Nzira Yekugadzirisa Pamwe DNS Purogiramu Yevashandi neBIND pa Ubuntu 16.04

 

Nzira Yekugadzirisa Pamwe DNS Purogiramu Yevashandi neBIND pa Ubuntu 16.04. BIND (Berkeley Internet Name Domain) ndiyo yakashandiswa zvikuru DNS software pamusoro peInternet. Iko BIND iripo inowanikwa kune rese Linux distributions, izvo zvinoita kuti kuiswa kuve nyore uye kwakananga. Muchikamu chemazuva ano tichakuratidza kuti ungaisa sei, gadzirisa uye ugoita BIND 9 semunhu wega DNS server pane Ubuntu 16.04 VPS, mune zvishoma zvishoma.

zvinodiwa:

  • Masera maviri (ns1 uye ns2) akabatanidzwa kumusangano wega
  • Muchidzidzo ichi tichashandisa 10.20.0.0 / 16 subnet
  • DNS vatengi vanozobatanidza kuma server yako DNS

1. Ongorora zvese ma seva

Tanga kuburikidza nekuvandudza mapeji pamasese maviri:

# sudo apt-get update

2. Isa BINDA kumaseji maviri

# sudo apt-get install bind9 bind9utils

3. Isa PINDA yePv4 mamiriro

Isa PINDA ye IPv4 mamiriro, tichaita izvozvo nokugadzira "/ etc / default / bind9" file uye kuwedzera "-4" kushanduka kweVATTIONS:

# sudo nano / etc / default / bind9

Ifa rakagadziriswa rinofanira kutarisa chimwe chinhu chakadai:

# run resolvconf? RESOLVCONF = kwete nharo dzekutanga # dzevhavha OPTIONS = "- 4 -sunga"

Iye zvino ngatishandise nsxNUMX, yedu yekutanga DNS server.

4. Kugadzira DNS Server Primary

Tungamira faira yezita.conf.options:

# sudo nano /etc/bind/named.conf.options

Pamusoro pezvigadziro zvinogadzirisa, wedzera chivako chitsva chinonzi chivimbo.Zvino ruchaita kuti vatengi vatsanangurwa mukati maro vatumire zvakare DNS mibvunzo kumusha wedu wekutanga:

acl "kuvimba" {10.20.30.13; 10.20.30.14; 10.20.55.154; 10.20.55.155; };

5. Ita kuti mibvunzo yakadzokezve pamusoro pedu seNS1 sevha, uye ine server inoteerera pamatunhu edu ega

Zvadaro tichawedzera zvirongwa zvekugadzirisa zvishoma kuti tibvumira mibvunzo yekudzoka kune we server yeduXXUMUM uye kuti server iiteerere pamusangano wega wega, wedzera zvirongwa zvekugadzirisa pasi pe "directory var / cache / bind" sezvinotevera muzasi:

zvinyorwa {directory "/ var / cache / bind"; recursion hong; bvumira-recursion {kuvimba; }; teerera-pa {10.20.30.13; }; tendera-kutumira {hapana; }; forwarders {8.8.8.8; 8.8.4.4; }; };

Kana iyo "listen-on-v6" mirayiridzo iripo mune fomu yainzi name.conf.options, iibvise sezvatinoda BIND kuteerera chete pa IPv4.
Iye zvino pa ns1, svinura iyo inonzi.conf.local file yekugadzirisa:

# sudo nano /etc/bind/named.conf.local

Pano tava kuwedzera nzvimbo yakatarisa:

nzvimbo "test.example.com" {type type; faira "/etc/bind/zones/db.test.example.com"; tendera-kutumira {10.20.30.14; }; };

Nzvimbo yedu yega yega inonzi 10.20.0.0 / 16, saka tichazowedzera nzvimbo yakatarisana nemitsara inotevera:

nzvimbo "20.10.in-addr.arpa" {type master; faira "/etc/bind/zones/db.10.20"; tendera-kutumira {10.20.30.14; }; };

Kana mavhareji ako ari muzvikamu zvakasiyana-siyana zvepachivande munzvimbo imwe chete yemuviri, unofanirwa kutsanangura nzvimbo uye ugadzire nzvimbo yakasiyana yefaira kune imwe nhamba.

