Wata rana na fuskanci aikin ba wa ɗaya daga cikin abokan ciniki yancin gyara bayanan PTR na /28 subnet da aka ba shi. Ba ni da aiki da kai don gyara saitunan BIND daga waje. Saboda haka, na yanke shawarar ɗaukar wata hanya dabam - don ba wa abokin ciniki wani yanki na yankin PTR na subnet / 24.
Zai yi kama - menene zai iya zama mafi sauƙi? Mu kawai muna yin rajistar subnet kamar yadda ake buƙata kuma mu kai shi zuwa NS da ake so, kamar yadda ake yi tare da yanki. Amma a'a. Ba haka ba ne mai sauƙi (ko da yake a gaskiya shi ne gabaɗaya na farko, amma hankali ba zai taimaka ba), shi ya sa nake rubuta wannan labarin.
Duk wanda yake son gane shi da kansa zai iya karantawa
Wanene yake son maganin da aka shirya, maraba ga cat.
Don kar a jinkirta masu son hanyar kwafin-paste, zan fara sanya sashin aiki na farko, sannan sashin ka'idar.
1. Aiki. Yankin wakilci /28
Bari mu ce muna da subnet 7.8.9.0/24. Muna bukatar mu wakilta subnet 7.8.9.240/28 zuwa abokin ciniki dns 7.8.7.8 (ns1.abokin ciniki.domain).
A kan DNS na mai bayarwa kuna buƙatar nemo fayil ɗin da ke bayyana juzu'in wannan rukunin yanar gizon. Bari kawai 9.8.7.in-adr.arpa.
Muna yin sharhi game da shigarwar daga 240 zuwa 255, idan akwai. Kuma a ƙarshen fayil ɗin muna rubuta kamar haka:
255-240 IN NS 7.8.7.8
$GENERATE 240-255 $ CNAME $.255-240kar ka manta da ƙara serial zone kuma yi
rndc reloadWannan yana kammala sashin mai bayarwa. Bari mu matsa zuwa abokin ciniki DNS.
Da farko, bari mu ƙirƙiri fayil /etc/bind/master/255-240.9.8.7.in-addr.arpa abun ciki mai zuwa:
$ORIGIN 255-240.9.8.7.in-addr.arpa.
$TTL 1W
@ 1D IN SOA ns1.client.domain. root.client.domain. (
2008152607 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.client.domain.
@ IN NS ns2.client.domain.
241 IN PTR test.client.domain.
242 IN PTR test2.client.domain.
245 IN PTR test5.client.domain.
Kuma a cikin mai suna.conf ƙara bayanin sabon fayil ɗin mu:
zone "255-240.9.8.7.in-addr.arpa." IN {
type master;
file "master/255-240.9.8.7.in-addr.arpa";
};B zata sake farawa tsarin ɗaure.
/etc/init.d/named restartDuka. Yanzu zaku iya dubawa.
#> host 7.8.9.245
245.9.8.7.in-addr.arpa is an alias for 245.255-240.9.8.7.in-addr.arpa.
245.255-240.9.8.7.in-addr.arpa domain name pointer test5.client.domain.Lura cewa ba kawai rikodin PTR ba ne, har ma da CNAME. Haka yakamata ya kasance. Idan kuna mamakin dalili, to ku maraba da zuwa babi na gaba.
2. Ka'idar. Yadda yake aiki.
Yana da wahala a saita da kuma gyara akwatin baƙar fata. Zai fi sauƙi idan kun fahimci abin da ke faruwa a ciki.
Lokacin da muka wakilta reshen yanki a cikin yanki yankin, sai mu rubuta wani abu kamar haka:
client.domain. NS ns1.client.domain.
ns1.client.domain. A 7.8.7.8Muna gaya wa duk wanda ya tambaya cewa ba mu da alhakin wannan yanki kuma mu gaya wa wanda ke da alhakin. Kuma duk buƙatun don abokin ciniki.domain tura zuwa 7.8.7.8. Lokacin dubawa, muna ganin hoton da ke gaba (za mu bar abin da abokin ciniki ke da shi a can. Ba kome):
# host test.client.domain
test.client.domain has address 7.8.9.241Wadancan. an sanar da mu cewa akwai irin wannan rikodin kuma ip shine 7.8.9.241. Babu bayanin da ba dole ba.
