ለትምህርቱ ተማሪዎች የተዘጋጀውን ጽሑፍ ትርጉም
በዚህ ጽሑፍ ውስጥ የዲኤንኤስ አገልጋይን በ RHEL 7 ወይም CentOS 7 ላይ ለማዋቀር በደረጃዎች ውስጥ እመራችኋለሁ. ለሠርቶ ማሳያው Red Hat Enterprise Linux 7.4 ተጠቀምኩ. ግባችን ለቀጣይ እና ለተገላቢጦሽ ፍለጋ ዞኖች አንድ ሪከርድ እና አንድ የPTR ሪከርድ መፍጠር ነው።
በመጀመሪያ ለዲ ኤን ኤስ አገልጋይ አስፈላጊውን የ rpm ፓኬጆችን ይጫኑ።
ማስታወሻ፡ ለ RHEL ሊኖርህ ይገባል።
# yum install bind bind-chroot caching-nameserver
የእኔ ቅንብሮች፡-
# hostname
golinuxhub-client.example
Мой IP-адрес 192.168.1.7
# ip address | egrep 'inet.*enp0s3'
inet 192.168.1.7/24 brd 192.168.1.255 scope global dynamic enp0s3
chroot የምንጠቀመው ስለሆነ አገልግሎቱን ማሰናከል አለብን።
# systemctl stop named
# systemctl disable named
ከዚያ አስፈላጊዎቹን ፋይሎች ወደ chroot ማውጫ ይቅዱ።
ማስታወሻ. ክርክር ተጠቀም -p በቡድን ውስጥ cp መብቶችን እና ባለቤቶችን ለመጠበቅ.
[root@golinuxhub-client ~]# cp -rpvf /usr/share/doc/bind-9.9.4/sample/etc/* /var/named/chroot/etc/
‘/usr/share/doc/bind-9.9.4/sample/etc/named.conf’ -> ‘/var/named/chroot/etc/named.conf’
‘/usr/share/doc/bind-9.9.4/sample/etc/named.rfc1912.zones’ -> ‘/var/named/chroot/etc/named.rfc1912.zones’
ከዚያ ከዞኑ ጋር የተያያዙ ፋይሎችን ወደ አዲስ ቦታ ይቅዱ.
[root@golinuxhub-client ~]# cp -rpvf /usr/share/doc/bind-9.9.4/sample/var/named/* /var/named/chroot/var/named/
‘/usr/share/doc/bind-9.9.4/sample/var/named/data’ -> ‘/var/named/chroot/var/named/data’
‘/usr/share/doc/bind-9.9.4/sample/var/named/my.external.zone.db’ -> ‘/var/named/chroot/var/named/my.external.zone.db’
‘/usr/share/doc/bind-9.9.4/sample/var/named/my.internal.zone.db’ -> ‘/var/named/chroot/var/named/my.internal.zone.db’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.ca’ -> ‘/var/named/chroot/var/named/named.ca’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.empty’ -> ‘/var/named/chroot/var/named/named.empty’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.localhost’ -> ‘/var/named/chroot/var/named/named.localhost’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.loopback’ -> ‘/var/named/chroot/var/named/named.loopback’
‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves’ -> ‘/var/named/chroot/var/named/slaves’
‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.ddns.internal.zone.db’ -> ‘/var/named/chroot/var/named/slaves/my.ddns.internal.zone.db’
‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.slave.internal.zone.db’ -> ‘/var/named/chroot/var/named/slaves/my.slave.internal.zone.db’
```bash
Теперь давайте посмотрим на основной файл конфигурации.
```bash
# cd /var/named/chroot/etc/
የname.conf ይዘቶችን ያጽዱ እና የሚከተለውን ይለጥፉ።
[root@golinuxhub-client etc]# vim named.conf
options {
listen-on port 53 { 127.0.0.1; any; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view my_resolver {
match-clients { localhost; any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
የዞን ልዩ መረጃ መታከል አለበት። /var/named/chroot/etc/named.rfc1912.zones. ከታች ያሉትን ግቤቶች ያክሉ። የ example.zone ፋይል ወደፊት ፍለጋ ዞን ፋይል ነው፣ እና ምሳሌ.rzone - የተገላቢጦሽ ዞን ፋይል.
