Ukukwazi ukunciphisa kude izixhobo ezisekelwe kwi-RouterOS (Mikrotik) ibeka amakhulu amawaka ezixhobo zenethiwekhi emngciphekweni. Ukuba sesichengeni kunxulunyaniswa netyhefu ye-DNS cache yeWinbox protocol kwaye ikuvumela ukuba ulayishe yakudala (ngokusetha kwakhona igama elimiselweyo) okanye i-firmware elungisiweyo kwisixhobo.
Iinkcukacha zokuba sesichengeni
I-terminal ye-RouterOS ixhasa umyalelo wokusombulula ukujongwa kwe-DNS.
Esi sicelo siphathwa ngokubini okubizwa ngokuba ngumxazululi. Isisombululi sesinye sezibini ezininzi ezinxibelelana neprotocol ye-Winbox ye-RouterOS. Kwinqanaba eliphezulu, "imiyalezo" ethunyelwe kwizibuko leWinbox ingahanjiswa kwiibini ezahlukeneyo kwi-RouterOS esekwe kuluhlu olusekwe kuluhlu lwenani lwenkqubo.
Ngokungagqibekanga, i-RouterOS inesici seseva ye-DNS icinyiwe.
Nangona kunjalo, nangona umsebenzi womncedisi uvaliwe, i-router igcina i-cache ye-DNS yayo.
Xa senza isicelo sisebenzisa i-winbox_dns_request umzekelo.com, i-router iya kubamba umphumo.
Kuba sinokukhankanya iseva ye-DNS apho isicelo kufuneka siye khona, ukufaka iidilesi ezingachanekanga kuyinto encinci. Umzekelo, ungaqwalasela ukuphunyezwa komncedisi we DNS ukusuka ukuhlala uphendula ngerekhodi A equlethe idilesi ye-IP 192.168.88.250.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Ngoku ukuba ukhangela umzekelo.com usebenzisa iWinbox, unokubona ukuba i-DNS cache ye-router inetyhefu.
Ewe kunjalo, ityhefu i-example.com ayiloncedo kakhulu kuba i-router ayiyi kuyisebenzisa ngokwenene. Nangona kunjalo, i-router idinga ukufikelela kwi-upgrade.mikrotik.com, cloud.mikrotik.com, cloud2.mikrotik.com kunye ne-download.mikrotik.com. Kwaye enkosi kwenye impazamo, kunokwenzeka ukutyhefa zonke ngaxeshanye.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
reply.add_answer(RR("upgrade.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud2.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("download.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()I-router icela imvume enye, kwaye sinikezela ezintlanu emva. I-router ayigcini zonke ezi mpendulo ngokuchanekileyo.
Ngokucacileyo, olu hlaselo lukwaluncedo ukuba i-router isebenza njengeseva ye-DNS, kuba ivumela abathengi be-router ukuba bahlaselwe.
Olu hlaselo lukwakuvumela ukuba usebenzise ubungozi obunzulu: ukuthoba okanye ukubuyisela umva inguqulelo ye-RouterOS. Umhlaseli uphinda enze ingqiqo yomncedisi wohlaziyo, kuquka i-changelog, kwaye inyanzela i-RouterOS ukuba ibone inguqulo yakudala (esichengeni) njengangoku. Ingozi apha ixhomekeke kwinto yokuba xa inguqulelo "ihlaziywa", igama eliyimfihlo lomlawuli lisetyenzisiwe kwixabiso elingagqibekanga - umhlaseli unokungena kwinkqubo ngephasiwedi engenanto!
Uhlaselo lusebenza kakhulu, nangona kunjalo iphumeza iivektha ezininzi, kuquka nezo zinxulumene , kodwa le sele ibubuchule obungafunekiyo kwaye ukusetyenziswa kwayo ngeenjongo ezingekho mthethweni akukho mthethweni.
Защита
Ukuvala nje iWinbox kukuvumela ukuba uzikhusele kolu hlaselo. Ngaphandle koncedo lolawulo ngeWinbox, kungcono ukusebenzisa iSSH protocol.
umthombo: www.habr.com