Saita uwar garken DNS na Master-Bawa ta Amfani da Kayan aikin Daure a cikin RHEL/CentOS 6.5
Domain Name Server (DNS) da ake amfani dashi don warware suna ga kowane runduna. Sabar uwar garken DNS (Primary Server) su ne masu sarrafa bayanan yanki na asali kuma uwar garken DNS (Secondary Server) sabobin ajiya ne kawai waɗanda ake amfani da su don kwafi bayanan yanki ɗaya daga manyan sabobin. Jagorar Jagora zai warware sunaye ga kowane runduna waɗanda muka ayyana a cikin bayanan yanki kuma suyi amfani da ka'idar UDP, saboda ka'idodin UDP ba za su taɓa yin amfani da tsarin yarda ba yayin da tcp ke amfani da yarda. Sabar DNS kuma suna amfani da ka'idojin UDP don warware buƙatar tambaya da farko.
Fahimtar DNS na iya zama ɗan ruɗani ga sababbin. Anan akwai taƙaitaccen bayani kan yadda DNS ke aiki.
Bari mu ce, idan muna buƙatar shiga kowane gidan yanar gizon me za mu yi? Kawai rubuta www.google.com a browser kuma danna enter. Hmm wannan shine abin da muka sani, amma gaskiyar ita ce, yadda ciwon DNS ke shiga ciki, yayin da yake neman mu. Yayin da muke rubuta www.google.com tsarin zai nemi www.google.com. Duk lokacin da muka buga wani sunan yankin, akwai . (dot) a ƙarshen www.google.com wanda ke cewa don bincika tushen sabar suna.
A duniya akwai tushen sabobin 13 da ake da su don warware tambayar. Da farko, yayin da muka buga shiga a matsayin www.google.com browser ɗinmu zai gabatar da buƙatu zuwa ga mai gyara mu na gida, wanda ke da shigarwa game da bayanin uwar garken uwargidanmu kuma bawa. Idan ba su da bayani game da irin wannan tambayar da ake buƙata za su ƙaddamar da buƙatar zuwa Babban Matsayi (TLD), idan TLD ta ce ban san buƙatar ba, ƙila uwar garken mai iko ya san buƙatar ku, zai tura zuwa ga mai iko. sabobin, anan www.google.com kawai an ayyana shi azaman adireshin 72.36.15.56.
A cikin lokaci mai iko uwar garken zai ba da amsar TLD kuma TLD zai wuce zuwa tushen uwar garke kuma tushen zai samar da bayanan zuwa mai bincike, don haka mai binciken zai cache buƙatar DNS don amfani na gaba. Don haka waɗannan dogon tsari za su warware kawai a cikin millise seconds. Idan basu san buƙatar ba za su amsa a matsayin NXDOMAIN. Wannan yana nufin, babu wani rikodin da aka samu a cikin bayanan Zone. Da fatan wannan zai sa ku fahimci yadda DNS ke aiki.
Karanta Hakanan: Saita Sabar Cache na DNS a cikin Ubuntu
Don wannan labarin, Ina amfani da injuna 3, 2 don saitin uwar garke (maigida da bawa) da 1 don abokin ciniki.
--------------------------------------------------- Master DNS Server --------------------------------------------------- IP Address : 192.168.0.200 Host-name : masterdns.tecmintlocal.com OS : Centos 6.5 Final
--------------------------------------------------- Slave DNS Server --------------------------------------------------- IP Address : 192.168.0.201 Host-name : slavedns.tecmintlocal.com OS : Centos 6.5 Final
--------------------------------------------------- Client Machine to use DNS --------------------------------------------------- IP Address : 192.168.0.210 Host-name : node1.tecmintlocal.com OS : Centos 6.5 Final
bind, bind-utils, bind-chroot
config file : /etc/named.conf script file : /etc/init.d/named
53, UDP
Saita Master DNS Server
Da farko, tabbatar da adireshin IP, Sunan Mai watsa shiri da Sigar Rarraba Master DNS Server, kafin ci gaba don saitin.
$ sudo ifconfig | grep inet $ hostname $ cat /etc/redhat-release
Da zarar, kun tabbatar da cewa saitunan da ke sama daidai ne, lokacinsa don ci gaba don shigar da fakitin da ake buƙata.
