Тарҷумаи мақола барои донишҷӯёни курс омода шудааст
Дар ин мақола, ман ба шумо қадамҳои насб кардани сервери DNS дар RHEL 7 ё CentOS 7-ро нишон медиҳам. Ман барои намоиш Red Hat Enterprise Linux 7.4 истифода кардам. Ҳадафи мо эҷод кардани як сабти A ва як сабти PTR барои минтақаҳои ҷустуҷӯи пеш ва баръакс мебошад.
Аввалан, бастаҳои зарурии rpm-ро барои сервери DNS насб кунед.
ЭЗОҲ: Барои RHEL шумо бояд дошта бошед
# yum install bind bind-chroot caching-nameserver
Танзимоти ман:
# hostname
golinuxhub-client.example
Мой IP-адрес 192.168.1.7
# ip address | egrep 'inet.*enp0s3'
inet 192.168.1.7/24 brd 192.168.1.255 scope global dynamic enp0s3
Азбаски мо chroot-ро истифода хоҳем бурд, мо бояд хидматро хомӯш кунем.
# systemctl stop named
# systemctl disable named
Сипас файлҳои лозимиро ба директорияи chroot нусхабардорӣ кунед.
ШАРҲ. Аргументро истифода баред -p дар як даста cp барои хифзи хукук ва сохибон.
[root@golinuxhub-client ~]# cp -rpvf /usr/share/doc/bind-9.9.4/sample/etc/* /var/named/chroot/etc/
‘/usr/share/doc/bind-9.9.4/sample/etc/named.conf’ -> ‘/var/named/chroot/etc/named.conf’
‘/usr/share/doc/bind-9.9.4/sample/etc/named.rfc1912.zones’ -> ‘/var/named/chroot/etc/named.rfc1912.zones’
Пас файлҳои бо минтақа алоқамандро ба макони нав нусхабардорӣ кунед.
[root@golinuxhub-client ~]# cp -rpvf /usr/share/doc/bind-9.9.4/sample/var/named/* /var/named/chroot/var/named/
‘/usr/share/doc/bind-9.9.4/sample/var/named/data’ -> ‘/var/named/chroot/var/named/data’
‘/usr/share/doc/bind-9.9.4/sample/var/named/my.external.zone.db’ -> ‘/var/named/chroot/var/named/my.external.zone.db’
‘/usr/share/doc/bind-9.9.4/sample/var/named/my.internal.zone.db’ -> ‘/var/named/chroot/var/named/my.internal.zone.db’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.ca’ -> ‘/var/named/chroot/var/named/named.ca’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.empty’ -> ‘/var/named/chroot/var/named/named.empty’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.localhost’ -> ‘/var/named/chroot/var/named/named.localhost’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.loopback’ -> ‘/var/named/chroot/var/named/named.loopback’
‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves’ -> ‘/var/named/chroot/var/named/slaves’
‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.ddns.internal.zone.db’ -> ‘/var/named/chroot/var/named/slaves/my.ddns.internal.zone.db’
‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.slave.internal.zone.db’ -> ‘/var/named/chroot/var/named/slaves/my.slave.internal.zone.db’
```bash
Теперь давайте посмотрим на основной файл конфигурации.
```bash
# cd /var/named/chroot/etc/
Мундариҷаи name.conf-ро тоза кунед ва зеринро часбонед.
[root@golinuxhub-client etc]# vim named.conf
options {
listen-on port 53 { 127.0.0.1; any; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view my_resolver {
match-clients { localhost; any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
Маълумоти мушаххаси минтақа бояд илова карда шавад /var/named/chroot/etc/named.rfc1912.zones. Воридоти зерро илова кунед. Файли example.zone файли минтақаи ҷустуҷӯи пеш аст ва мисол.rzone — файли минтақаи баръакс.
