ProHoster > Pūnaewele > Nā Administration > E hoʻohuli i ka hāʻawi ʻana i nā ʻāpana i lalo o /24 ma BIND. Pehea e hana ai

E hoʻohuli i ka hāʻawi ʻana i nā ʻāpana i lalo o /24 ma BIND. Pehea e hana ai

I kekahi lā, ua alo au i ka hana o ka hāʻawi ʻana i kekahi o kaʻu mau mea kūʻai aku i ke kuleana e hoʻoponopono i nā moʻolelo PTR o ka subnet /28 i hāʻawi ʻia iā ia. ʻAʻohe oʻu automation no ka hoʻoponopono ʻana i nā hoʻonohonoho BIND mai waho. No laila, ua hoʻoholo wau e hele i kahi ala ʻē aʻe - e hāʻawi i ka mea kūʻai aku i kahi ʻāpana o ka PTR zone o ka subnet /24.

Me he mea lā - he aha ka mea maʻalahi? Hoʻopaʻa inoa wale mākou i ka subnet e like me ka makemake a kuhikuhi iā ia i ka NS makemake ʻia, e like me ka hana ʻana me kahi subdomain. Akā ʻaʻole. ʻAʻole ia maʻalahi (ʻoiai ʻo ia ka mea maʻamau, akā ʻaʻole kōkua ka intuition), ʻo ia ke kumu aʻu e kākau nei i kēia ʻatikala.

Hiki i ka poʻe makemake e ʻike iā lākou iho RFC
ʻO wai ka mea makemake i kahi hoʻonā mākaukau, hoʻokipa i ka pōpoki.

I ʻole e hoʻopaneʻe i ka poʻe makemake i ke ʻano kope-paste, e kau mua wau i ka ʻāpana hana, a laila ka ʻāpana theoretical.

1. E hoʻomaʻamaʻa. ʻĀpana hāʻawi /28

E ʻōlelo kākou he subnet kā mākou 7.8.9.0/24. Pono mākou e hāʻawi i ka subnet 7.8.9.240/28 i ka mea kūʻai aku dns 7.8.7.8 (ns1.client.domain).

Ma ka DNS o ka mea hoʻolako pono ʻoe e ʻimi i kahi faila e wehewehe ana i ka ʻaoʻao hope o kēia subnet. E lawa ʻia nō 9.8.7.in-addr.harp.
Manaʻo mākou i nā helu mai 240 a i 255, inā loaʻa kekahi. A ma ka hope o ka faila, kākau mākou i kēia:

255-240  IN  NS      7.8.7.8
$GENERATE 240-255 $ CNAME $.255-240

mai poina e hoʻonui i ka serial zone a hana 

rndc reload

Hoʻopiha kēia i ka ʻāpana mea hoʻolako. E neʻe kāua i ka dns o ka mea kūʻai aku.

ʻO ka mua, e hana kākou i kahi faila /etc/bind/master/255-240.9.8.7.in-addr.arpa ka mea i lalo:

$ORIGIN 255-240.9.8.7.in-addr.arpa.
$TTL 1W
@                       1D IN SOA       ns1.client.domain. root.client.domain. (
                        2008152607      ; serial
                        3H              ; refresh
                        15M             ; retry
                        1W              ; expiry
                        1D )            ; minimum
@                       IN NS        ns1.client.domain.
@                       IN NS        ns2.client.domain.
241                     IN PTR          test.client.domain.
242                     IN PTR          test2.client.domain.
245                     IN PTR          test5.client.domain.

A iloko inoa.conf hoʻohui i kahi wehewehe o kā mākou faila hou:

zone "255-240.9.8.7.in-addr.arpa." IN {
        type master;
        file "master/255-240.9.8.7.in-addr.arpa";
};

B hoʻomaka hou i ke kaʻina hana hoʻopaʻa.

/etc/init.d/named restart

ʻO nā mea a pau. I kēia manawa hiki iā ʻoe ke nānā.

#>  host 7.8.9.245 
245.9.8.7.in-addr.arpa is an alias for 245.255-240.9.8.7.in-addr.arpa.
245.255-240.9.8.7.in-addr.arpa domain name pointer test5.client.domain.

E ʻoluʻolu, ʻaʻole i hāʻawi ʻia ka moʻolelo PTR wale nō, akā ʻo CNAME pū kekahi. Pēlā e pono ai. Inā ʻoe e noʻonoʻo nei i ke kumu, a laila e hoʻokipa i ka mokuna aʻe.

2. Manao. Pehea e hana ai.

He mea paʻakikī ke hoʻonohonoho a hoʻopau i kahi pahu ʻeleʻele. ʻOi aku ka maʻalahi inā maopopo ʻoe i ka mea e hana nei i loko.

Ke hāʻawi mākou i kahi subdomain ma kahi kāʻei aupuni, a laila kākau mākou i kekahi mea penei:

client.domain.	NS	ns1.client.domain.
ns1.client.domain.	A	7.8.7.8

Ke haʻi aku nei mākou i ka poʻe a pau e nīnau mai ʻaʻole mākou kuleana no kēia pūnaewele a ʻōlelo mākou ʻo wai ke kuleana. A me nā noi a pau no client.domain hoʻihoʻi hou i ka 7.8.7.8. Ke nānā nei mākou, ʻike mākou i ke kiʻi aʻe (e haʻalele mākou i ka mea a ka mea kūʻai aku ma laila. ʻAʻole pili ia):

# host test.client.domain
test.client.domain has address 7.8.9.241

ʻO kēlā mau. Ua hoʻomaopopo ʻia mākou aia kahi moʻolelo A me kona ip ʻo 7.8.9.241. ʻAʻohe ʻike pono ʻole.