$ sudo yum install bind* -y
Bayan shigar da fakitin da ake buƙata, yanzu ayyana fayilolin yanki a cikin babban tsari 'named.conf'fayil.
$ sudo vim /etc/named.conf
An ba da ƙasa shine shigarwar fayil na mai suna.conf, canza fayil ɗin daidaitawa gwargwadon buƙatar ku.
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.200; }; # Here we need to add our Master DNS Server IP.
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; }; # subnet range where my hosts are allowed to query our DNS.
allow-transfer { localhost; 192.168.0.201; }; # Here we need to our Slave DNS server IP.
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
## Define our forward & reverse Zone file here for tecmintlocal.com.
zone"tecmintlocal.com" IN {
type master;
file "tecmintlocal.fwd.zone";
allow-update { none; };
};
zone"0.168.192.in-addr.arpa" IN {
type master;
file "tecmintlocal.rev.zone";
allow-update { none; };
};
#####
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Mai zuwa shine bayanin kowane tsari da muka yi amfani da shi a cikin fayil na sama.
- sauraron tashar jiragen ruwa 53 - Ana amfani da wannan don DNS don sauraren abubuwan da ke akwai.
- Master DNS - Ƙayyade, Babban adireshin IP ɗinku na DNS don sauraron tambayar.
- Slave DNS - Ƙayyade DNS ɗin ku na Slave, wanda ake amfani da shi don daidaita bayanin yankin mu don warware masu masaukin baki daga Jagora.
- maimaitawa babu - Idan an saita shi zuwa e, tambayoyin maimaitawa zasu sa uwar garken ta zama harin DDOS.
- Sunan Yanki - Ƙayyade sunan yankin ku anan wanda aka ayyana azaman tecminlocal.com.
- nau'in master - Kamar yadda aka tsara wannan tsarin don babban uwar garken, don uwar garken bawa mai zuwa wannan zai zama bawa.
- tecmintlocal.fwd.zone - Wannan fayil yana da bayanan rundunar wannan yanki.
- babu izinin sabuntawa - Idan babu wanda zai saita. ba zai yi amfani da Dynamic DNS (DDNS) ba.
Da farko bari mu ayyana shigarwa yankin neman gaba. Anan muna buƙatar ƙirƙirar fayilolin yankin da sunan abin da muka ayyana a cikin fayil ɗin name.conf kamar yadda yake ƙasa.
tecmintlocal.fwd.zone tecmintlocal.rev.zone
Muna amfani da fayilolin sanyi na samfur don ƙirƙirar fayilolin yanki na gaba, don wannan dole ne mu kwafi fayilolin sanyin samfurin.
$ sudo cp /var/named/named.localhost /var/named/tecmintlocal.fwd.zone $ sudo cp /var/named/named.loopback /var/named/tecmintlocal.rev.zone
Da zarar, kun kwafi fayilolin sanyi, yanzu gyara waɗannan fayilolin yanki ta amfani da editan vim.
$ sudo vim /var/named/tecmintlocal.fwd.zone
Kafin ayyana bayanin mai masaukinmu a cikin fayil ɗin yanki na gaba, da farko da sauri duba fayil ɗin yankin samfurin.
Wannan shine tsarin yankina na gaba, saka shigarwar da ke ƙasa kuma kuyi canje-canje gwargwadon buƙatarku.
$TTL 86400
@ IN SOA masterdns.tecmintlocal.com. root.tecmintlocal.com. (
2014090401 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
; Name server's
@ IN NS masterdns.tecmintlocal.com.
@ IN NS slavedns.tecmintlocal.com.
; Name server hostname to IP resolve.
@ IN A 192.168.0.200
@ IN A 192.168.0.201
; Hosts in this Domain
@ IN A 192.168.0.210
@ IN A 192.168.0.220
masterdns IN A 192.168.0.200
slavedns IN A 192.168.0.201
node1 IN A 192.168.0.210
rhel1 IN A 192.168.0.220
Ajiye ku bar fayil ɗin ta amfani da wq!. Bayan gyara binciken gaba, yana kama da ƙasa, Yi amfani da TAB don samun tsari mai kyau a cikin fayil ɗin yanki.
Yanzu, ƙirƙiri fayil ɗin neman juyi, mun riga mun yi kwafin fayil ɗin madauki a cikin sunan tecmintlocal.rev.zone. Don haka, muna amfani da wannan fayil ɗin don saita binciken mu na baya.