6. Kugadzira Pepa Rokufambisa Nzvimbo

Iye zvino tava kugadzira zvinyorwa uko kwatinochengetedza mafirimu edu mune:

# sudo mkdir / etc / bind / zones

Tichashandisa shanduro db.local faira kuti tifambise faira yedu yefaira, ngatitange faira yacho kutanga:

# cd / etc / bind / zones # sudo cp ../db.local ./db.test.example.com

Iye zvino shandisa iyo faira yefaira yepakona yatakanyora chete:

# sudo nano /etc/bind/zones/db.test.example.com

Inofanira kutarisa chimwe chinhu chakafanana nechomuzasi:

$ TTL 604800 @ IN SOA localhost. root.localhost. (2; Serial 604800; Zororazve 86400; Edzazve 2419200; Dzorera 604800); Negative Cache TTL; @ IN NS localhost. ; sora iyi @ IN A 127.0.0.1; sora iyi @ INAAAA :: 1; sora izvi

Zvino ngatishandure re SOA rekodi. Dzoka localhost neW1 server yeFQDN, uye shandisa "root.localhost" ne "admin.test.example.com" .Zuva rose iwe uchinaka faira rekanda, kuwedzera kwechirongwa chebasa usati watangazve zita rakadaro kana kuti BIND haingashandisi shanduko kusvika kunharaunda, tichawedzera kukosha ku "3", inofanira kutarisa chimwe chinhu chakadai:

@ IN SOA ns1.test.example.com. admin.test.example.com. (3; Serial

Zvadaro shandisai zvinyorwa zvitatu zvekupedzisira zvakanyorwa ne "sva iyi" mushure mekunyorwa kwe SOA.

Wedzera mazita mazita nameserver pakuguma kwefaira:

; zita servers - NS zvinyorwa IN NS ns1.test.example.com. IN NS ns2.test.example.com.

Mushure mokunge uwedzere A marekodhi emakwikwi anodikanwa kuva munharaunda iyi. Icho chinoreva chero server iyo zita ratinofanira kugumisa ne ".test.example.com":

; zita servers - A records nsxNUMX.test.example.com. MUNA 1 ns10.20.30.13.test.example.com. MUNA 2; 10.20.30.14 / 10.20.0.0 - A zvinyorwa host16.test.example.com. MUA 1 host10.20.55.154.test.example.com. MUNA 2

Db.test.example.com faira inofanira kutarisa chimwe chinhu sezvi:

$ TTL 604800 @ IN SOA ns1.test.example.com. admin.test.example.com. (3; Serial 604800; Zororazve 86400; Edzazve 2419200; Dzorera 604800); Negative Cache TTL; ; zita servers - NS zvinyorwa IN NS ns1.test.example.com. IN NS ns2.test.example.com. ; zita servers - A records nsxNUMX.test.example.com. MUNA 1 ns10.20.30.13.test.example.com. MUNA 2; 10.20.30.14 / 10.20.0.0 - A zvinyorwa host16.test.example.com. MUA 1 host10.20.55.154.test.example.com. MUNA 2

7. Kugadzira Reverse Zone File

Tinojekesa zvinyorwa zvePTR zve reverse DNS lookups munzvimbo dzakashandiswa mafaira. Apo DNS server inogamuchira pota yekutsvaga mhinduro yeienzaniso ye IP: "10.20.55.154", inotarisa reverse zone file kuti iwane FQDN yeIndaneti, pane yedu iyo ingadai iri "host1.test.example.com" .

Tichagadzira reverse zone faira yega imwechete inoshandiswa nzvimbo yakatsanangurwa muzita rakataurwa.conf.local isu takasikwa pa ns1. Tichashandisa shanduko db.127 faira yekomba kuti tive nechepanhau reverse refaira:

# cd / etc / bind / zones # sudo cp ../db.127 ./db.10.20

Rongedza reverse zone file kuitira kuti ifanane nechepamusoro yenzvimbo yakatsanangurwa muzita.conf.local:

# sudo nano /etc/bind/zones/db.10.20

Iyo faira yepakutanga inofanira kutarisa chimwe chinhu sezvi:

$ TTL 604800 @ IN SOA localhost. root.localhost. (1; Serial 604800; Zororazve 86400; Edzazve 2419200; Dzorera 604800); Negative Cache TTL; @ IN NS localhost. ; sora iyi 1.0.0 IN PTR localhost. ; sora izvi

Iwe unofanirwa kugadzirisa rekodhi re SOA uye kuwedzera kukosha kwechidimbu. Inofanira kutarisa chimwe chinhu chakadai:

@ IN SOA ns1.test.example.com. admin.test.example.com. (3; Serial

Zvadaro shandisai zvinyorwa zvitatu zvekupedzisira zvakanyorwa ne "sva iyi" mushure mekunyorwa kwe SOA.