Pehea e hiki ai ke hana like me ka subnet?

No ka mea ua hoʻopaʻa inoa ʻia kā mākou kikowaena DNS ma RIPE, a laila i ka wā e noi ana i kahi leka uila PTR IP mai kā mākou pūnaewele, e loaʻa mau ka noi mua iā mākou. Ua like ka logic me nā kāʻei kapu. Akā pehea ʻoe e hoʻokomo ai i kahi subnet i kahi faila zone?

E ho'āʻo kākou e hoʻokomo penei:

255-240  IN  NS      7.8.7.8

A... ʻaʻole i hiki mai ka hana mana. ʻAʻole loaʻa iā mākou kahi noi hoʻohuli. ʻO ka mea, ʻaʻole ʻike ʻo Bind i kēia mau mea i loko o ka faila reverse zone he mau IP address, a ʻoi aku ka maopopo ʻole o ke komo ʻana. No ia, he ʻano subdomain hōʻailona wale nō kēia. ʻO kēlā mau. no ka mea, ʻaʻohe ʻokoʻa ma waena o "255-240"A"kā mākou mea kūʻai nui". A no ka noi e hele i kahi e pono ai ke hele, e like me kēia ka helu wahi o ka noi: 241.255-240.9.8.7.in-addr.arpa. A i ʻole e like me kēia inā hoʻohana mākou i kahi subdomain character: 241.oursuperclient.9.8.7.in-addr.arpa. He ʻokoʻa kēia mai ka mea maʻamau: 241.9.8.7.in-addr.harp.

He mea paʻakikī ke hana i kēlā noi me ka lima. A inā paha e hana ana, ʻaʻole maopopo ka pehea e hoʻohana ai i ke ola maoli. Ma hope o nā mea a pau, ma ke noi 7.8.9.241 Ke pane mau nei ka DNS o ka mea hoʻolako iā mākou, ʻaʻole kā ka mea kūʻai aku.

A ma laila lākou e pāʻani ai CNAME.

Ma ka ʻaoʻao o ka mea hoʻolako, pono ʻoe e hana i kahi inoa inoa no nā helu IP āpau o ka subnet ma kahi ʻano e hoʻouna i ka noi i ka mea kūʻai aku DNS.

255-240  IN  NS      ns1.client.domain.
241     IN  CNAME   241.255-240
242     IN  CNAME   242.255-240
и т.д.

ʻO kēia no ka poʻe paʻakikī =).

A no ka palaualelo, ua kūpono ka hoʻolālā ma lalo nei:

255-240  IN  NS      ns1.client.domain.
$GENERATE 240-255 $ CNAME $.255-240

I kēia manawa e noi i ka ʻike ma 7.8.9.241 mai 241.9.8.7.in-addr.harp ma ke kikowaena DNS o ka mea hoʻolako e hoʻohuli ʻia i 241.255-240.9.8.7.in-addr.arpa a hele i ka mea kūʻai dns.

Pono ka ʻaoʻao o ka mea kūʻai aku e mālama i ia mau noi. No laila, hana mākou i kahi ʻāpana 255-240.9.8.7.in-addr.arpa. I loko o ia mea, hiki iā mākou, ma ke kumu, ke kau i nā hoʻokomo hoʻohuli no kekahi ip o ka subnet / 24 holoʻokoʻa, akā e nīnau wale lākou iā mākou e pili ana i nā mea a ka mea hoʻolako e hoʻouna mai iā mākou, no laila ʻaʻole hiki iā mākou ke pāʻani a puni =).
No ka hōʻike ʻana, e hāʻawi hou wau i kahi laʻana o nā mea o kahi faila reverse zone mai ka ʻaoʻao o ka mea kūʻai aku:

$ORIGIN 255-240.9.8.7.in-addr.arpa.
$TTL 1W
@                       1D IN SOA       ns1.client.domain. root.client.domain. (
                        2008152607      ; serial
                        3H              ; refresh
                        15M             ; retry
                        1W              ; expiry
                        1D )            ; minimum
@                       IN NS        ns1.client.domain.
@                       IN NS        ns2.client.domain.
241                     IN PTR          test.client.domain.
242                     IN PTR          test2.client.domain.
245                     IN PTR          test5.client.domain.

No ka mea, hoʻohana mākou i ka CNAME ma ka ʻaoʻao o ka mea hoʻolako, a ma ka pane ʻana i kahi noi no ka ʻikepili ma o ka IP address e loaʻa iā mākou ʻelua mau moʻolelo, ʻaʻole hoʻokahi.

#>  host 7.8.9.245 
245.9.8.7.in-addr.arpa is an alias for 245.255-240.9.8.7.in-addr.arpa.
245.255-240.9.8.7.in-addr.arpa domain name pointer test5.client.domain.

A mai poina e hoʻonohonoho pono i ka ACL. No ka mea, ʻaʻohe manaʻo o ka lawe ʻana i kahi wahi PTR no ʻoe iho a ʻaʻole pane i kekahi mai waho =).

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka