Isinyathelo 1: Ukufakwa kwamaphakheji adingekayo
Ngaphambi kokuthi uqale ucubungule imiyalo elandelayo, sifuna ukuqaphela ukuthi esizeni sethu lapho selivele liyisiqondisi sokucushwa okujwayelekile kuma-DNS ajwayelekile eLinux. Sincoma ukusebenzisa ngqo izinto uma kufanele usethe izilungiselelo zokuvakashela okujwayelekile kumasayithi we-inthanethi. Okulandelayo, sizokhombisa ukuthi iseva ye-DNS yendawo eyinhloko efakiwe ngengxenye eyinhloko yekhasimende.Ekupheleni kwale nqubo, uzokwaziswa ukuthi wonke amaphakheji angezwe ngempumelelo ohlelweni. Ngemuva kwalokho, iya esinyathelweni esilandelayo.
Isinyathelo 2: Ukusetha kweseva ye-DNS yomhlaba wonke
Manje sifuna ukukhombisa ukuthi ifayela lokucushwa eliyinhloko lihlelwa kanjani, nokuthi imigqa yengezwa lapho. Ngeke sihlale kulayini ngamunye ngokwahlukana, ngoba kuzothatha isikhathi esiningi, ngaphezu kwalokho, yonke imininingwane edingekayo iyatholakala emibhalweni esemthethweni.
- Ungasebenzisa noma yimuphi umhleli wombhalo ukuhlela izinto zokucushwa. Sinikeza ukufaka i-nano elula ngokufaka i-sudo yum faka i-nano ku-console.
- Onke amaphakheji adingekayo azolandwa, futhi uma vele akhona ekusatshalalisweni, uzothola isaziso esithi "Ungenzi lutho."
- Sizoqhubeka nokuhlela ifayela uqobo. Iyivule nge-sudo nano / netalid.conf. Uma kunesidingo, buyisela umhleli wombhalo owuthandayo, khona-ke intambo izoba ngale ndlela elandelayo: sudo VI /ETC/Named.CONF.
- Ngezansi kwethule okuqukethwe okudingeka ufake kufayela elivulekile noma uqinisekise ngokuvele ukhona ngokungeza imigqa engekho.
- Emva kwalokho, cindezela u-Ctrl + o ukurekhoda izinguquko.
- Awudingi ukushintsha igama lefayela, vele uchofoze ku-ENTER.
- Shiya umhleli wombhalo nge-CTRL + X.
Njengoba sekushiwo ngaphambili, ifayela lokucushwa lizodinga ukufaka imigqa ethile ecacisa imithetho ejwayelekile yokuziphatha kweseva ye-DNS.
//
// igama.conf.
//
// enikezwe i-Red Hat BIND Page ukumisa i-ISC BIND ebizwa ngegama (8) DNS
// iseva njenge-caching kuphela nameserver (njenge-localhost DNS resolver kuphela).
//
// Bheka / USR / Abelana / I-DOC / BIND * / Isampula / isibonelo Amafayela wokucushwa.
//
Izinketho {
Lalela-ePort 53 {127.0.0.1; 192.168.1.1.101;}; ### Master DNS IP ###
# Lalela-i-v6 port 53 {:: 1; ;
Isiqondisi esithi "/ var / esiqanjwe";
I-Dump-File "/var/Named/data/cache_dump.db";
I-Statistics-File "/Var/Named/data/Named_Stats.txt";
Memstatistics-ifayela "/var/named/data/nata/damed_mem_stats.txt";
Vumela umbuzo {localhost; 192.168.1.0/24;}; ### Range Range ###
UKUVUMELA-TRANSFER {localhost; 192.168.1.102; }; ### Nceku DNS ip ###
/*
- uma oyakhayo An Onegunya DNS leseva, Ningabeki Vumela recursion.
- Uma You Are Isakhiwo A Recursive (inqolobane) DNS leseva, udinga ukunika amandla
Recursion.