ጠቃሚ ማሳሰቢያ፡ የአይ ፒ አድራሻዬ 1.168.192 ስለሆነ የተገላቢጦሽ ፍተሻ ዞን 192.168.1.7 ይዟል።
zone "example" IN {
type master;
file "example.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "example.rzone";
allow-update { none; };
};
ከዞኖች ጋር የተያያዙ ፋይሎች እዚህ ይገኛሉ፡-
# cd /var/named/chroot/var/named/
በመቀጠል, ወደፊት እና የተገላቢጦሽ ዞኖች ፋይሎችን እንፈጥራለን. የፋይል ስሞች በፋይሉ ውስጥ ከላይ ካለው ጋር ተመሳሳይ ይሆናሉ የተሰየመ.rfc1912.ዞኖች. ልንጠቀምባቸው የምንችላቸው በርካታ ነባሪ አብነቶች አሉን።
# cp -p named.localhost example.zone
# cp -p named.loopback example.rzone
እንደምታየው፣ በሁሉም ፋይሎች እና ማውጫዎች ላይ ያሉት ፈቃዶች የየራሳቸው ናቸው። ሥር.
[root@golinuxhub-client named]# ll
total 32
drwxr-xr-x. 2 root root 6 May 22 2017 data
-rw-r--r--. 1 root root 168 May 22 2017 example.rzone
-rw-r--r--. 1 root root 152 May 22 2017 example.zone
-rw-r--r--. 1 root root 56 May 22 2017 my.external.zone.db
-rw-r--r--. 1 root root 56 May 22 2017 my.internal.zone.db
-rw-r--r--. 1 root root 2281 May 22 2017 named.ca
-rw-r--r--. 1 root root 152 May 22 2017 named.empty
-rw-r--r--. 1 root root 152 May 22 2017 named.localhost
-rw-r--r--. 1 root root 168 May 22 2017 named.loopback
drwxr-xr-x. 2 root root 71 Feb 12 21:02 slaves
ተጠቃሚውን እንደ ባለቤት ለማመልከት የሁሉም ፋይሎች ፈቃዶችን ይቀይሩ ሥር እና ቡድን የተባለ.
# chown root:named *
ግን ለመረጃ ባለቤቱ መሆን አለበት። የተሰየመ: የተሰየመ.
# chown -R named:named data
# ls -l
total 32
drwxr-xr-x. 2 named named 6 May 22 2017 data
-rw-r--r--. 1 root named 168 May 22 2017 example.rzone
-rw-r--r--. 1 root named 152 May 22 2017 example.zone
-rw-r--r--. 1 root named 56 May 22 2017 my.external.zone.db
-rw-r--r--. 1 root named 56 May 22 2017 my.internal.zone.db
-rw-r--r--. 1 root named 2281 May 22 2017 named.ca
-rw-r--r--. 1 root named 152 May 22 2017 named.empty
-rw-r--r--. 1 root named 152 May 22 2017 named.localhost
-rw-r--r--. 1 root named 168 May 22 2017 named.loopback
drwxr-xr-x. 2 root named 71 Feb 12 21:02 slaves
የሚከተለውን ይዘት ወደ የማስተላለፊያ ዞን ፋይልዎ ያክሉ። እዚህ ለ localhost (golinuxhub-client) እና ሌላ ለአገልጋዩ (golinuxhub-server) አንድ መዝገብ እንፈጥራለን።
# vim example.zone
$TTL 1D
@ IN SOA example. root (
1 ; serial
3H ; refresh
15M ; retry
1W ; expire
1D ) ; minimum
IN NS example.
IN A 192.168.1.7
golinuxhub-server IN A 192.168.1.5
golinuxhub-client IN A 192.169.1.7
በመቀጠል ይዘቱን ወደ የተገላቢጦሽ ዞን ፋይል ያክሉት. እዚህ ለ golinuxhub-ደንበኛ እና ለ golinuxhub-አገልጋይ የ PTR መዝገብ እንፈጥራለን።
# vim example.rzone
$TTL 1D
@ IN SOA example. root.example. (
1997022700 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ) ; minimum
IN NS example.
