Rimwe zuva ndakatarisana nebasa rekupa mumwe wevatengi vangu kodzero yekugadzirisa zvinyorwa zvePTR zve /28 subnet yaakapihwa. Ini handina otomatiki yekugadzirisa BIND marongero kubva kunze. Naizvozvo, ndakafunga kutora imwe nzira - kugovera kune mutengi chidimbu chePTR zone ye /24 subnet.
Zvingaratidzika - chii chingave chiri nyore? Isu tinongonyoresa iyo subnet sezvinodiwa uye toitungamira kune inodiwa NS, sezvinoitwa ne subdomain. Asi kwete. Hazvisi izvo zviri nyore (kunyangwe muchokwadi zviri zvechinyakare, asi intuition haibatsire), ndosaka ndiri kunyora chinyorwa ichi.
Ani naani anoda kuzviverengera anogona kuverenga
Ndiani anoda kugadziriswa kwakagadzirirwa, kugamuchirwa kukati.
Kuti urege kunonoka avo vanoda nzira yekukopa-namatidza, ini ndichaisa iyo inoshanda chikamu chekutanga, uye ipapo chikamu chedzidziso.
1. Dzidzira. Kugovera nzvimbo /28
Ngatitii tine subnet 7.8.9.0/24. Isu tinofanirwa kugovera iyo subnet 7.8.9.240/28 kune dns mutengi 7.8.7.8 (ns1.client.domain).
PaDNS yemupi iwe unofanirwa kutsvaga faira rinotsanangura reverse zone ye subnet iyi. Ngazvidaro 9.8.7.
Isu tinotsinhira pane zvakapinda kubva pa240 kusvika pa255, kana aripo. Uye pakupera kwefaira tinonyora zvinotevera:
255-240 IN NS 7.8.7.8
$GENERATE 240-255 $ CNAME $.255-240
usakanganwa kuwedzera serial zone uye ita
rndc reload
Izvi zvinopedzisa chikamu chemupi. Ngatiendei kune mutengi dns.
Kutanga, ngatigadzirirei faira /etc/bind/master/255-240.9.8.7.in-addr.arpa zvinotevera zvirimo:
$ORIGIN 255-240.9.8.7.in-addr.arpa.
$TTL 1W
@ 1D IN SOA ns1.client.domain. root.client.domain. (
2008152607 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.client.domain.
@ IN NS ns2.client.domain.
241 IN PTR test.client.domain.
242 IN PTR test2.client.domain.
245 IN PTR test5.client.domain.
Uye mukati anonzi.conf wedzera tsananguro yefaira redu idzva:
zone "255-240.9.8.7.in-addr.arpa." IN {
type master;
file "master/255-240.9.8.7.in-addr.arpa";
};
B tangazve nzira yekusunga.
/etc/init.d/named restart
Zvose. Iye zvino unogona kutarisa.
#> host 7.8.9.245
245.9.8.7.in-addr.arpa is an alias for 245.255-240.9.8.7.in-addr.arpa.
245.255-240.9.8.7.in-addr.arpa domain name pointer test5.client.domain.
Ndapota cherechedza kuti kwete rekodhi rePTR chete rinopiwa, asiwo CNAME. Ndizvo zvazvinofanira kuva. Kana uri kushamisika kuti sei, wobva wagamuchirwa kuchitsauko chinotevera.
2. Dzidziso. Zvinoshanda sei.
Zvakaoma kugadzirisa uye kugadzirisa bhokisi dema. Zviri nyore kana iwe uchinzwisisa zviri kuitika mukati.
Kana isu tikagovera subdomain mudura inotongwa, tobva tanyora seizvi:
client.domain. NS ns1.client.domain.
ns1.client.domain. A 7.8.7.8
Isu tinoudza munhu wese anobvunza kuti isu hatisi mhosva yenzvimbo iyi uye tiudze kuti ndiani ane mhosva. Uye zvese zvikumbiro zve client.domain tungamira kune 7.8.7.8. Kana tichitarisa, tinoona mufananidzo unotevera (tichasiya izvo mutengi anazvo ipapo. Hazvina basa):
# host test.client.domain
test.client.domain has address 7.8.9.241
Avo. takaziviswa kuti kune A rekodhi yakadaro uye ip yayo i7.8.9.241. Hapana ruzivo rusina basa.
