọ si eyikeyi awọn ogun. Titunto si Awọn olupin DNS (Alakọbẹrẹ Alakọbẹrẹ) jẹ awọn olutọju data agbegbe agbegbe atilẹba ati olupin DNS Slave (Secondary Server) jẹ awọn olupin afẹyinti ti o lo lati daakọ alaye agbegbe kanna lati awọn olupin oluwa. Oluṣakoso Titunto yoo yanju awọn orukọ fun gbogbo awọn ọmọ ogun ti a ṣalaye ninu ibi ipamọ data agbegbe ati lo ilana UDP, nitori awọn ilana UDP ko lo ilana ijẹwọ naa nigba ti tcp nlo ijẹwọ. Awọn olupin DNS tun lo awọn ilana UDP lati yanju ibeere ibeere ni ibẹrẹ.
Oye DNS le jẹ iruju kekere fun awọn tuntun. Eyi ni alaye ṣoki lori bi iṣẹ DNS ṣe jẹ.
Jẹ ki a sọ, ti a ba nilo lati wọle si eyikeyi oju opo wẹẹbu kini a yoo ṣe? Kan tẹ www.google.com ninu ẹrọ lilọ kiri ayelujara ki o tẹ tẹ. Unh iyẹn ni gbogbo ohun ti a mọ, ṣugbọn otitọ ni, bawo ni irora DNS ṣe n kọja nipasẹ rẹ, lakoko ti o n beere fun wa. Lakoko ti a tẹ www.google.com eto naa yoo wa fun www.google.com. Nigbakugba ti a ba tẹ diẹ ninu orukọ ìkápá kan, nibẹ ni a. (dot) ni ipari www.google.com ti o sọ lati wa olupin olupin ti aaye orukọ.
Ni agbaye agbaye awọn olupin gbongbo 13 wa lati yanju ibeere naa. Ni akọkọ, lakoko ti a lu tẹ bi www.google.com aṣawakiri wa yoo kọja ibeere kan si ipinnu agbegbe wa, eyiti o ni titẹsi nipa oluwa wa ati alaye olupin DNS ẹrú. Ti wọn ko ba ni alaye nipa iru ibeere ti wọn beere wọn yoo kọja ibeere naa si aaye Ipele Ipele (TLD), ti TLD ba sọ pe Emi ko mọ ibeere naa, le jẹ olupin aṣẹ ti o mọ ibeere rẹ, yoo lọ siwaju si aṣẹ awọn olupin, nibi nikan www.google.com ti ṣalaye bi adirẹsi 72.36.15.56.
Ni akoko tumọ si olupin aṣẹ aṣẹ yoo fun idahun si TLD ati TLD yoo kọja si olupin gbongbo ati gbongbo yoo pese alaye si aṣawakiri, nitorinaa aṣawakiri yoo kaṣe ibeere DNS fun lilo ọjọ iwaju. Nitorinaa ilana gigun wọnyi yoo kan yanju pẹlu ni awọn milliseconds. Ti wọn ko ba mọ ibeere wọn yoo dahun bi NXDOMAIN. Iyẹn tumọ si, ko si igbasilẹ eyikeyi-ni a rii ni ibi ipamọ data agbegbe. Ireti eyi jẹ ki o ni oye bi DNS ṣe n ṣiṣẹ.
Ka Tun : Ṣiṣeto Oluṣakoso Kaṣe DNS ni Ubuntu
Fun nkan yii, Mo nlo awọn ẹrọ 3, 2 fun iṣeto olupin (oluwa ati ẹrú) ati 1 fun alabara.
--------------------------------------------------- Master DNS Server --------------------------------------------------- IP Address : 192.168.0.200 Host-name : masterdns.tecmintlocal.com OS : Centos 6.5 Final
--------------------------------------------------- Slave DNS Server --------------------------------------------------- IP Address : 192.168.0.201 Host-name : slavedns.tecmintlocal.com OS : Centos 6.5 Final
--------------------------------------------------- Client Machine to use DNS --------------------------------------------------- IP Address : 192.168.0.210 Host-name : node1.tecmintlocal.com OS : Centos 6.5 Final
bind, bind-utils, bind-chroot
config file : /etc/named.conf script file : /etc/init.d/named
53, UDP
Setup Master Server Server
Ni akọkọ, jẹrisi adirẹsi IP, Orukọ ogun ati ẹya Pinpin Titunto si olupin DNS, ṣaaju gbigbe siwaju fun iṣeto.
$ sudo ifconfig | grep inet $ hostname $ cat /etc/redhat-release
Ni ẹẹkan, o jẹrisi pe awọn eto ti o wa loke tọ, akoko rẹ lati lọ siwaju lati fi awọn idii ti o nilo sii.