5 IN PTR golinuxhub-server.example.
7 IN PTR golinuxhub-client.example.
አገልግሎቱን ከመጀመራችን በፊት የተሰየመ-ክሩት፣ የዞኑን ፋይል አወቃቀር እንፈትሽ።
[root@golinuxhub-client named]# named-checkzone golinuxhub-client.example example.zone
zone golinuxhub-client.example/IN: loaded serial 1
OK
[root@golinuxhub-client named]# named-checkzone golinuxhub-client.example example.rzone
zone golinuxhub-client.example/IN: loaded serial 1997022700
OK
ሁሉም ነገር ጥሩ ይመስላል. አሁን የሚከተለውን ትዕዛዝ በመጠቀም የማዋቀሪያውን ፋይል ያረጋግጡ.
[root@golinuxhub-client named]# named-checkconf -t /var/named/chroot/ /etc/named.conf
ስለዚህ, ሁሉም ነገር በተሳካ ሁኔታ ተጠናቀቀ.
[root@golinuxhub-client named]# echo $?
0
ጠቃሚ ማሳሰቢያ፡ SELinux በተፈቀደ ሁነታ አለኝ
# getenforce
Permissive
ሁሉም ነገር ጥሩ ይመስላል፣ ስለዚህ አገልግሎታችንን የምንጀምርበት ጊዜ አሁን ነው። የተሰየመ-ክሩት .
[root@golinuxhub-client named]# systemctl restart named-chroot
[root@golinuxhub-client named]# systemctl status named-chroot
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2018-02-12 21:53:23 IST; 19s ago
Process: 5236 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 5327 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS)
Process: 5325 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 5330 (named)
CGroup: /system.slice/named-chroot.service
└─5330 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot
Feb 12 21:53:23 golinuxhub-client.example named[5330]: managed-keys-zone/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 0.in-addr.arpa/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.0.0.127.in-addr.arpa/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.168.192.in-addr.arpa/IN/my_resolver: loaded serial 1997022700
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone example/IN/my_resolver: loaded serial 1
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone localhost/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone localhost.localdomain/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: all zones loaded
Feb 12 21:53:23 golinuxhub-client.example named[5330]: running
```bash
Убедитесь, что resolv.conf содержит ваш IP-адрес, чтобы он мог работать в качестве DNS-сервера.
```bash
# cat /etc/resolv.conf
search example
nameserver 192.168.1.7
```bash
Давайте проверим наш DNS-сервер для обратной зоны, используя dig.
```bash
[root@golinuxhub-client named]# dig -x 192.168.1.5
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -x 192.168.1.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40331
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
5.1.168.192.in-addr.arpa. 86400 IN PTR golinuxhub-server.example.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS example.
;; ADDITIONAL SECTION:
example. 86400 IN A 192.168.1.7
;; Query time: 1 msec
;; SERVER: 192.168.1.7#53(192.168.1.7)
;; WHEN: Mon Feb 12 22:13:17 IST 2018
;; MSG SIZE rcvd: 122
እንደምታየው፣ ለጥያቄያችን (QUERY) አዎንታዊ ምላሽ (መልስ) አግኝተናል።
[root@golinuxhub-client named]# dig -x 192.168.1.7
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -x 192.168.1.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55804
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;7.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
7.1.168.192.in-addr.arpa. 86400 IN PTR golinuxhub-client.example.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS example.
;; ADDITIONAL SECTION:
example. 86400 IN A 192.168.1.7
;; Query time: 1 msec
;; SERVER: 192.168.1.7#53(192.168.1.7)
;; WHEN: Mon Feb 12 22:12:54 IST 2018
;; MSG SIZE rcvd: 122
ቀጥተኛውን ዞን በተመሳሳይ መንገድ ማረጋገጥ እንችላለን.
[root@golinuxhub-client named]# nslookup golinuxhub-client.example
Server: 192.168.1.7
Address: 192.168.1.7#53
Name: golinuxhub-client.example
Address: 192.169.1.7
[root@golinuxhub-client named]# nslookup golinuxhub-server.example
Server: 192.168.1.7
Address: 192.168.1.7#53
Name: golinuxhub-server.example
Address: 192.168.1.5
ይህ መጣጥፍ ትንሽ ጊዜ ያለፈበት ነው ምክንያቱም በ RHEL 7 ውስጥ የቢንዲ ማዋቀር ፋይሎችን ወደ chroot መቅዳት አያስፈልግዎትም።
ምንጭ: hab.com