Ngenye imini ndandijongene nomsebenzi wokunika omnye wabathengi bam ilungelo lokuhlela iirekhodi zePTR ze/28 subnet eyabelwe yena. Andinayo i-automation yokuhlela i-BIND useto ngaphandle. Ngoko ke, ndagqiba ekubeni ndithathe indlela eyahlukileyo - ukunikezela kumxhasi inxalenye yendawo ye-PTR ye-subnet / 24.
Kuya kubonakala - yintoni enokuba lula? Sibhalisa nje i-subnet njengoko kufuneka kwaye siyiqondise kwi-NS efunwayo, njengoko kwenziwa nge-subdomain. Kodwa hayi. Ayisiyonto ilula (nangona eneneni iyinto yakudala, kodwa intuition ayiyi kunceda), yiyo loo nto ndibhala eli nqaku.
Nabani na ofuna ukuzifundela ngokwakhe unokufunda
Ngubani ofuna isisombululo esele senziwe, wamkelekile kwikati.
Ukuze ungalibazisi abo bathanda indlela yokukopisha-unamathisele, ndiya kuthumela inxalenye ephathekayo kuqala, kwaye inxalenye yethiyori.
1. Ziqhelise. Ugunyaziso lwezowuni /28
Masithi sine-subnet 7.8.9.0/24. Kufuneka sinikeze i-subnet 7.8.9.240/28 kumthengi we-dns 7.8.7.8 (ns1.client.domain).
Kwi-DNS yomboneleli kufuneka ufumane ifayile echaza indawo engasemva yale subnet. Makubenjalo 9.8.7.in- kongeza.arpa.
Siphawula malunga namangenelo ukusuka ku-240 ukuya ku-255, ukuba kukho na. Kwaye ekupheleni kwefayile sibhala oku kulandelayo:
255-240 IN NS 7.8.7.8
$GENERATE 240-255 $ CNAME $.255-240ungalibali ukonyusa indawo yeserial kwaye wenze
rndc reloadOku kugqiba inxalenye yomboneleli. Masiqhubele phambili kwi-dns yomxhasi.
Okokuqala, makhe senze ifayile /etc/bind/master/255-240.9.8.7.in-addr.arpa umxholo olandelayo:
$ORIGIN 255-240.9.8.7.in-addr.arpa.
$TTL 1W
@ 1D IN SOA ns1.client.domain. root.client.domain. (
2008152607 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.client.domain.
@ IN NS ns2.client.domain.
241 IN PTR test.client.domain.
242 IN PTR test2.client.domain.
245 IN PTR test5.client.domain.
Kwaye ngaphakathi igama.conf yongeza inkcazo yefayile yethu entsha:
zone "255-240.9.8.7.in-addr.arpa." IN {
type master;
file "master/255-240.9.8.7.in-addr.arpa";
};B qala kwakhona inkqubo yokubopha.
/etc/init.d/named restartKonke. Ngoku ungajonga.
#> host 7.8.9.245
245.9.8.7.in-addr.arpa is an alias for 245.255-240.9.8.7.in-addr.arpa.
245.255-240.9.8.7.in-addr.arpa domain name pointer test5.client.domain.Nceda uqaphele ukuba ayikuphelanga irekhodi ye-PTR enikiweyo, kodwa kunye ne-CNAME. Kumele kube njalo. Ukuba uyazibuza ukuba kutheni, wamkelekile kwisahluko esilandelayo.
2. Ithiyori. Ingaba isebenza kanjani.
Kunzima ukuqwalasela kunye nokulungisa ibhokisi emnyama. Kulula kakhulu ukuba uyayiqonda into eyenzekayo ngaphakathi.
Xa sinikezela nge-subdomain kwisizinda thambeka, emva koko sibhala into enje:
client.domain. NS ns1.client.domain.
ns1.client.domain. A 7.8.7.8Sixelela wonke umntu obuza ukuba asinaxanduva kule ndawo kwaye sichaze ukuba ngubani onoxanduva. Kwaye zonke izicelo client.domain thumela kwakhona ku-7.8.7.8. Xa sijonga, sibona lo mfanekiso ulandelayo (siya kushiya into umthengi anayo apho. Ayinamsebenzi):
# host test.client.domain
test.client.domain has address 7.8.9.241Ezo. saxelelwa ukuba kukho irekhodi enje kwaye ip yayo yi-7.8.9.241. Akukho lwazi olungeyomfuneko.
