Kafa Bulla A Matsayin Keɓaɓɓen Server na Server akan RHEL 8


Sunan Yankin Yanki (DNS) hanya ce da ake amfani da ita don fassara sunayen yanki-da ake iya karantawa (ko Sunayen Sunayen Cikakke (FQDN)) zuwa adiresoshin IP da ake iya karantawa, don gano kwamfuta a cikin hanyar sadarwa kamar Intanet.

A cikin tsarin kwamfuta da tsarin sadarwar, wannan ya zama dole saboda, kodayake FQDNs suna da sauƙi ga ɗan adam ya tuna kuma ya yi amfani da shi, kwamfutoci (abokan ciniki) suna samun damar albarkatu ko ayyuka a kan wasu kwamfutocin (sabobin) dangane da adiresoshin IP.

Dangane da wannan, uwar garken DNS (wanda aka fi sani da suna uwar garke) yana riƙe da kundin adireshi na FQDNs kuma yana fassara su zuwa adiresoshin IP; Hakanan yana iya dawo da adireshin IP lokacin da aka samar da sunan masauki/FQDN. Akwai nau'ikan sabobin DNS daban-daban ciki har da uwar garken suna mai iko, caching sunan uwar garke da sauransu da yawa.

A cikin wannan labarin, za mu bi ku cikin matakan don girka da saita mai zaman kansa/ciki, uwar garken DNS mai ƙarfi akan RHEL 8 ta amfani da BIND buɗe tushen software.

  1. RHEL 8 tare da Instananan Shigowa
  2. RHEL 8 tare da Subsaddamar Biyan Kuɗi na RedHat
  3. RHEL 8 tare da Adireshin IP tsaye

Domain: tecmint.lan
DNS Server IP and hostname: 192.168.56.100, dns-primary.tecmint.lan
DNS Client IP and hostname: 192.168.56.104, tecmint.tecmint.lan

Mataki 1: Shigar da Bind DNS akan RHEL 8

1. Don girka ɗaure da masarrafan sa akan sabarka, gudanar da aikin cdnf mai zuwa.

# dnf install bind bind-utils

2. Na gaba, fara hidimar DNS a yanzu, sa'annan a bashi damar fara-farawa a tsarin boot sannan a duba idan ya tashi kuma yana aiki ta amfani da umarnin systemctl.

# systemctl start named
# systemctl enable named
# systemctl status named

Mataki 2: Harhadawa BIND DNS akan RHEL 8

3. Don saita Bind DNS uwar garken, da farko kuna buƙatar ɗaukar madadin fayil ɗin sanyi na asali /etc/named.conf ta amfani da bin umarnin cp.

# cp /etc/named.conf /etc/named.conf.orig

4. Yanzu bude /etc/named.conf fayil na daidaitawa don gyara ta amfani da editan rubutun layin da kuka fi so kamar haka.

# vi /etc/named.conf 

A ƙarƙashin sashin daidaitawa , yi sharhi kan waɗannan layukan masu zuwa.

options {
        #listen-on port 53 { 127.0.0.1; };
        #listen-on-v6 port 53 { ::1; };
        directory       "/var/named";

5. Na gaba, nemi sigar allow-query saika saita darajarta zuwa ga hanyar sadarwarka, wanda ke nufin cewa runduna ne kawai a cikin hanyar sadarwar ka zasu iya tambayar uwar garken DNS.

allow-query  {localhost; 192.168.56.0/24}

Mataki na 3: Creatirƙirar Yankin DNS na Gaba da Sauya

Yankin Gaba shine inda aka adana sunan mai masauki (ko FQDN) zuwa dangantakar adireshin IP; yana dawo da adireshin IP ta amfani da sunan masauki. Lura cewa tambayoyin DNS na yau da kullun sune tambayoyin neman gaba. A gefe guda, Yankin Juyin baya ya dawo da FQDN na mai masauki dangane da adireshin IP ɗin sa.