- UMA Recursive lakho DNS leseva Ine Ikheli A Public IP, kufanele unike ukufinyelela
Control ukuze Umkhawulo Imibuzo ukuba Abasebenzisi bakho bangempela. UKWEHLULEKA Ukwenza kanjalo
Imbangela Server Yakho Ibe Ingxenye Esibanzi Scale DNS okhulisa
Ukuhlaselwa. Ukuqalisa BCP38 Phakathi Network lakho Ingabe Kakhulu
Nciphisa Attack okunjalo Surface
*/
Recursion YEBO;
dnssec unike amandla yebo;
DNSSEC-KOKUBA SEMTHETHWENI YEBO;
DNSSEC-LOOKASIDE AUTO;
/ * PATH UKUZE ISC DLV KEY * /
bindkeys-ifayela "/etc/named.iscdlv.key";
Kuphethwe-okhiye-lwemibhalo "/ var / okuthiwa / ashukumisayo";
pid-ifayela "/urn/named/named.pid";
nge-session-keyfile "/urn/named/Session.Key";
};
Ukungena {
Default_debug Channel {
Ifayela "Idatha / Named.Run";
Ubucayi ENAMANDLA;
};
};
zone "." Ngo {
Thayipha Ukusikisela;
Ifayela "Named.ca";
};
zone "unixmen.local" e {
Thayipha Master;
Ifayela "Forward.unixmen";
UKUVUMELA-UPDATE {LUTHO; };
};
zone "1.168.192.in-addr.arpa" e {
Thayipha Master;
Ifayela "Reverse.unixmen";
UKUVUMELA-UPDATE {LUTHO; };
};
zihlanganisa "/etc/named.rfc1912.zones";
zihlanganisa "/etc/named.root.key";
Qiniseka ukuthi yonke into obala ncamashi njengoba kuboniswe ngenhla, bese ukuya isinyathelo esilandelayo.
Isinyathelo 3: Ukudala indawo eqondile reverse
Ukuze uthole ulwazi mayelana umthombo, iseva DNS isebenzisa esishintshashintshayo eqondile ephambene. I ngqo ikuvumela ukuthola ikheli lasesizindeni ngegama aphethe, kanye nokubuya nge IP unika igama lesizinda. Ukusebenza efanele izoni ngayinye kumele unikezwe imithetho ekhethekile, ukudalwa okuyinto sinikeza ukwenza okwengeziwe.
- Ukuze uthole indawo eqondile, sizodala ifayela ehlukile ngokusebenzisa sombhalo efanayo. Khona-ke string izobukeka kanje: sudo nano /var/named/forward.unixmen.
- Uzokwaziswa ukuthi entweni engenalutho. Namathisela okuqukethwe elandelayo kukhona:
$ TTL 86400.
@ Ngo SOA masterdns.unixmen.local. root.unixmen.local. (
2011071001; yomkhiqizo
3600; Vuselela.
1800; Zama futhi.
604800; yisikhathi
86400; Ubuncane TTL
)
@ IN NS MASTERDNS.UNIXMEN.LOCAL.
@ Ngo NS secondarydns.unixmen.local.
@ IN A 192.168.1.101
@ IN A 192.168.1.102
@ IN A 192.168.1.103
MasterDNS IN A 192.168.1.101
SECONDARYDNS IN A 192.168.1.102
Iklayenti In A 192.168.1.103
- Gcina izinguquko bese uvala umhleli wombhalo.
- Manje phenya zone reverse. Kudinga ifayela /Var/Named/reverse.unixmen.
- Lokhu futhi kuyothandeka ifayela elisha elingenalutho. Faka khona:
$ TTL 86400.
@ Ngo SOA masterdns.unixmen.local. root.unixmen.local. (
2011071001; yomkhiqizo
3600; Vuselela.
1800; Zama futhi.
604800; yisikhathi
86400; Ubuncane TTL
)
@ IN NS MASTERDNS.UNIXMEN.LOCAL.
@ Ngo NS secondarydns.unixmen.local.
@ Ngo ptr unixmen.local.
MasterDNS IN A 192.168.1.101
SECONDARYDNS IN A 192.168.1.102
Iklayenti In A 192.168.1.103
101 e ptr masterdns.unixmen.local.
102 e PTR SecondaryDns.unixmen.local.
103 e ptr client.unixmen.local.
- Uma ulondoloza, musa ukushintsha igama into, kodwa umane ucindezela ENTER key.