ЭЗОҲ МУҲИМ: Минтақаи ҷустуҷӯи баръакс 1.168.192 дорад, зеро суроғаи IP-и ман 192.168.1.7 аст.
zone "example" IN {
type master;
file "example.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "example.rzone";
allow-update { none; };
};
Файлҳои марбут ба минтақаҳо дар ин ҷо ҷойгиранд:
# cd /var/named/chroot/var/named/
Минбаъд, мо файлҳоро барои минтақаҳои пеш ва баръакс эҷод мекунем. Номҳои файл ҳамон тавре, ки дар боло зикр шудааст, хоҳанд буд номидашуда.rfc1912.zones. Мо аллакай якчанд қолибҳои пешфарз дорем, ки мо метавонем онҳоро истифода барем.
# cp -p named.localhost example.zone
# cp -p named.loopback example.rzone
Тавре ки шумо мебинед, иҷозатҳои ҷории ҳамаи файлҳо ва директорияҳо ба онҳо тааллуқ доранд реша.
[root@golinuxhub-client named]# ll
total 32
drwxr-xr-x. 2 root root 6 May 22 2017 data
-rw-r--r--. 1 root root 168 May 22 2017 example.rzone
-rw-r--r--. 1 root root 152 May 22 2017 example.zone
-rw-r--r--. 1 root root 56 May 22 2017 my.external.zone.db
-rw-r--r--. 1 root root 56 May 22 2017 my.internal.zone.db
-rw-r--r--. 1 root root 2281 May 22 2017 named.ca
-rw-r--r--. 1 root root 152 May 22 2017 named.empty
-rw-r--r--. 1 root root 152 May 22 2017 named.localhost
-rw-r--r--. 1 root root 168 May 22 2017 named.loopback
drwxr-xr-x. 2 root root 71 Feb 12 21:02 slaves
Иҷозатҳои ҳамаи файлҳоро тағир диҳед, то корбарро ҳамчун соҳиб нишон диҳед реша ва гурӯҳ номида мешавад.
# chown root:named *
Аммо барои маълумот соҳиби он бояд бошад ном: ном.
# chown -R named:named data
# ls -l
total 32
drwxr-xr-x. 2 named named 6 May 22 2017 data
-rw-r--r--. 1 root named 168 May 22 2017 example.rzone
-rw-r--r--. 1 root named 152 May 22 2017 example.zone
-rw-r--r--. 1 root named 56 May 22 2017 my.external.zone.db
-rw-r--r--. 1 root named 56 May 22 2017 my.internal.zone.db
-rw-r--r--. 1 root named 2281 May 22 2017 named.ca
-rw-r--r--. 1 root named 152 May 22 2017 named.empty
-rw-r--r--. 1 root named 152 May 22 2017 named.localhost
-rw-r--r--. 1 root named 168 May 22 2017 named.loopback
drwxr-xr-x. 2 root named 71 Feb 12 21:02 slaves
Ба файли минтақаи пешбарии худ мундариҷаи зеринро илова кунед. Дар ин ҷо мо сабти A барои localhost (golinuxhub-client) ва дигаре барои сервер (golinuxhub-server) эҷод мекунем.
# vim example.zone
$TTL 1D
@ IN SOA example. root (
1 ; serial
3H ; refresh
15M ; retry
1W ; expire
1D ) ; minimum
IN NS example.
IN A 192.168.1.7
golinuxhub-server IN A 192.168.1.5
golinuxhub-client IN A 192.169.1.7
Баъдан, мундариҷаро ба файли минтақаи баръакс илова кунед. Дар ин ҷо мо барои golinuxhub-муштарӣ ва барои golinuxhub-сервер сабти PTR эҷод мекунем.
# vim example.rzone
$TTL 1D
@ IN SOA example. root.example. (
1997022700 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ) ; minimum
IN NS example.
5 IN PTR golinuxhub-server.example.
7 IN PTR golinuxhub-client.example.
Пеш аз он ки мо хидматро оғоз кунем ном-чрот, биёед конфигуратсияи файли минтақаро тафтиш кунем.