6. Don ayyana yankuna na gaba da masu juyawa, ƙara layuka masu zuwa a ƙarshen fayil ɗin /etc/named.conf.

//forward zone 
zone "tecmint.lan" IN { 
     type master; 
     file "tecmint.lan.db"; 
     allow-update { none; }; 
    allow-query {any; }
}; 
//backward zone 
zone "56.168.192.in-addr.arpa" IN { 
     type master; 
     file "tecmint.lan.rev"; 
     allow-update { none; }; 
    allow-query { any; }
};

Bari mu ɗan bayyana zaɓuɓɓuka a cikin abubuwan daidaitawa na yankin da ke sama:

  • rubuta: Yana bayyana aikin wannan sabar don yankin. “Imar “master” na nufin uwar garke ce mai izini inda aka kiyaye babban kwafin bayanan yankin.
  • fayil: yana ƙayyade fayil ɗin bayanan yankin.
  • ba da izini-sabuntawa: ya bayyana rundunonin da suka ba da izinin ƙaddamar da sabuntawar Dynamic DNS don manyan yankuna Babu wani a cikin wannan yanayin.

Mataki na 4: Creatirƙirar Fayil ɗin Yankin DNS na gaba

7. Da farko, ƙirƙiri fayil na Forward zone a ƙarƙashin adireshin/var/mai suna.

# vi /var/named/tecmint.lan.db

Sanya saitin mai zuwa a ciki.

$TTL 86400
@ IN SOA dns-primary.tecmint.lan. admin.tecmint.lan. (
    2019061800 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL
)

;Name Server Information
@ IN NS dns-primary.tecmint.lan.

;IP for Name Server
dns-primary IN A 192.168.56.100

;A Record for IP address to Hostname 
www IN A 192.168.56.5
mail IN A 192.168.56.10
docs  IN A 192.168.56.20

Bari mu ɗan bayyana ma'anar yankin da ke taƙaice da sigogi.

  • TTL: yana ƙayyade lokacin-rayuwa na RR da umarnin $TTL suna ba da TTL ta tsoho ga kowane RR ba tare da takamaiman saitin TTL ba.
  • @: Sunan laƙabi ne na sunan yankin (misali tecmint.lan) wanda aka bayyana a cikin babban fayil ɗin daidaitawa.
  • IN: yana nufin Intanit.
  • SOA: yana ƙayyade Farawar Hukuma: wanene sabar sunan mai iko (dns-primary.tecmint.lan), bayanin tuntuɓar mai gudanarwa (admin.tecmint.lan, an maye gurbin alamar @ da wani lokaci) da sauran alaƙa bayani.
  • NS: yana nufin sabar suna.
  • Serial: wannan ƙimar da uwar garken DNS ke amfani da ita don tabbatar da cewa abubuwan da ke cikin takamaiman fayil ɗin yanki sun kasance na yau da kullun.
  • Shaƙatar: yana bayyana sau nawa bawa saba DNS zai yi canja wuri daga maigidan.
  • Sake gwadawa: yana bayyana sau nawa bawa zai sake gwada canjin yankin da bai yi nasara ba.
  • ireare: yana ƙayyade tsawon lokacin da sabar bawa zai jira kafin ya amsa tambayar abokin ciniki lokacin da ba a iya samun maigidan.
  • Mafi karanci: saita mafi ƙarancin TTL don yankin.
  • A: Adireshin mai masaukin baki.

Mataki 5: ingirƙirar Fayil ɗin Yankin Baya

8. Misali, ƙirƙirar fayil ɗin juye baya a ƙarƙashin kundin adireshin/var/mai suna.

# vi /var/named/tecmint.lan.rev

Sannan kara layi nan gaba a ciki. Anan, PTR kishiyar Rikodin da ake amfani dashi don tsara adireshin IP zuwa sunan mai masauki.