Ta yaya za a iya yin irin wannan abu tare da subnet?
Domin Sabar uwar garken DNS ɗinmu tana cikin RIPE, sannan lokacin neman adireshin IP na PTR daga hanyar sadarwar mu, buƙatar farko za ta kasance gare mu har yanzu. Hankalin daidai yake da na yanki. Amma ta yaya ake shigar da subnet a cikin fayil na yanki?
Mu yi kokarin shigar da shi kamar haka:
255-240 IN NS 7.8.7.8Kuma ... abin al'ajabi bai faru ba. Ba mu karɓar kowane buƙatun buƙatu ba. Abun shine cewa ɗaure bai ma san cewa waɗannan shigarwar a cikin fayil ɗin juzu'i ba adireshi ne na IP, har ma fiye da haka baya fahimtar shigarwar kewayon. A gare shi, wannan kawai wani nau'in yanki ne na alama. Wadancan. domin daure ba za a sami bambanci tsakanin ba"255-240"Kuma"babban abokinmu". Kuma domin buqatar ta je inda ake buqatar zuwa, adireshin da ke cikin buqatar ya kasance kamar haka: 241.255-240.9.8.7.in-addr.arpa. Ko kuma kamar wannan idan muka yi amfani da yankin yanki na hali: 241. babban abokinmu.9.8.7.in-addr.arpa. Wannan ya bambanta da na yau da kullun: 241.9.8.7.in-adr.arpa.
Zai yi wuya a yi irin wannan buƙatar da hannu. Kuma ko da yana aiki, har yanzu ba a san yadda za a yi amfani da shi a rayuwa ta ainihi ba. Bayan haka, akan buƙata 7.8.9.241 DNS mai bayarwa har yanzu yana amsa mana, ba na abokin ciniki ba.
Kuma a nan ne suka shiga wasa CNAME.
A gefen mai bayarwa, kuna buƙatar yin laƙabi ga duk adiresoshin IP na rukunin yanar gizo a cikin tsarin da zai tura buƙatun ga abokin ciniki DNS.
255-240 IN NS ns1.client.domain.
241 IN CNAME 241.255-240
242 IN CNAME 242.255-240
и т.д.
Wannan don masu aiki ne =).
Kuma ga malalaci, ƙirar da ke ƙasa ya fi dacewa:
255-240 IN NS ns1.client.domain.
$GENERATE 240-255 $ CNAME $.255-240Yanzu nemi bayani a 7.8.9.241 daga 241.9.8.7.in-adr.arpa a kan uwar garken DNS na mai bayarwa za a canza zuwa 241.255-240.9.8.7.in-addr.arpa kuma yana zuwa abokin ciniki na DNS.
Bangaren abokin ciniki zai buƙaci ɗaukar irin waɗannan buƙatun. Saboda haka, muna ƙirƙirar yanki 255-240.9.8.7.in-addr.arpa. A ciki, zamu iya, a ka'ida, sanya bayanan baya ga kowane ip na gaba ɗaya / 24 subnet, amma za su tambaye mu kawai game da waɗanda mai bayarwa ya tura mana, don haka ba za mu iya yin wasa a kusa ba =).
Don misalta, zan sake ba da misalin abubuwan da ke cikin fayil ɗin juzu'i daga ɓangaren abokin ciniki:
$ORIGIN 255-240.9.8.7.in-addr.arpa.
$TTL 1W
@ 1D IN SOA ns1.client.domain. root.client.domain. (
2008152607 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.client.domain.
@ IN NS ns2.client.domain.
241 IN PTR test.client.domain.
242 IN PTR test2.client.domain.
245 IN PTR test5.client.domain.
Domin muna amfani da CNAME a gefen mai badawa, kuma don amsa buƙatun bayanai ta adireshin IP muna karɓar bayanai guda biyu, ba ɗaya ba.
#> host 7.8.9.245
245.9.8.7.in-addr.arpa is an alias for 245.255-240.9.8.7.in-addr.arpa.
245.255-240.9.8.7.in-addr.arpa domain name pointer test5.client.domain.
Kuma kar a manta da daidaita ACL daidai. Domin ba shi da ma'ana don ɗaukar yankin PTR don kanka kuma kada ku amsa wa kowa daga waje =).
source: www.habr.com