Manje amafayela ecacisiwe izosetshenziselwa indawo eqondile reverse. Uma kudingeka, kufanele uwahlele ukuze ukushintsha ezinye nemingcele. Ungase futhi ufunde ngakho embhalweni olusemthethweni.
Isinyathelo 4: Qala i-DNS leseva
Ngemuva kokuqeda yonke imiyalo edlule, ungaqala isiphakeli se-DNS ukuze kube lula ukubheka ukusebenza kwayo futhi uqhubeke nokumisa amapharamitha abalulekile. Umsebenzi wenziwa kanjena:
- Kwi-Console, faka uhlelo lwe-Sudo Systemctv unika amandla okuqanjwe ngegama lokufaka iseva ye-DNS ukuze akwazi ukuqala ngokuzenzakalelayo ukuqala okuzenzakalelayo lapho uqala uhlelo lokusebenza.
- Qinisekisa lesi senzo ngokufaka iphasiwedi ye-Superuser.
- Uzokwaziswa ngokwakhiwa kwesethenjwa esingokomfanekiso, okusho ukuthi isenzo sesiphumelele.
- Gijimani ukusetshenziswa nge-systemctl qala igama elithi. Ungayivimba ngendlela efanayo, kuphela ukufaka enye indlela yokuqalisa esitobhini.
- Lapho kuboniswa iwindows pop-up i-pop-up kuboniswa, faka iphasiwedi kusuka ezimpandeni.
Njengoba ukwazi ukubona, ukuphathwa kwensizakalo ebekiwe kwenziwa ngokuya ngomgomo ofanayo naleyo yonke imisebenzi ejwayelekile, ngakho-ke, akufanele kube nezinkinga ngalokhu nakubasebenzisi be-novice.
Isinyathelo 5: Ukushintsha amapharamitha we-firewall
Ngokusebenza okulungile kweseva ye-DNS, uzodinga ukuvula iPort 53, eyenziwa nge-firewall ejwayelekile ye-firewall. Kwi-terminal, kuzodingeka ukwethula imiyalo emithathu elula:
- Izici zokuqala umbono we-Firewall-CMD - I-Port --dd-Port = 53 / TCP futhi unesibopho sokuvula i-TCP Protocol Port. Faka ku-console bese uqhafaza ku-ENTER.
- Kufanele uthole isaziso "sempumelelo", esibonisa ukusetshenziswa ngempumelelo komthetho. Emva kwalokho, faka i-Firewall-CMD - I-PortManent - I-Port-Port = 53 / UDP String ukuvula i-UDP Protocol Port.
- Zonke izinguquko zizosetshenziswa kuphela ngemuva kokuqalisa kabusha i-firewall, eyenziwa ngomyalo we-firewall-CMD - -Reload.
Azikho ezinye izinguquko nge-firewall ukukhiqiza. Gcina njalo njalo ku-Off State, ukuze kungabikho izinkinga zokufinyelela.
Isinyathelo 6: Lungisa amalungelo okufinyelela
Manje kuzodingeka ukusetha izimvume ezinkulu kanye namalungelo okufinyelela ukuvikela umsebenzi weseva ye-DNS futhi uvikele abasebenzisi abajwayelekile ekwazi ukuguqula amapharamitha. Sizokwenza kube ngendlela ejwayelekile eSelinux.
- Yonke imiyalo elandelayo kumele isebenze egameni le-superuser. Ukuze ungafaki i-password, sikucebisa ukuthi unike amandla ukufinyelela kwezimpande zaphakade kweseshini ye-terminal yamanje. Ukuze wenze lokhu, faka su ku-console.
- Cacisa iphasiwedi yokufinyelela.
- Ngemuva kwalokho, faka imiyalo elandelayo ukudala ukucushwa okuphelele kokufinyelela:
I-CHGRP egama lingu -R / Var / egama
I-CHEOW -V ROOT: I-Imed /ETC/Named.Conf
Restoreacon -RV / var / ebizwa ngegama
Restoreacon /etc/gamad.conf.
Kulokhu, ukucushwa okujwayelekile kweseva ye-DNS eyinhloko sekuqediwe. Ihlala ihlela amafayela amaningi okucushwa namaphutha wokuhlola. Sinikeza konke lokhu ukuthola isinyathelo esilandelayo.
