I-ProHoster > Блог > Ukuphatha > Ukuthunyelwa okubuyiselwe emuva kwendawo kuya kumanethi angaphansi angaphansi kuka-/24 ku-BIND. Isebenza kanjani

Ukuthunyelwa okubuyiselwe emuva kwendawo kuya kumanethi angaphansi angaphansi kuka-/24 ku-BIND. Isebenza kanjani

Ngolunye usuku ngabhekana nomsebenzi wokunikeza elinye lamakhasimende ami ilungelo lokuhlela amarekhodi e-PTR we-subnet /28 eyabelwe yona. Anginakho okuzenzakalelayo kokuhlela izilungiselelo ze-BIND ngaphandle. Ngakho-ke, nginqume ukuthatha umzila ohlukile - ukudlulisela kuklayenti ucezu lwendawo ye-PTR ye-subnet /24.

Kungase kubonakale - yini engase ibe lula? Simane sibhalise i-subnet njengoba kudingeka futhi siyiqondise ku-NS oyifunayo, njengoba kwenziwa ngesizinda esingaphansi kwesinye. Kodwa cha. Akulula kangako (nakuba empeleni kungokokuqala, kodwa intuition ngeke isize), yingakho ngibhala lesi sihloko.

Noma ubani ofuna ukuzitholela yona angakwazi ukufunda RFC
Ubani ofuna isixazululo esenziwe ngomumo, wamukelekile ekati.

Ukuze ngingabambezeli labo abathanda indlela yokukopisha-namathisela, ngizothumela ingxenye esebenzayo kuqala, bese kuba ingxenye yethiyori.

1. Zijwayeze. Indawo yokudlulisela/28

Ake sithi sine-subnet 7.8.9.0/24. Kudingeka sinikeze i-subnet 7.8.9.240/28 kuklayenti le-dns 7.8.7.8 (ns1.client.domain).

Ku-DNS yomhlinzeki udinga ukuthola ifayela elichaza indawo ehlehlayo yale subnet. Akube njalo 9.8.7.in-addr.habhu.
Siphawula ngemingenelo esuka ku-240 kuya ku-255, uma ekhona. Futhi ekugcineni kwefayela sibhala okulandelayo:

255-240  IN  NS      7.8.7.8
$GENERATE 240-255 $ CNAME $.255-240

ungakhohlwa ukwandisa indawo ye-serial futhi wenze 

rndc reload

Lokhu kuqeda ingxenye yomhlinzeki. Masiqhubekele ku-dns yeklayenti.

Okokuqala, masidale ifayela /etc/bind/master/255-240.9.8.7.in-addr.arpa okuqukethwe okulandelayo:

$ORIGIN 255-240.9.8.7.in-addr.arpa.
$TTL 1W
@                       1D IN SOA       ns1.client.domain. root.client.domain. (
                        2008152607      ; serial
                        3H              ; refresh
                        15M             ; retry
                        1W              ; expiry
                        1D )            ; minimum
@                       IN NS        ns1.client.domain.
@                       IN NS        ns2.client.domain.
241                     IN PTR          test.client.domain.
242                     IN PTR          test2.client.domain.
245                     IN PTR          test5.client.domain.

Futhi igama.conf engeza incazelo yefayela lethu elisha:

zone "255-240.9.8.7.in-addr.arpa." IN {
        type master;
        file "master/255-240.9.8.7.in-addr.arpa";
};

B qala kabusha inqubo yokuhlanganisa.

/etc/init.d/named restart

Konke. Manje ungabheka.

#>  host 7.8.9.245 
245.9.8.7.in-addr.arpa is an alias for 245.255-240.9.8.7.in-addr.arpa.
245.255-240.9.8.7.in-addr.arpa domain name pointer test5.client.domain.

Sicela uqaphele ukuthi akuwona kuphela irekhodi le-PTR elinikeziwe, kodwa ne-CNAME. Kufanele kube njalo. Uma uzibuza ukuthi kungani, wamukelekile esahlukweni esilandelayo.

2. Ithiyori. Isebenza kanjani.

Kunzima ukumisa nokulungisa ibhokisi elimnyama. Kuba lula kakhulu uma uqonda ukuthi kwenzekani ngaphakathi.

Uma sithumela isizinda esingaphansi kwesinye esizindeni domain, bese sibhala into efana nale:

client.domain.	NS	ns1.client.domain.
ns1.client.domain.	A	7.8.7.8

Sitshela wonke umuntu obuza ukuthi thina asinacala ngale sayithi futhi sisho ukuthi ubani onesibopho. Futhi zonke izicelo client.domain uqondise kabusha ku-7.8.7.8. Uma sibheka, sibona isithombe esilandelayo (sizoshiya lokho iklayenti elinakho lapho. Akunandaba):

# host test.client.domain
test.client.domain has address 7.8.9.241

Labo. saziswa ukuthi kukhona irekhodi elinjalo futhi i-ip yalo ingu-7.8.9.241. Alukho ulwazi olungadingekile.