Wedzera mazita mazita nameserver pakuguma kwefaira:

; zita servers - NS zvinyorwa IN NS ns1.test.example.com. IN NS ns2.test.example.com.

Iye zvino wedzera zvinyorwa zvePTR zvevamwe vese vemauto ari pane imwecheteyo ma subnet mufaira rekwese ramakasika. Izvi zvinosanganisira vatinonamata vedu vari pa 10.20.0.0 / 16 subnet. Muchikamu chekutanga tinodzokorora urongwa hwemakiti maviri ekupedzisira kubva paIndaneti yevagari vatinoda kuwedzera:

; PTR Marekhodi 13.30 MU PTR ns1.test.example.com. ; 10.20.30.13 14.30 MU PTR ns2.test.example.com. ; 10.20.30.14 154.55 MU PTR host1.test.example.com. ; 10.20.55.154 155.55 MU PTR host2.test.example.com. ; 10.20.55.155

Ponesa uye bvisa iyo inoshandiswa faira faira.

I "/etc/bind/zones/db.10.20" reverse zone file inofanira kutarisa chimwe chinhu chakadai:

$ TTL 604800 @ IN SOA test.example.com. admin.test.example.com. (3; Serial 604800; Zororazve 86400; Edzazve 2419200; Dzorera 604800); Negative Cache TTL; zita remaseva IN NS ns1.test.example.com. IN NS ns2.test.example.com. ; PTR Marekhodi 13.30 MU PTR ns1.test.example.com. ; 10.20.30.13 14.30 MU PTR ns2.test.example.com. ; 10.20.30.14 154.55 MU PTR host1.test.example.com. ; 10.20.55.154 155.55 MU PTR host2.test.example.com. ; 10.20.55.155

8. Chengetedza Kugadzirisa Files

Shandisai murairo unotevera kuti uone shanduro yekugadzirisa yeiyo yose inonzi mazita.conf mafaira atakagadzirisa:

# sudo ainzi-checkconf

Kana mafaira ako ekugadzirisa asina masangano e-syntax, zvakabuda hazvizove nemashoko ekukanganisa. Zvisinei kana iwe une dambudziko nemafaira ako ekugadzirisa, sanisa maitiro ari mu "Kugadzira Dhamato DNS Server" chikamu nemafaira aine zvikanganiso mukati uye oita kugadzirisa kwakarurama, uye iwe unogona kuedza kutevedzera mazita ainzi-checkconf zvakare.

Zita-checkzone inogona kushandiswa kutarisa kugadzirisa kwakakodzera kwemafaira ako emunzvimbo. Unogona kushandisa murairo unotevera kuti utarise nzvimbo yakatarisa "test.example.com":

# sudo zita-checkzone test.example.com db.test.example.com

Uye kana iwe uchida kutarisa shanduko yakatarisa nzvimbo, ita murairo unotevera:

# sudo zita-checkzone 20.10.in-addr.arpa /etc/bind/zones/db.10.20

Kana wangove wakagadzirisa zvakakwana mafaira ose uye zvigadziro, fambazve basa reBIND:

# sudo service bind9 kutanga

9. Kugadzirisa DNS Server Sekondari

Kugadzira imwe DNS server yechipiri nguva dzose iri pfungwa yakanaka sezvo ichashanda se failover uye inopindura mibvunzo kana inonyanya sevha isingateereri.

Pa ns2, shandisa faira yezita.conf.options:

# sudo nano /etc/bind/named.conf.options

Pamusoro pefaira, wedzera ACL nedzivanamato dzePI dzevashandi vese vanovimba navo:

acl "kuvimba" {10.20.30.13; 10.20.30.14; 10.128.100.101; 10.128.200.102; };

Kungofanana neyo name named.conf.options file ye nsxNUMX, wedzera mitsara inotevera pasi pe "directory / var / cache / bind" directive:

        recursion hong; bvumira-recursion {kuvimba; }; teerera-pa {10.20.30.13; }; tendera-kutumira {hapana; }; forwarders {8.8.8.8; 8.8.4.4; };

Ponesa uye bvisa faira.

Iye zvino svinurai zita.conf.local file yekugadzirisa:

# sudo nano /etc/bind/named.conf.local

Iye zvino tinofanira kufungidzira nzvimbo dzevaranda dzinofananidza tenzi nzvimbo pane nsxNUMX DNS server. Iko masters mirayiridzo inofanira kuiswa kumusana weNNS1 DNS server yepachena:

nzvimbo "test.example.com" {type type; faira "varanda / db.test.example.com"; masters {10.20.30.13; }; }; nzvimbo "20.10.in-addr.arpa" {type slave; faira "varanda / db.10.20"; masters {10.20.30.13; }; };

Iye zvino ponesa uye bvisa faira.