Inokwenziwa njani into enye nge-subnet?
Ngokuba iseva yethu ye-DNS ibhaliswe kwi-RIPE, ngoko xa ucela idilesi ye-PTR IP kwinethiwekhi yethu, isicelo sokuqala siya kuba kuthi. Ingqiqo iyafana nemimandla. Kodwa uyingenisa njani i-subnet kwifayile yendawo?
Masizame ukuyifaka ngolu hlobo:
255-240 IN NS 7.8.7.8Kwaye ... ummangaliso awuzange wenzeke. Asifumani nasiphi na isicelo sokuphinda sithunyelwe. Into kukuba i-bind ayiyazi nokuba ezi zingeno kwifayile yendawo engasemva ziidilesi ze-IP, kwaye nangaphezulu ayiqondi ukungena koluhlu. Kuye, olu luhlobo oluthile lwe-subdomain engumfuziselo. Ezo. Ukubopha akuyi kubakho mahluko phakathi "255-240"Kwaye"umthengi wethu". Kwaye ukuze isicelo siye apho kufuneka siye khona, idilesi ekwisicelo kufuneka ijongeke ngolu hlobo: 241.255-240.9.8.7.in-addr.arpa. Okanye ngolu hlobo ukuba sisebenzisa isizinda somlinganiswa: 241.umthengi wethu omkhulu.9.8.7.in-addr.arpa. Oku kwahlukile kwesiqhelo: 241.9.8.7.in- kongeza.arpa.
Kuya kuba nzima ukwenza isicelo esinjalo ngesandla. Kwaye nokuba iyasebenza, akukacaci ukuba isetyenziswa njani kubomi bokwenyani. Ngapha koko, xa uceliwe 7.8.9.241 I-DNS yomboneleli isaphendula kuthi, hayi eyomthengi.
Kwaye kulapho bangena khona CNAME.
Kwicala lomboneleli, kufuneka wenze i-alias kuzo zonke iidilesi ze-IP ze-subnet kwifomathi eya kuthumela isicelo kumthengi we-DNS.
255-240 IN NS ns1.client.domain.
241 IN CNAME 241.255-240
242 IN CNAME 242.255-240
и т.д.
Le yeyabasebenza nzima =).
Kwaye kwivila, uyilo olungezantsi lufanelekile ngakumbi:
255-240 IN NS ns1.client.domain.
$GENERATE 240-255 $ CNAME $.255-240Ngoku cela ulwazi ku 7.8.9.241 из 241.9.8.7.in- kongeza.arpa kwiseva ye-DNS yomboneleli iyakuguqulwa ibe 241.255-240.9.8.7.in-addr.arpa kwaye iya kumthengi we-dns.
Icala lomxhasi liya kufuneka lijongane nezicelo ezinjalo. Ngokufanelekileyo, senza indawo 255-240.9.8.7.in-addr.arpa. Kuyo, sinokuthi, ngokomgaqo, sibeke amangeno angasemva kuyo nayiphi na i-ip yayo yonke / i-subnet ye-24, kodwa baya kusibuza kuphela malunga nalawo umnikezeli athumela phambili kuthi, ngoko asiyi kukwazi ukudlala ngeenxa zonke =).
Ukubonisa, ndiza kuphinda ndinike umzekelo wemixholo yefayile yezowuni ebuyela umva kwicala lomxhasi:
$ORIGIN 255-240.9.8.7.in-addr.arpa.
$TTL 1W
@ 1D IN SOA ns1.client.domain. root.client.domain. (
2008152607 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.client.domain.
@ IN NS ns2.client.domain.
241 IN PTR test.client.domain.
242 IN PTR test2.client.domain.
245 IN PTR test5.client.domain.
Kungenxa yokuba sisebenzisa i-CNAME kwicala lomnikezeli, kwaye ekuphenduleni isicelo sedatha ngedilesi ye-IP sifumana iirekhodi ezimbini, hayi enye.
#> host 7.8.9.245
245.9.8.7.in-addr.arpa is an alias for 245.255-240.9.8.7.in-addr.arpa.
245.255-240.9.8.7.in-addr.arpa domain name pointer test5.client.domain.
Kwaye ungalibali ukuqwalasela i-ACL ngokuchanekileyo. Ngenxa yokuba akukho ngqiqo ukuthatha indawo ye-PTR ngokwakho kwaye ungaphenduli nabani na ovela ngaphandle =).
umthombo: www.habr.com