Yadda ake Shigar da Sanya Cache Kawai DNS Server tare da Unbound a RHEL/CentOS 7


Caching sabobin suna ta amfani da 'Unbound' ( shine ingantaccen, mai maimaitawa, da caching software na uwar garken DNS ), baya cikin RHEL/CentOS 6.x (inda x shine lambar sigar), mun yi amfani da daura software don saita sabar DNS.

Anan a cikin wannan labarin, za mu yi amfani da software na caching 'unbound' don shigarwa da daidaita Sabar DNS a cikin tsarin RHEL/CentOS 7.

Ana amfani da sabar cache na DNS don warware duk wata tambaya ta DNS da suka karɓa. Idan uwar garken ta ɓoye tambayar kuma a nan gaba irin tambayoyin da kowane abokin ciniki ya buƙaci buƙatun za a isar da shi daga cache DNS ''unbound', ana iya yin wannan a cikin milliseconds fiye da lokacin farko da aka warware.

Caching kawai zai yi aiki azaman wakili don warware tambayar abokin ciniki daga kowane ɗayan masu turawa. Yin amfani da uwar garken caching, zai rage lokacin lodawa na shafukan yanar gizo ta hanyar adana bayanan cache a cikin uwar garken da ba a ɗaure ba.

Don dalilai na nunawa, zan yi amfani da tsarin biyu. Tsarin farko zai yi aiki azaman uwar garken DNS na Master (Primary) kuma tsarin na biyu zai yi aiki azaman abokin ciniki na DNS na gida.

Operating System   :    CentOS Linux release 7.0.1406 (Core)
IP Address	   :	192.168.0.50
Host-name	   :	ns.tecmintlocal.com
Operating System   :	CentOS 6
IP Address	   :	192.168.0.100
Host-name	   :	client.tecmintlocal.com

Mataki 1: Duba sunan Mai watsa shiri da IP

1. Kafin kafa uwar garken DNS mai caching, tabbatar da cewa kun ƙara daidai sunan mai masauki da kuma daidaita daidaitaccen adireshin IP na tsarin ku, idan ba a saita adireshin IP na tsarin ba.

2. Bayan, saita daidai sunan mai masauki da adireshin IP na tsaye, zaku iya tabbatar da su tare da taimakon bin umarni.

# hostnamectl
# ip addr show | grep inet

Mataki na 2: Shigarwa da daidaita Unbound

3. Kafin shigar da kunshin 'Unbound', dole ne mu sabunta tsarin mu zuwa sabon sigar, bayan haka zamu iya shigar da kunshin da ba a ɗaure ba.

# yum update -y
# yum install unbound -y

4. Bayan an shigar da kunshin, yi kwafin fayil ɗin sanyi wanda ba a ɗaure ba kafin yin kowane canje-canje ga fayil na asali.

# cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.original

5. Na gaba, yi amfani da kowane editan rubutu da kuka fi so don buɗewa da shirya fayil ɗin sanyi 'unbound.conf'.

# vim /etc/unbound/unbound.conf

Da zarar an buɗe fayil ɗin don gyarawa, yi canje-canje masu zuwa:

Nemo Interface sannan a ba da damar hanyar sadarwa da za mu yi amfani da ita ko kuma idan uwar garken namu tana da hanyoyin sadarwa da yawa dole ne mu kunna interface 0.0.0.0.

Anan IP ɗin uwar garken mu ya kasance 192.168.0.50, Don haka, zan yi amfani da unbound a cikin wannan keɓancewa.

Interface 192.168.0.50

Nemo kirtani mai zuwa kuma sanya shi ''Ee'.

do-ip4: yes
do-udp: yes
do-tcp: yes

Don kunna log ɗin, ƙara m kamar yadda yake ƙasa, zai shiga kowane ayyukan da ba a ɗaure ba.

logfile: /var/log/unbound

Kunna sigina masu biyowa don ɓoye id.server da hostname.bind tambayoyin.

hide-identity: yes

Kunna sigina mai zuwa don ɓoye version.server da version.bind tambayoyin.

hide-version: yes

Sannan bincika access-control don ba da izini. Wannan don ba da damar waɗanne abokan ciniki aka ba su damar tambayar wannan uwar garken da ba a ɗaure ba.

Anan na yi amfani da 0.0.0.0, ma'ana kowa ya aika tambaya zuwa wannan uwar garken. Idan muna buƙatar ƙin tambayar wasu kewayon hanyar sadarwa za mu iya ayyana wace cibiyar sadarwa ke buƙatar ƙi daga tambayoyin da ba a ɗaure ba.

access-control: 0.0.0.0/0 allow

Lura: Maimakon ba da izini, za mu iya maye gurbinsa da allow_snoop wannan zai ba da damar wasu ƙarin sigogi kamar dina kuma yana goyan bayan duka masu maimaitawa da marasa maimaitawa.

Sannan a nemo yankin-marasa tsaro. Idan yankin mu yana aiki tare da maɓallai na biyu na DNS, muna buƙatar ayyana sabar mu don yankin-marasa tsaro. Anan za a kula da yankin mu a matsayin mara tsaro.

domain-insecure: "tecmintlocal.com

Sannan canza forwarders don tambayar da muke nema ba ta cika ta wannan uwar garken ba zai tura zuwa tushen yankin (.) sannan a warware tambayar.

forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4

A ƙarshe, ajiye kuma barin fayil ɗin daidaitawa ta amfani da wq!.

6. Bayan yin daidaitawar da ke sama, yanzu tabbatar da fayil ɗin unbound.conf don kowane kurakurai ta amfani da umarni mai zuwa.