$ sudo yum install bind* -y
Lẹhin fifi awọn idii ti a beere sii, ni bayi ṣalaye awọn faili agbegbe ni iṣeto oluwa ‘faili.conf 'faili.
$ sudo vim /etc/named.conf
Ti a fun ni isalẹ ni titẹsi faili faili orukọ mi.conf, yi faili iṣeto ni bi iwulo rẹ.
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.200; }; # Here we need to add our Master DNS Server IP.
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; }; # subnet range where my hosts are allowed to query our DNS.
allow-transfer { localhost; 192.168.0.201; }; # Here we need to our Slave DNS server IP.
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
## Define our forward & reverse Zone file here for tecmintlocal.com.
zone"tecmintlocal.com" IN {
type master;
file "tecmintlocal.fwd.zone";
allow-update { none; };
};
zone"0.168.192.in-addr.arpa" IN {
type master;
file "tecmintlocal.rev.zone";
allow-update { none; };
};
#####
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Atẹle ni alaye ti iṣeto kọọkan ti a lo ninu faili loke.
- tẹtisi-loju ibudo 53 - Eyi ni a lo fun DNS lati tẹtisi ni awọn atọkun to wa.
- Titunto si DNS - Ṣalaye, Adirẹsi IP Titunto si rẹ lati gbọ ibeere naa.
- Ẹrú DNS - Ṣalaye DNS Ẹrú rẹ, eyiti a lo lati muṣiṣẹpọ alaye agbegbe wa lati yanju awọn ọmọ-ogun lati ọdọ Olukọni.
- ipadasẹhin ko si - Ti o ba ṣeto si bẹẹni, awọn ibeere atunkọ yoo jẹ ki olupin naa di ikọlu DDOS.
- Orukọ Agbegbe - Ṣalaye orukọ Agbegbe rẹ nibi ti a ṣalaye bi tecminlocal.com.
- tẹ oluwa - Bi a ṣe tunto eto yii fun olupin titunto si, fun olupin ẹrú ti n bọ eleyi yoo jẹ ẹrú.
- tecmintlocal.fwd.zone - Faili yii ni alaye alejo fun agbegbe yii.
- gba laaye-imudojuiwọn ko si - Ti ko ba si ọkan yoo ṣeto. kii yoo lo DNS Dynamic (DDNS).
Ni igba akọkọ jẹ ki a ṣalaye titẹsi agbegbe ita-iwoye siwaju. Nibi a nilo lati ṣẹda awọn faili agbegbe ni orukọ ohun ti a ti ṣalaye ninu faili named.conf bi isalẹ.
tecmintlocal.fwd.zone tecmintlocal.rev.zone
A lo awọn faili iṣeto apẹẹrẹ fun ṣiṣẹda awọn faili agbegbe agbegbe siwaju, fun eyi a ti daakọ awọn faili iṣeto apẹẹrẹ.
$ sudo cp /var/named/named.localhost /var/named/tecmintlocal.fwd.zone $ sudo cp /var/named/named.loopback /var/named/tecmintlocal.rev.zone
Ni ẹẹkan, o ti daakọ awọn faili iṣeto, ni bayi ṣatunkọ awọn faili agbegbe ita yii nipa lilo olootu vim.
$ sudo vim /var/named/tecmintlocal.fwd.zone
Ṣaaju ki o to ṣalaye alaye alejo wa ni faili agbegbe agbegbe siwaju, akọkọ ni yiyara wo ni faili agbegbe apẹẹrẹ.
Eyi ni iṣeto agbegbe agbegbe mi siwaju, ṣe apẹrẹ titẹsi isalẹ ki o ṣe awọn ayipada bi o ṣe nilo rẹ.
$TTL 86400
@ IN SOA masterdns.tecmintlocal.com. root.tecmintlocal.com. (
2014090401 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
; Name server's
@ IN NS masterdns.tecmintlocal.com.
@ IN NS slavedns.tecmintlocal.com.
; Name server hostname to IP resolve.
@ IN A 192.168.0.200
@ IN A 192.168.0.201
; Hosts in this Domain
@ IN A 192.168.0.210
@ IN A 192.168.0.220
masterdns IN A 192.168.0.200
slavedns IN A 192.168.0.201
node1 IN A 192.168.0.210
rhel1 IN A 192.168.0.220
Fipamọ ki o fi faili silẹ ni lilo wq !. Lẹhin ṣiṣatunkọ wiwa-siwaju, o dabi ni isalẹ, Lo TAB lati gba ọna kika ti o bojumu ni faili agbegbe.
Bayi, ṣẹda faili wiwa yiyipada, a ti ṣe ẹda ti faili lupu-pada ni orukọ tecmintlocal.rev.zone. Nitorinaa, a lo faili yii lati tunto wiwa-pada wa.