Isinyathelo 7: Ukuhlola amaphutha nokugcwalisa ukusetha
Sincoma ukuqala ngamasheke wephutha ukuze ngokuzayo akudingeki ukuthi ashintshe amafayela wokucushwa asele. Kungakho sizokubheka konke kungakapheli isinyathelo esisodwa, futhi sinikeza amasampula okuphuma okufanele kwemiyalo yokuhlolwa.
- Faka okuthiwa yi-CheckConf /Tc/Named.Conf ku-terminal. Lokhu kuzokuvumela ukuthi uhlole amapharamitha emhlabeni jikelele. Uma, ngenxa yalokho, akukho okukhishwa okulandelwayo, kusho ukuthi yonke into ilungiselelwe kahle. Ngaphandle kwalokho, funda umyalezo futhi, uphume kuwo, uxazulule inkinga.
- Okulandelayo udinga ukubheka indawo eqondile ngokufaka i-nemed-checkone unixmen.local /var/nayd/forard.unixmen String.
- Isampula Yokukhipha imi kanje: I-Zone Unixmen.Local / In: Kulayishwe i-Serial 2011071001 Kulungile.
- Cishe okufanayo nangendawo ehlekisayo ngokusebenzisa igama elithi-checzone unixmen.local /var/named/reverse.unixmen.
- Umphumela ofanele kufanele ube: u-Zone Unixmen.Local / In: Kulayishwe i-Serial 201101001 Kulungile.
- Manje sidlulela kumasethingi esibonakalayo esikhulu senethiwekhi. Kuzodinga ukwengeza idatha yeseva yamanje ye-DNS. Ukuze wenze lokhu, vula i- / njll / sysconfig / ama-scripphs wenethiwekhi / i-IFCFG-Enp0s3 file.
- Bheka ukuthi okuqukethwe kuboniswe ngezansi. Uma kunesidingo, faka amapharamitha we-DNS.
Thayipha = "Ethernet"
I-BootProto = "Akukho"
Defroute = "yebo"
IPv4_Failure_Fatal = "Cha"
IPv6init = "Yebo"
IPv6_Autoconf = "Yebo"
IPv6_defroute = "Yebo"
IPv6_Failure_Fatal = "Cha"
Igama = "Enp0s3"
UUID = "5D0428B3-6AFE3-4250CD839EFA"
I-Onboot = "Yebo"
Hwaddr = "08: 00: 27: 19: 78: 73
IPaddr0 = "192.1.101"
Prefix0 = "24"
I-Gateway0 = "192.168.1.1"
DNS = "192.168.1.101"
IPv6_Peerdns = "Yebo"
IPv6_Peerroutes = "Yebo"
- Ngemuva kokonga izinguquko, yiya ku-/etc/resolv.conf.conf.
- Lapha udinga ukwengeza umugqa owodwa nje: nameserver 192.168.1.101.
- Lapho beqeda, ihlala yodwa kabusha inethiwekhi noma kwikhompyutha ukuze uthuthukise ukucushwa. Inethiwekhi iqalisiwe ngokusebenzisa umyalo SystemCTL ukuqalisa phansi NETWORK.
Isinyathelo 8: Ihlola efakwe DNS iseva
Ekupheleni ukucushwa, ihlala yodwa ukuqinisekisa ukusebenza kwe-DNS iseva litholakale emuva kokuthi yengezwe isevisi yenethiwekhi global. Lo msebenzi futhi kusetshenziswa imiyalo ekhethekile. Eyokuqala wabo ine uhlobo Dig Masterdns.Unixmen.local.
Ngenxa yalokho, i okukhiphayo kufanele esibukweni, okuyinto has a ukumelwa efanayo okuqukethwe esibalulwe ngezansi.
; Dig 9.9.4-Redhat-9.9.4-14.EL7 MasterDns.Unixmen.local
;; Izinketho Global: + CMD
;; Impendulo Uthole:
;; - >> Iheda.
;; Amafulegi: QR AA RD RA; Umbuzo: 1, Impendulo: 1, AUTHORITY: 2, LOKWENGEZA: 2
;; Zokuphuma Pseudosection:
; EDNS: Inguqulo: 0, Amafulegi :; UDP: 4096.