# unbound-checkconf /etc/unbound/unbound.conf

7. Bayan tabbatar da fayil ɗin ba tare da wani kurakurai ba, za ku iya sake farawa da sabis ɗin 'unbound' a amince kuma ku kunna shi a farkon tsarin.

# systemctl start unbound.service
# sudo systemctl enable unbound.service

Mataki 3: Gwada Cache na DNS a gida

8. Yanzu lokaci ya yi da za mu bincika cache ɗin mu na DNS, ta hanyar yin ‘drill’ (query) ɗaya ‘india.com’ domain. Da farko sakamakon umarni na 'drill' na yankin 'india.com' zai ɗauki wasu millise seconds, sa'an nan kuma yi rawar jiki na biyu kuma a sami bayanin kula akan Lokacin Tambaya yana ɗaukar duka biyun.

drill india.com @192.168.0.50

Shin kun ga a cikin fitarwar da ke sama, tambayar farko an ɗauki kusan 262 msec don warwarewa kuma tambaya ta biyu tana ɗaukar 0 msec don warware yankin (india.com b>).

Wannan yana nufin, tambaya ta farko tana samun cache a cikin cache ɗin mu na DNS, don haka lokacin da muka gudanar da 'drill' a karo na biyu tambayar ta yi aiki daga cache ɗin mu na gida, ta wannan hanyar za mu iya inganta saurin loda gidajen yanar gizo.

Mataki 4: Flush Iptables kuma Ƙara Dokokin Firewalld

9. Ba za mu iya amfani da duka iptables da firewalld a lokaci guda a kan na'ura ɗaya ba, idan muka yi duka biyu za su yi rikici da juna, don haka cire dokokin ipables zai zama kyakkyawan ra'ayi. Don cire ko ja da iptables, yi amfani da umarni mai zuwa.

# iptables -F

10. Bayan cire iptables dokokin har abada, yanzu ƙara da DNS sabis zuwa Firewalld jerin dindindin.

# firewall-cmd --add-service=dns
# firewall-cmd --add-service=dns --permanent

11. Bayan ƙara dokokin sabis na DNS, jera dokoki kuma tabbatar.

# firewall-cmd --list-all

Mataki 5: Sarrafa da Shirya matsala Unbound

12. Don samun matsayin uwar garken na yanzu, yi amfani da umarni mai zuwa.

# unbound-control status

13. Idan idan kuna son samun jujjuya bayanan cache na DNS a cikin fayil ɗin rubutu, zaku iya tura shi zuwa wasu fayil ta amfani da umarnin ƙasa don amfani gaba.

 # unbound-control dump_cache > /tmp/DNS_cache.txt

14. Don mayar ko shigo da cache daga fayil ɗin da aka zubar, zaku iya amfani da umarni mai zuwa.

# unbound-control dump_cache < /tmp/DNS_cache.txt

15. Don bincika ko masu tura mu sun warware takamaiman adireshin a cikin uwar garken cache, yi amfani da umarnin da ke ƙasa.

# unbound-control lookup google.com

16. Wasu lokuta idan uwar garken cache namu na DNS ba zai amsa tambayarmu ba, a halin yanzu za mu iya amfani da shi don goge cache don cire bayanai kamar su A, AAA, >NS, SO, CNAME, MX, PTR da sauransu.. rikodin daga cache DNS. Za mu iya cire duk bayanan ta amfani da flush_zone wannan zai cire duk bayanan.

# unbound-control flush linux-console.net
# unbound-control flush_zone tecmintlocal.com

17. Don duba waɗanne turawa ake amfani da su a halin yanzu don warwarewa.

# unbound-control list_forwards

Mataki 6: Kanfigareshan Side na Abokin Ciniki

18. Anan na yi amfani da uwar garken CentOS 6 azaman injin abokin ciniki na, IP don wannan injin shine 192.168.0.100 kuma zan yi amfani da sabar DNS na IP mara iyaka. (watau Primary DNS) a cikin tsarin dubawar sa.

Shiga cikin injin abokin ciniki kuma saita Sabar uwar garken DNS ta IP zuwa IP ɗin sabar mu mara iyaka.

Gudanar da umarnin saitin kuma zaɓi tsarin cibiyar sadarwa daga TUI mai sarrafa cibiyar sadarwa.

Daga nan sai a zabi tsarin DNS, saka IP din uwar garken DNS mara iyaka a matsayin Primary DNS, amma a nan na yi amfani da su duka a Primary da Secondary. saboda ba ni da wani uwar garken DNS.

Primary DNS	: 192.168.0.50
Secondary DNS	: 192.168.0.50

Danna Ok -> Ajiye&Bata -> Ajiye.

19. Bayan ƙara Primary da Sakandare DNS adiresoshin IP, yanzu lokaci ya yi da za a sake kunna cibiyar sadarwa ta amfani da bin umarni.

# /etc/init.d/network restart

20. Yanzu lokaci don samun dama ga kowane ɗayan gidan yanar gizon daga injin abokin ciniki kuma bincika cache a uwar garken DNS mara iyaka.

# elinks aol.com
# dig aol.com

Kammalawa

Tun da farko an yi amfani da mu don saita uwar garken cache na DNS ta amfani da kunshin ɗaure a cikin tsarin RHEL da CentOS. Yanzu, mun ga yadda ake saita uwar garken cache na DNS ta amfani da kunshin da ba a ɗaure ba. Fata wannan zai warware buƙatarku da sauri fiye da fakitin ɗaure.