$ sudo vim /var/named/tecmintlocal.rev.zone
Ṣaaju ki o to ṣalaye alaye alejo wa ni faili agbegbe iyipo, ni wiwo yiyara ti faili wiwa jade ti ayẹwo bi o ti han ni isalẹ.
Eyi ni iṣeto agbegbe agbegbe yiyipada mi, ṣafikun titẹsi isalẹ ki o ṣe awọn ayipada bi iwulo rẹ.
$TTL 86400
@ IN SOA masterdns.tecmintlocal.com. root.tecmintlocal.com. (
2014090402 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
; Name server's
@ IN NS masterdns.tecmintlocal.com.
@ IN NS slavedns.tecmintlocal.com.
@ IN PTR tecmintlocal.com.
; Name server hostname to IP resolve.
masterdns IN A 192.168.0.200
slavedns IN A 192.168.0.201
;Hosts in Domain
node1 IN A 192.168.0.210
rhel IN A 192.168.0.220
200 IN PTR masterdns.tecmintlocal.com.
201 IN PTR slavedns.tecmintlocal.com.
210 IN PTR node1.tecmintlocal.com.
220 IN PTR rhel1.tecmintlocal.com.
Fipamọ ki o fi faili silẹ ni lilo wq !. Lẹhin ṣiṣatunkọ wiwa-pada, o dabi ni isalẹ, Lo TAB lati gba ọna kika ti o bojumu ni faili agbegbe.
Ṣayẹwo nini nini ẹgbẹ ti wiwa-siwaju & yiyipada awọn faili wiwa-pada, ṣaaju ṣayẹwo fun awọn aṣiṣe eyikeyi ninu iṣeto.
$ sudo ls -l /var/named/
Nibi a le rii awọn faili mejeeji wa ninu nini awọn olumulo gbongbo, nitori awọn faili eyiti a ṣe daakọ lati awọn faili apẹẹrẹ wa labẹ/var/ti a npè ni /. Yi ẹgbẹ pada si orukọ lori awọn faili mejeeji ni lilo awọn ofin atẹle.
$ sudo chgrp named /var/named/tecmintlocal.fwd.zone $ sudo chgrp named /var/named/tecmintlocal.rev.zone
Lẹhin ti o ṣeto nini ti o tọ lori awọn faili, ṣayẹwo wọn lẹẹkansii.
$ sudo ls -l /var/named/
Bayi, ṣayẹwo fun awọn aṣiṣe ni awọn faili agbegbe, ṣaaju ki o to bẹrẹ iṣẹ DNS. Ni akọkọ ṣayẹwo faili ti a npè ni.conf, lẹhinna ṣayẹwo awọn faili agbegbe miiran.
$ sudo named-checkconf /etc/named.conf $ sudo named-checkzone masterdns.tecminlocal.com /var/named/tecmintlocal.fwd.zone $ sudo named-checkzone masterdns.tecminlocal.com /var/named/tecmintlocal.rev.zone
Nipa aiyipada awọn iptables n ṣiṣẹ ati pe olupin DNS wa ni ihamọ si localhost, ti alabara ba fẹ yanju orukọ lati ọdọ DNS Server wa, lẹhinna a ni lati gba ibeere inbound laaye, fun pe a nilo lati ṣafikun ofin inbound iptables fun ibudo 53.
$ sudo iptables -I INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
Bayi, rii daju pe a ti fi awọn ofin kun bi o ti tọ ni pq INPUT.
$ sudo iptables -L INPUT
Nigbamii, fi awọn ofin pamọ ki o tun bẹrẹ ogiriina.
$ sudo service iptables save $ sudo service iptables restart
Bẹrẹ iṣẹ ti a darukọ ati jẹ ki o tẹsiwaju.
$ sudo service named start $ sudo chkconfig named on $ sudo chkconfig --list named
Lakotan, idanwo awọn faili agbegbe Titunto DNS ti a tunto (siwaju ati yiyipada), ni lilo awọn irinṣẹ iwo & nslookup.
$ dig masterdns.tecmintlocal.com [Forward Zone]
$ dig -x 192.168.0.200
$ nslookup tecmintlocal.com $ nslookup masterdns.tecmintlocal.com $ nslookup slavedns.tecmintlocal.com
Itura! a ti tunto Ọga DNS kan, bayi a nilo lati ṣeto Server Server Slave kan. Jẹ ki a lọ siwaju si oso olupin ẹrú, Eyi kii yoo gba akoko pupọ bi iṣeto oluwa.
Setup Ẹrú DNS Server
Ninu ẹrọ Ẹru, tun a nilo lati fi awọn idii asopọ asopọ kanna sori ẹrọ bi o ti han ni Titunto, nitorinaa jẹ ki a fi wọn sii nipa lilo pipaṣẹ atẹle.