[root@golinuxhub-client named]# named-checkzone golinuxhub-client.example example.zone
zone golinuxhub-client.example/IN: loaded serial 1
OK
[root@golinuxhub-client named]# named-checkzone golinuxhub-client.example example.rzone
zone golinuxhub-client.example/IN: loaded serial 1997022700
OK
Ҳама чиз хуб ба назар мерасад. Акнун файли конфигуратсияро бо истифода аз фармони зерин тафтиш кунед.
[root@golinuxhub-client named]# named-checkconf -t /var/named/chroot/ /etc/named.conf
Ҳамин тариқ, ҳама чиз бомуваффақият анҷом ёфт.
[root@golinuxhub-client named]# echo $?
0
ЭЗОҲ МУҲИМ: Ман SELinux-ро дар ҳолати иҷозатдиҳӣ дорам
# getenforce
Permissive
Ҳама чиз хуб аст, бинобар ин вақти он расидааст, ки хидмати моро оғоз кунем ном-чрот .
[root@golinuxhub-client named]# systemctl restart named-chroot
[root@golinuxhub-client named]# systemctl status named-chroot
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2018-02-12 21:53:23 IST; 19s ago
Process: 5236 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 5327 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS)
Process: 5325 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 5330 (named)
CGroup: /system.slice/named-chroot.service
└─5330 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot
Feb 12 21:53:23 golinuxhub-client.example named[5330]: managed-keys-zone/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 0.in-addr.arpa/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.0.0.127.in-addr.arpa/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.168.192.in-addr.arpa/IN/my_resolver: loaded serial 1997022700
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone example/IN/my_resolver: loaded serial 1
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone localhost/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone localhost.localdomain/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: all zones loaded
Feb 12 21:53:23 golinuxhub-client.example named[5330]: running
```bash
Убедитесь, что resolv.conf содержит ваш IP-адрес, чтобы он мог работать в качестве DNS-сервера.
```bash
# cat /etc/resolv.conf
search example
nameserver 192.168.1.7
```bash
Давайте проверим наш DNS-сервер для обратной зоны, используя dig.
```bash
[root@golinuxhub-client named]# dig -x 192.168.1.5
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -x 192.168.1.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40331
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
5.1.168.192.in-addr.arpa. 86400 IN PTR golinuxhub-server.example.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS example.
;; ADDITIONAL SECTION:
example. 86400 IN A 192.168.1.7
;; Query time: 1 msec
;; SERVER: 192.168.1.7#53(192.168.1.7)
;; WHEN: Mon Feb 12 22:13:17 IST 2018
;; MSG SIZE rcvd: 122
Тавре ки шумо мебинед, мо ба дархости худ (QUERY) ҷавоби мусбӣ гирифтем.
[root@golinuxhub-client named]# dig -x 192.168.1.7
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -x 192.168.1.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55804
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;7.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
7.1.168.192.in-addr.arpa. 86400 IN PTR golinuxhub-client.example.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS example.
;; ADDITIONAL SECTION:
example. 86400 IN A 192.168.1.7
;; Query time: 1 msec
;; SERVER: 192.168.1.7#53(192.168.1.7)
;; WHEN: Mon Feb 12 22:12:54 IST 2018
;; MSG SIZE rcvd: 122
Мо метавонем минтақаи мустақимро ҳамин тавр тафтиш кунем.
[root@golinuxhub-client named]# nslookup golinuxhub-client.example
Server: 192.168.1.7
Address: 192.168.1.7#53
Name: golinuxhub-client.example
Address: 192.169.1.7
[root@golinuxhub-client named]# nslookup golinuxhub-server.example
Server: 192.168.1.7
Address: 192.168.1.7#53
Name: golinuxhub-server.example
Address: 192.168.1.5
Ин мақола каме кӯҳна шудааст, зеро дар RHEL 7 ба шумо дигар лозим нест, ки файлҳои конфигуратсияи пайвастро ба chroot нусхабардорӣ кунед.
Манбаъ: will.com