Ingenziwa kanjani into efanayo nge-subnet?

Ngoba iseva yethu ye-DNS ibhaliswe ku-RIPE, ngakho-ke lapho ucela ikheli le-PTR IP kunethiwekhi yethu, isicelo sokuqala sisazoba kithi. I-logic iyafana nezizinda. Kodwa uyifaka kanjani i-subnet kufayela lezoni?

Ake sizame ukukufaka kanje:

255-240  IN  NS      7.8.7.8

Futhi... isimangaliso asenzekanga. Asitholi noma yisiphi isicelo sokuqondisa kabusha. Into ewukuthi i-bind ayazi nokuthi lokhu okufakiwe kufayela lezoni ehlanekezela amakheli e-IP, futhi nakakhulu akuqondi ukufakwa kobubanzi. Kuye, lokhu kuwuhlobo oluthile lwesizinda esingaphansi esingokomfanekiso. Labo. ukubopha ngeke kube umehluko phakathi "255-240"Futhi"umthengi wethu". Futhi ukuze isicelo siye lapho sidinga ukuya khona, ikheli esicelweni kufanele libukeke kanje: 241.255-240.9.8.7.in-addr.arpa. Noma uthanda lokhu uma sisebenzisa isizinda somlingiswa: 241.ikhasimende lethu elikhulu.9.8.7.in-addr.arpa. Lokhu kwehlukile kokujwayelekile: 241.9.8.7.in-addr.habhu.

Kuzoba nzima ukwenza isicelo esinjalo mathupha. Futhi noma ngabe isebenza, akukacaci ukuthi isetshenziswa kanjani empilweni yangempela. Phela, ngesicelo 7.8.9.241 I-DNS yomhlinzeki isaphendula kithi, hhayi eyeklayenti.

Futhi kulapho bangena khona I-CNAME.

Ohlangothini lomhlinzeki, udinga ukwenza isiteketiso sawo wonke amakheli e-IP we-subnet ngefomethi ezodlulisela isicelo ku-DNS yeklayenti.

255-240  IN  NS      ns1.client.domain.
241     IN  CNAME   241.255-240
242     IN  CNAME   242.255-240
и т.д.

Lokhu okokusebenza kanzima =).

Futhi kumavila, umklamo ongezansi ufanelekile kakhulu:

255-240  IN  NS      ns1.client.domain.
$GENERATE 240-255 $ CNAME $.255-240

Manje cela ulwazi ku 7.8.9.241 kusuka ku 241.9.8.7.in-addr.habhu kuseva ye-DNS yomhlinzeki izoguqulelwa kuye 241.255-240.9.8.7.in-addr.arpa futhi iya kuklayenti le-dns.

Uhlangothi lweklayenti luzodinga ukusingatha izicelo ezinjalo. Ngokuvumelana nalokho, sakha indawo 255-240.9.8.7.in-addr.arpa. Kuyo, singakwazi, ngokomthetho, ukubeka okufakiwe okubuyela emuva kwanoma iyiphi i-ip yayo yonke /24 subnet, kodwa bazosibuza kuphela mayelana nalezo umhlinzeki asidlulisela kithi, ukuze singakwazi ukudlala eduze =).
Ukufanekisa, ngizophinda nginikeze isibonelo sokuqukethwe kwefayela lezoni ehlanekezelwe ohlangothini lweklayenti:

$ORIGIN 255-240.9.8.7.in-addr.arpa.
$TTL 1W
@                       1D IN SOA       ns1.client.domain. root.client.domain. (
                        2008152607      ; serial
                        3H              ; refresh
                        15M             ; retry
                        1W              ; expiry
                        1D )            ; minimum
@                       IN NS        ns1.client.domain.
@                       IN NS        ns2.client.domain.
241                     IN PTR          test.client.domain.
242                     IN PTR          test2.client.domain.
245                     IN PTR          test5.client.domain.

Kungenxa yokuthi sisebenzisa i-CNAME ngasohlangothini lomhlinzeki, futhi ngokuphendula isicelo sedatha ngekheli le-IP sithola amarekhodi amabili, hhayi elilodwa.

#>  host 7.8.9.245 
245.9.8.7.in-addr.arpa is an alias for 245.255-240.9.8.7.in-addr.arpa.
245.255-240.9.8.7.in-addr.arpa domain name pointer test5.client.domain.

Futhi ungakhohlwa ukumisa i-ACL ngendlela efanele. Ngoba akunangqondo ukuzithathela indawo ye-PTR futhi ungaphenduli kunoma ubani ovela ngaphandle =).

Source: www.habr.com

Engeza amazwana