$ sudo vim /var/named/tecmintlocal.rev.zone
Kafin ayyana bayanin mai masaukinmu a cikin fayil ɗin juzu'i, yi saurin duba samfurin fayil ɗin neman juyi kamar yadda aka nuna a ƙasa.
Wannan shine saitin yanki na baya, saka shigarwar da ke ƙasa kuma kuyi canje-canje azaman buƙatar ku.
$TTL 86400
@ IN SOA masterdns.tecmintlocal.com. root.tecmintlocal.com. (
2014090402 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
; Name server's
@ IN NS masterdns.tecmintlocal.com.
@ IN NS slavedns.tecmintlocal.com.
@ IN PTR tecmintlocal.com.
; Name server hostname to IP resolve.
masterdns IN A 192.168.0.200
slavedns IN A 192.168.0.201
;Hosts in Domain
node1 IN A 192.168.0.210
rhel IN A 192.168.0.220
200 IN PTR masterdns.tecmintlocal.com.
201 IN PTR slavedns.tecmintlocal.com.
210 IN PTR node1.tecmintlocal.com.
220 IN PTR rhel1.tecmintlocal.com.
Ajiye ku bar fayil ɗin ta amfani da wq!. Bayan gyara duba baya, yana kama da ƙasa, Yi amfani da TAB don samun tsari mai kyau a cikin fayil ɗin yanki.
Bincika ikon mallakar rukuni na duba gaba & baya fayilolin dubawa, kafin bincika kowane kurakurai a cikin tsari.
$ sudo ls -l /var/named/
Anan zamu iya ganin fayilolin duka suna cikin tushen masu amfani, saboda fayilolin da muke yin kwafi daga fayilolin samfuri suna samuwa a ƙarƙashin /var/named/. Canja ƙungiyar zuwa suna akan fayilolin biyu ta amfani da umarni masu biyowa.
$ sudo chgrp named /var/named/tecmintlocal.fwd.zone $ sudo chgrp named /var/named/tecmintlocal.rev.zone
Bayan saita ingantaccen ikon mallaka akan fayilolin, sake tabbatar da su.
$ sudo ls -l /var/named/
Yanzu, bincika kurakurai a cikin fayilolin yanki, kafin fara sabis na DNS. Da farko duba fayil mai suna.conf, sannan duba sauran fayilolin yankin.
$ sudo named-checkconf /etc/named.conf $ sudo named-checkzone masterdns.tecminlocal.com /var/named/tecmintlocal.fwd.zone $ sudo named-checkzone masterdns.tecminlocal.com /var/named/tecmintlocal.rev.zone
Ta hanyar tsoho iptables yana gudana kuma uwar garken DNS ɗin mu yana iyakance ga localhost, idan abokin ciniki yana so ya warware suna daga Sabar DNS ɗin mu, to dole ne mu ba da izinin buƙatun mai shigowa, don haka muna buƙatar ƙara ƙa'idodin inbound na iptables don tashar jiragen ruwa 53.
$ sudo iptables -I INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
Yanzu, tabbatar da cewa an ƙara ƙa'idodin daidai a sarkar INPUT.
$ sudo iptables -L INPUT
Na gaba, ajiye dokoki kuma sake kunna Tacewar zaɓi.
$ sudo service iptables save $ sudo service iptables restart
Fara sabis ɗin mai suna kuma ku sa ya dage.
$ sudo service named start $ sudo chkconfig named on $ sudo chkconfig --list named
A ƙarshe, gwada fayilolin yanki na Master DNS da aka saita (gaba da baya), ta amfani da kayan aikin tono & nslookup.
$ dig masterdns.tecmintlocal.com [Forward Zone]
$ dig -x 192.168.0.200
$ nslookup tecmintlocal.com $ nslookup masterdns.tecmintlocal.com $ nslookup slavedns.tecmintlocal.com
Sanyi! mun saita Master DNS, yanzu muna buƙatar saita Sabar DNS na Slave. Bari mu ci gaba don saita uwar garken bawa, Wannan ba zai ɗauki lokaci mai yawa a matsayin saitin mai sarrafa ba.
Saita Sabar Sabar DNS
A cikin injin Slave, kuma muna buƙatar shigar da fakiti iri ɗaya kamar yadda aka nuna a cikin Jagora, don haka bari mu sanya su ta amfani da bin umarni.