$TTL 86400
@ IN SOA dns-primary.tecmint.lan. admin.tecmint.lan. (
    2019061800 ;Serial
    3600 ;Refresh
    1800 ;Retry
    604800 ;Expire
    86400 ;Minimum TTL
)
;Name Server Information
@ IN NS dns-primary.tecmint.lan.

;Reverse lookup for Name Server
100 IN PTR dns-primary.tecmint.lan.

;PTR Record IP address to HostName
5 IN PTR www.tecmint.lan.
10 IN PTR mail.tecmint.lan.
20 IN PTR docs.tecmint.lan.

9. Kafa daidaiton ikon mallakar mallaka akan fayilolin shiyya kamar haka.

# chown :named /var/named/tecmint.lan.db
# chown :named /var/named/tecmint.lan.rev

10. A ƙarshe, bincika tsarin daidaitawar DNS kuma fayilolin yankin suna da daidaitattun kalmomi bayan yin canje-canje na sama, ta amfani da mai amfani-checkconf mai amfani (babu ma'ana babu kuskure):

# named-checkconf
# named-checkzone tecmint.lan /var/named/tecmint.lan.db
# named-checkzone 192.168.56.100 /var/named/tecmint.lan.rev

11. Da zarar ka gama duk abinda ya dace, to kana bukatar sake kunna sabis na DNS don sauye-sauyen kwanan nan su fara aiki.

# systemctl restart named

12. Na gaba, kafin kowane kwastomomi ya sami damar shiga ayyukan sabis na DNS akan sabar, kuna buƙatar ƙara sabis ɗin DNS a cikin tsarin Firewall na tsarin sannan ku sake shigar da saitunan bango ta amfani da Firewall-cmd mai amfani, kamar haka:

# firewall-cmd --permanent --zone=public --add-service=dns 
# firewall-cmd --reload

Mataki na 6: Gwada Sabis ɗin DNS Daga Abokin Ciniki

13. A wannan ɓangaren, zamu nuna yadda ake gwada sabis ɗin DNS daga ɓangaren abokin ciniki. Shiga cikin mashin ɗin abokin ciniki, saita shi don amfani da sabar DNS ɗin da ke sama. A kan tsarin Linux, buɗe fayil /etc/resolve.conf ta amfani da editan rubutun da kuka fi so.

# vi /etc/resolve.conf 

Theara shigarwa mai zuwa a ciki, wanda ke gaya wa mai yanke shawara ya yi amfani da takamammen sunan mai ba da sunan.

nameserver  192.168.56.100

Adana fayil ɗin kuma rufe shi. Lura cewa ku ma ku saka sabar DNS a cikin fayil ɗin daidaitawar hanyar sadarwa.

14. Addara sabobin DNS IP 192.168.56.100 azaman mai yanke hukunci ga masarrafar masarrafar masarrafar masarrafar duba fayil/sauransu/sysconfig/rubutun-hanyar sadarwa/ifcfg-enp0s3 kamar yadda aka nuna a cikin wannan adadi.

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s3
UUID=aba298ca-fa65-48cd-add9-6c3f1f28cee2
DEVICE=enp0s3
ONBOOT=no
DNS=192.168.56.100

15. Sannan kayi amfani da amfani na nslookup don tambayar IP ta amfani da sunan masauki da kuma akasin haka, na www, mail da docs sabobin a cikin hanyar sadarwar ka kamar yadda aka nuna.

# nslookup 192.168.56.5
# nslookup www.tecmint.lan
# nslookup 192.168.56.10
# nslookup mail.tecmint.lan
# nslookup 192.168.56.20
# nslookup docs.tecmint.lan
# nslookup 192.168.56.100
# nslookup dns-primary.tecmint.lan

A cikin wannan labarin, mun nuna yadda ake girka da saita mai zaman kansa, mai amfani da sabar DNS akan RHEL 8 ta amfani da software na BIND. Muna fatan komai yayi aiki mai kyau a gare ku, in ba haka ba, aiko mana da tambayoyinku ko wani tsokaci ta hanyar hanyar ba da amsa da ke ƙasa.