;; Umbuzo Isigaba:
; Masterdns.unixmen.local. Kwi.
;; IMPENDULO SIGABA:
Masterdns.Unixmen.local. 86400 IN A 192.168.1.101
;; Authority Isigaba:
unixmen.local. 86400 e NS secondarydns.unixmen.local.
unixmen.local. 86400 e NS masterdns.unixmen.local.
;; ISIQEPHU LOKWENGEZA:
Secondarydns.unixmen.local. 86400 IN A 192.168.1.102
;; Umbuzo Isikhathi: 0 msec
;; Iseva: 192.168.1.101 # 53 (192.168.1.101)
;; UMA: Ngolwesithathu Aug 20 16:20:46 IST 2014
;; MSG Usayizi RCVD: 125
Kuvele umyalo ezengeziwe kuzokuvumela ukufunda mayelana nesimo DNS kuseva yendawo. Ukuze wenze lokhu, faka nslookup unixmen.local ku-console bese uchofoze u-ENTER.
Ngenxa yalokho, imibono ezintathu ezahlukene IP kanye namagama domain kufanele akhonjiswe nini.
Iseva: 192.168.1.101
Ikheli: 192.168.1.101 # 53
Igama: unixmen.local
IKHELI: 192.168.1.103
Igama: unixmen.local
Ikheli: 192.168.1.101
Igama: unixmen.local
IKHELI: 192.168.1.102
Uma okukhipha ifana ukuthi kuboniswe, kusho ukuthi ukucushwa usuphothuliwe ngempumelelo futhi ungaya emsebenzini nge iklayenti ingxenye iseva DNS.
Ukusetha i-iklayenti ingxenye iseva DNS
Sizokwenza yini sehlukane ukuze le nqubo ku izinyathelo umuntu, ngoba wenziwa ngokuhlela ifayela ukumisa eyodwa kuphela. Kuyadingeka ukuze ungeze ulwazi mayelana wonke amaklayenti ukuthi uzobe exhunywe kwi-server, futhi isibonelo enjalo ukuhlelwa ukubukeka kanje:
- Vula ifayela /etc/resolv.conf ngokusebenzisa iyiphi Umhleli wombhalo elula.
- Engeza yezinhlamvu ukucinga nameserver unixmen.local 192.168.1.101 kanye nameserver 192.168.1012, esikhundleni kudingekile iklayenti amakheli.
- Uma ulondoloza, musa ukushintsha igama fayela, kodwa umane ucindezela ENTER key.
- Ngemuva kokushiya sombhalo, kabusha inethiwekhi global ngokusebenzisa umyalo SystemCTL ukuqalisa phansi NETWORK.
Lawa kwakungamaphuzu asemqoka engxenyeni yamakhasimende yeseva ye-DNS, esasifuna ukuyisho. Onke amanye ama-nunces anikezwa ukutadisha ngokufunda imibhalo esemthethweni uma kudingeka.
Ukuhlolwa kweseva ye-DNS
Isigaba sokugcina sezinto zethu zanamuhla ukuhlolwa kokugcina kweseva ye-DNS. Ngezansi ubona imiyalo eminingana, ukuvumela ukuthi ubhekane nalo msebenzi. Sebenzisa eyodwa yazo ngokwenza kusebenze "ukuphela kwe-terminal". Uma kungekho amaphutha abonwa endaweni ekhiphayo, ngakho-ke, yonke inqubo yenziwa kahle.
Dig masterdns.unixmen.local
Rig COLEGEDNS.Unixmen.local
Bamba iklayenti.unixmen.local
NSOLNOUP UNIXMEN.LOCAL
Namuhla ufunde konke ngokusetha iseva ye-DNS enkulu ekusatshalalisweni kwe-Centros. Njengoba ubona, wonke umsebenzi ugxile ekungeneni imiyalo yesifo kanye namafayela wokucushwa wokuhlela, ongadala ubunzima obuthile kubasebenzisi be-novice. Kodwa-ke, udinga kuphela ukulandela kahle le miyalo futhi ufunde imiphumela yamasheke ukuze konke kuhambe ngaphandle kwamaphutha.