$ sudo yum install bind* -y
Buɗe ku shirya fayil ɗin 'name.conf' don bayanan yankin mu da sauraron tashar jiragen ruwa.
$ sudo vim /etc/named.conf
Yi canje-canje kamar yadda aka nuna, gwargwadon buƙatun ku.
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.201}; # Our Slave DNS server IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
## Define our slave forward and reverse zone, Zone files are replicated from master.
zone"tecmintlocal.com" IN {
type slave;
file "slaves/tecmintlocal.fwd.zone";
masters { 192.168.0.200; };
};
zone"0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/tecmintlocal.rev.zone";
masters { 192.168.0.200; };
};
#####
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Fara sabis na DNS ta amfani da.
$ sudo service named start
Bayan sake kunna sabis ɗin ɗaure, ba dole ba ne mu ayyana bayanin yanki ɗaya ɗaya, saboda canja wurin izinin mu zai kwafi bayanan yankin daga babban sabar kamar yadda aka nuna a hoton da ke ƙasa.
$ sudo ls -l /var/named/slaves
Tabbatar, bayanin yankin ta amfani da umarnin cat.
$ sudo cat /var/named/slaves/tecmintlocal.fwd.zone $ sudo cat /var/named/slaves/tecmintlocal.rev.zone
Na gaba, buɗe tashar jiragen ruwa na DNS 53 akan iptables don ba da damar haɗin shiga.
$ sudo iptables -I INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
Ajiye dokokin iptables kuma sake kunna sabis ɗin iptables.
$ sudo service iptables save $ sudo service iptables restart
Sanya sabis ɗin ya ci gaba a kan boot ɗin tsarin.
$ sudo chkconfig iptables on
Check whether persistent set for run-levels .
$ sudo chkconfig --list iptables
Shi ke nan!. Yanzu lokaci ne don saita injin ɗin abokin cinikinmu kuma bincika sunan mai masauki.
Sanya Injin Abokin Ciniki
A gefen abokin ciniki muna buƙatar sanya Primary (192.168.0.200) da na biyu DNS (192.168.0.201) shigarwa a cikin saitunan cibiyar sadarwa don sanya sunan mai masauki. Don yin, gudanar da umarnin saitin don ayyana duk waɗannan shigarwar kamar yadda aka nuna a hoton.
$ setup
In ba haka ba, shirya fayil ɗin '/etc/reslov.conf' kuma ƙara abubuwan shigarwa masu zuwa.
$ vim /etc/resolv.conf
search tecmintlocal.com nameserver 192.168.0.200 nameserver 192.168.0.201
Yanzu, tabbatar da ip, sunan mai masauki da duban uwar garken suna.
$ ifconfig | grep inet $ hostname $ nslookup tecmintlocal.com
Yanzu, duba gaba & Juya binciken DNS ta amfani da.
$ dig masterdns.tecmintlocal.com $ dig -x 192.168.0.200
Fahimtar abin tono:
- Header - Wannan yana faɗi duk abin da muka tambaya da kuma yadda sakamakon ya kasance.
- Hala – Matsayin ba ERROR ba ne, ma'ana wacce buƙatar da muka aiko ta yi nasara ba tare da wani KUSKURE ba.
- Tambaya - Tambayar da muka yi, a nan tambayata ta kasance masterdns.tecmintlocal.com.
- Amsa - An warware buƙatar tambayar idan akwai bayanai.
- Ikilisiya - Amsar sabar suna don yanki da yanki.
- Ƙari - Ƙarin bayani game da sabar suna kamar sunan mai masauki da adireshin IP.
- Lokacin tambaya - Yaya tsawon lokacin da aka ɗauka don magance sunaye daga sabar da ke sama.
A ƙarshe bincika kumburin mu kuma yi ping.
$ dig node1.tecmintlocal.com
$ ping masterdns.tecmintlocal.com -c 2 $ ping slavedns.tecmintlocal.com -c 2 $ ping 192.168.0.200 -c 2 $ ping 192.168.0.201 -c 2
A ƙarshe, an kammala saitin, a nan mun daidaita duka Primary (Master) da Slave (Na biyu) uwar garken DNS cikin nasara, da fatan kowa ya yi saitin-ed ba tare da wata matsala ba, jin daɗin sauke sharhi idan kun fuskanci kowace matsala yayin saitin.