$ sudo yum install bind* -y
Ṣii ati ṣatunkọ faili 'named.conf' fun ibi ipamọ data agbegbe wa ati tẹtisi ibudo.
$ sudo vim /etc/named.conf
Ṣe awọn ayipada bi o ṣe han, gẹgẹbi fun awọn ibeere rẹ.
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.201}; # Our Slave DNS server IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
## Define our slave forward and reverse zone, Zone files are replicated from master.
zone"tecmintlocal.com" IN {
type slave;
file "slaves/tecmintlocal.fwd.zone";
masters { 192.168.0.200; };
};
zone"0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/tecmintlocal.rev.zone";
masters { 192.168.0.200; };
};
#####
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Bẹrẹ iṣẹ DNS ni lilo.
$ sudo service named start
Lẹhin ti tun bẹrẹ iṣẹ abuda, a ko ni lati ṣalaye alaye agbegbe naa ni ọkọọkan, bi gbigbe-gba laaye wa yoo tun ṣe alaye agbegbe naa lati ọdọ olupin oluwa bi a ṣe han ninu aworan ni isalẹ.
$ sudo ls -l /var/named/slaves
Daju, alaye agbegbe naa ni lilo aṣẹ ologbo.
$ sudo cat /var/named/slaves/tecmintlocal.fwd.zone $ sudo cat /var/named/slaves/tecmintlocal.rev.zone
Nigbamii, ṣii ibudo DNS 53 lori awọn iptables lati gba asopọ inbound laaye.
$ sudo iptables -I INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
Ṣafipamọ awọn ofin iptables ki o tun bẹrẹ iṣẹ iptables naa.
$ sudo service iptables save $ sudo service iptables restart
Jẹ ki iṣẹ naa tẹsiwaju lori bata eto.
$ sudo chkconfig iptables on
Check whether persistent set for run-levels .
$ sudo chkconfig --list iptables
O n niyen!. Bayi akoko lati tunto awọn ẹrọ alabara wa ati ṣayẹwo fun orukọ olupin.
Tunto Ẹrọ Onibara
Ninu ẹgbẹ alabara a nilo lati fi Akọbẹrẹ (192.168.0.200) ati Akọsilẹ DNS (192.168.0.201) silẹ ni awọn eto nẹtiwọọki lati gba orukọ orukọ olupin kan. Lati ṣe, ṣiṣe aṣẹ iṣeto lati ṣalaye gbogbo awọn titẹ sii wọnyi bi o ṣe han ninu aworan.
$ setup
Ni omiiran, satunkọ faili '/etc/reslov.conf' ki o ṣafikun awọn titẹ sii wọnyi.
$ vim /etc/resolv.conf
search tecmintlocal.com nameserver 192.168.0.200 nameserver 192.168.0.201
Bayi, jẹrisi ip, orukọ olupin ati wiwa olupin olupin.
$ ifconfig | grep inet $ hostname $ nslookup tecmintlocal.com
Bayi, ṣayẹwo siwaju & Yiyipada DNS wo-soke nipa lilo.
$ dig masterdns.tecmintlocal.com $ dig -x 192.168.0.200
Understaing awọn iwo wu:
- Akọsori - Eyi sọ ohun gbogbo ohun ti a beere ati bii abajade ti jẹ.
- Ipo - Ipo ko SI Aṣiṣe, iyẹn tumọ si eyiti ibeere ibeere ti a firanṣẹ nipasẹ wa ni aṣeyọri laisi Aṣiṣe eyikeyi.
- Ibeere - Ibeere naa ti a ṣe nipasẹ wa, nibi ibeere mi ni masterdns.tecmintlocal.com.
- Idahun - Ibeere Ibere ti yanju ti alaye to wa ba wa.
- Alaṣẹ - Idahun awọn olupin orukọ fun agbegbe ati agbegbe naa.
- Afikun - Alaye ni afikun nipa awọn olupin-orukọ gẹgẹbi orukọ-ogun ati adirẹsi IP.
- Akoko ibeere - Bawo ni o gba fun ipinnu awọn orukọ lati awọn olupin ti o wa loke.
Lakotan ṣayẹwo fun oju ipade wa ki o ṣe pingi kan.
$ dig node1.tecmintlocal.com
$ ping masterdns.tecmintlocal.com -c 2 $ ping slavedns.tecmintlocal.com -c 2 $ ping 192.168.0.200 -c 2 $ ping 192.168.0.201 -c 2
Lakotan, iṣeto ti pari, nibi a ti tunto mejeeji Primary (Master) ati Slave (Seconday) olupin DNS ni aṣeyọri, nireti pe gbogbo eniyan ni iṣeto-ed laisi eyikeyi oro, ni ọfẹ lati sọ asọye silẹ ti o ba dojuko eyikeyi ọrọ lakoko iṣeto.