Chinhu chimwe chete chingaitwa sei ne subnet?
Nokuti yedu DNS server yakanyoreswa muRIPE, zvino kana uchikumbira PTR IP kero kubva kunetiweki yedu, chikumbiro chekutanga chicharamba chiri kwatiri. Iyo logic ndiyo yakafanana neine domains. Asi iwe unoisa sei subnet muzone faira?
Ngatiedzei kuiisa seizvi:
255-240 IN NS 7.8.7.8
Uye ... chishamiso hachina kuitika. Hatisi kugamuchira chero chikumbiro chekutungamira. Chinhu ndechekuti sunga haatomboziva kuti aya mapindiro mune reverse zone faira ndeye IP kero, uye zvakatonyanya hazvinzwisisike renji yekupinda. Kwaari, iyi ingori imwe mhando yekufananidzira subdomain. Avo. nekuti kusunga hakuzovi nemusiyano pakati"255-240"Uye"mukuru wedu". Uye kuti chikumbiro chiende kwachinoda kuenda, kero iri muchikumbiro inofanira kutaridzika seizvi: 241.255-240.9.8.7.in-addr.arpa. Kana seizvi kana tikashandisa hunhu subdomain: 241.oursuperclient.9.8.7.in-addr.arpa. Izvi zvakasiyana nezvinowanzoitika: 241.9.8.7.
Zvichava zvakaoma kuita chikumbiro chakadaro nemaoko. Uye kunyangwe ikashanda, hazvisati zvanyatsojeka kuti ungaishandisa sei muhupenyu chaihwo. Pashure pezvose, pakukumbira 7.8.9.241 DNS yemupi ichiri kupindura kwatiri, kwete yemutengi.
Uye apa ndipo pavanopinda mukutamba CNAME.
Padivi remupi, iwe unofanirwa kugadzira alias kune ese IP kero ye subnet mufomati inoendesa chikumbiro kune mutengi DNS.
255-240 IN NS ns1.client.domain.
241 IN CNAME 241.255-240
242 IN CNAME 242.255-240
ΠΈ Ρ.Π΄.
Izvi ndezvevanoshanda nesimba =).
Uye kune vane usimbe, dhizaini iri pazasi inonyanya kukodzera:
255-240 IN NS ns1.client.domain.
$GENERATE 240-255 $ CNAME $.255-240
Zvino kumbira ruzivo pa 7.8.9.241 kubva 241.9.8.7 paDNS server yemupi inoshandurwa kuita 241.255-240.9.8.7.in-addr.arpa uye inoenda kune dns mutengi.
Rutivi rwemutengi runozofanira kubata zvikumbiro zvakadaro. Saizvozvowo, tinogadzira nzvimbo 255-240.9.8.7.in-addr.arpa. Mariri, isu tinokwanisa, mumusimboti, kuisa reverse zvinyorwa kune chero ip yeyose / 24 subnet, asi ivo vanongotibvunza nezve izvo izvo zvinopihwa nemupi kwatiri, saka isu hatizokwanisa kutamba tichitenderedza =).
Kuenzanisira, ini ndichapa zvakare muenzaniso wezviri mukati reverse zone faira kubva kudivi remutengi:
$ORIGIN 255-240.9.8.7.in-addr.arpa.
$TTL 1W
@ 1D IN SOA ns1.client.domain. root.client.domain. (
2008152607 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.client.domain.
@ IN NS ns2.client.domain.
241 IN PTR test.client.domain.
242 IN PTR test2.client.domain.
245 IN PTR test5.client.domain.
Imhaka yekuti isu tinoshandisa CNAME parutivi rwemupi, uye mukupindura kune chikumbiro che data ne IP kero tinogamuchira marekodhi maviri, kwete imwe.
#> host 7.8.9.245
245.9.8.7.in-addr.arpa is an alias for 245.255-240.9.8.7.in-addr.arpa.
245.255-240.9.8.7.in-addr.arpa domain name pointer test5.client.domain.
Uye usakanganwa kugadzirisa iyo ACL nemazvo. Nekuti hazvina musoro kuzvitorera PTR zone uye kusapindura chero munhu anobva kunze =).
Source: www.habr.com