Shandisai murairo unotevera kuti uone syntax yemafaira ekugadzirisa:

# sudo ainzi-checkconf

Zvadaro tangazve basa reBIND:

# sudo service bind9 kutanga

10. Gadzira DNS Clients

Tichagadzirisa mauto mu 10.20.0.0 / 16 subnet yedu kuti tishandise masex nsxNUMX uye ns1 sevashumiri vavo vekutanga uye wechipiri DNS. Izvi zvinowirirana zvikuru neIAS mauto ari kushanda asi maLinux akawanda anoparadzira zvigadziro izvo zvinoda kuchinjwa kugara mu /etc/resolv.conf file.

Kazhinji paUbuntu, Debian uye CentOS kugoverana kungoita /etc/resolv.conf file, ita murairo unotevera semidzi:

# nano /etc/resolv.conf

Zvadaro shandura mazitaervers aripo ne:

nameserver 10.20.30.13 #ns1 nameserver 10.20.30.14 #ns2

Iye zvino chengetedza uye ubudise faira uye mutengi wako anofanira kugadzirirwa kushandisa nsxNUMX uye ns1 mazita eruzhinji.

Zvadaro edza kana vatengi vako vachigona kutumira mibvunzo kumaseva eDNS wawakarongedza:

# nslookup host1.test.example.com

Zvabuda kubva pamurairo uyu zvinofanira kuva:

Mhedziso: Server: 10.20.30.13 Address: 10.20.30.13 # 53 Zita: host1.test.example.com Mhinduro: 10.20.55.154

Iwe unogona zvakare kuedza kutsvaga kutsvaga nekutsvaga seDNS server neIndaneti yeaiti:

# nslookup 10.20.55.154

Zvakabuda zvinofanira kutarisa seizvi:

Mhedziso: Server: 10.20.30.13 Address: 10.20.30.13 # 53 154.55.20.10.in-addr.arpa zita = host1.test.example.com.

Tarisa kana vose veMagadzirisheni vagadzirisa nekushandisa mirairo iri pamusoro, kana vakadaro zvinoreva kuti makagadzirisa zvinhu zvose zvakanaka.

Kuwedzera Hondo Yatsva kuVashandi Vako DNS

Kana uchida kuwedzera mumiririri kumaseva ako eDNS ingoitevera matanho ari pasi apa:

Pamusoro pe ns1 nameserver ita zvinotevera:

  • Gadzirai A rekodi mumutambo wekufambira mberi wefaira kune wekugadzirisa uye kuwedzera kukosha kwekushanduka kweSerial.
  • Gadzira rekodhi yePTR mune reverse zone file yeunopinda uye kuwedzera kukosha kwekushanduka kweSerial.
  • Wedzera kero yako yepachivande ye IP yeAAC yakavimbwa muzita.conf.options.
  • Dzokorora zvakare BIND uchishandisa murayiro unotevera: sudo service bind9 reload zvakare

Pamusoro pe ns2 nameserver ita zvinotevera:

  • Wedzera kero yako yepachivande ye IP yeAAC yakavimbwa muzita.conf.options.
  • Dzokorora zvakare BIND uchishandisa murayiro unotevera: sudo service bind9 reload zvakare

Pamusoro pemubati wemauto ita zvinotevera:

  • Hora /etc/resolv.conf uye shandura mazitaervers kumaseva eDNS ako.
  • Shandisa nslookup kuti uedze kana mukuru wacho achibvunza mapeji eDNS.

Kubvisa Hondo Yanovapo kubva kune DNS Servers

Kana iwe uchida kubvisa mumiririri kubva kumaseva ako eDNS tsanangura matanho ari pamusoro apa.

Cherechedza: Ndapota shandisa mazita neIndaneti mazita anoshandiswa mune ino tutori yemazita uye IP mazita eWashiti mumutauro wenyu wega wega.

Iwe haufaniri kuisa Set Up Private DNS Servers neBIND kuUbuntu 16.04 iwe pachako, kana iwe ukashandisa imwe yeyedu Linux VPS Hosting Services, pane izvozvi iwe unogona kungobvunza nyanzvi yedu Linux admins kuGadzira Up Private DNS Vashumiri vane BIND pa Ubuntu 16.04 nokuda kwenyu. Dzinowanika 24 × 7 uye ichaita kuti chikumbiro chako chive pakarepo.

mabviro