Tọlite Nna-ukwu-Ohu DNS nkesa site na iji Ngwa Jikọọ na RHEL/CentOS 6.5


A na-eji sava ngalaba Aha (DNS) emezi aha maka ndị ọbịa ọ bụla. Sava DNS Master (Primary Server) bụ ndị na-ahụ maka data mpaghara mbụ yana sava DNS Server (Secondary Server) bụ naanị sava ndabere nke a na-eji detuo ozi mpaghara ahụ site na sava nna ukwu. Nna-ukwu Server ga-edozi aha maka ndị ọbịa ọ bụla nke anyị kọwara na nchekwa data mpaghara wee jiri usoro UDP, n'ihi na usoro UDP anaghị eji usoro nkwenye mgbe tcp na-eji nkwenye. Sava DNS na-ejikwa UDP protocol dozie arịrịọ ajụjụ na mbụ.

Ịghọta DNS nwere ike ịbụ ntakịrị mgbagwoju anya maka ndị ọhụrụ. Nke a bụ nkọwa dị nkenke maka ka DNS si arụ ọrụ.

Ka anyị kwuo, ọ bụrụ na anyị kwesịrị ịnweta weebụsaịtị ọ bụla ihe anyị ga-eme? Naanị pịnye www.google.com na ihe nchọgharị wee pịa tinye. Hmm nke ahụ bụ naanị ihe anyị maara, mana nke bụ eziokwu bụ, ka mgbu DNS si aga na ya, mgbe ọ na-ajụ anyị ajụjụ. Ka anyị na-apịnye www.google.com sistemụ ga-achọ www.google.com. Mgbe ọ bụla anyị pịnyere aha ngalaba, enwere . (ntụpọ) na njedebe nke www.google.com nke na-ekwu ka ịchọọ mgbọrọgwụ nkesa aha.

N'ụwa niile enwere sava mgbọrọgwụ 13 dị iji dozie ajụjụ a. Na mbụ, ka anyị kụrụ tinye dị ka www.google.com ihe nchọgharị anyị ga-ebufe arịrịọ onye na-edozi mpaghara anyị, nke nwere ntinye gbasara ozi sava DNS nke nna anyị ukwu na ohu. Ọ bụrụ na ha enweghị ozi gbasara ajụjụ a rịọrọ, ha ga-agafe arịrịọ ahụ na ngalaba ọkwa dị elu (TLD), ọ bụrụ na TLD asị na amaghị m arịrịọ ahụ, nwere ike ịbụ sava ikike mara arịrịọ gị, ọ ga-ebuga ya na ikike. sava, ebe a naanị www.google.com ka akọwara dị ka adreesị 72.36.15.56.

Ka ọ dị ugbu a, ihe nkesa nwere ikike ga-enye azịza TLD na TLD ga-agafe na ihe nkesa mgbọrọgwụ na mgbọrọgwụ ga-enye ozi ahụ na ihe nchọgharị, ya mere ihe nchọgharị ahụ ga-echekwa arịrịọ DNS maka ojiji n'ọdịnihu. Ya mere ogologo usoro a ga-edozi naanị na milliseconds. Ọ bụrụ na ha amaghị arịrịọ ha ga-aza dị ka NXDOMAIN. Nke ahụ pụtara, enweghị ndekọ ọ bụla-ahụtara na nchekwa data Mpaghara. Atụrụ anya na nke a ga-eme ka ị ghọta ka DNS si arụ ọrụ.

Gụọkwa: Mepụta sava DNS cache na Ubuntu

Maka edemede a, m na-eji igwe 3, 2 maka nhazi ihe nkesa (nna ukwu na ohu) na 1 maka onye ahịa.

---------------------------------------------------
Master DNS Server
---------------------------------------------------

IP Address	:	192.168.0.200
Host-name	:	masterdns.tecmintlocal.com
OS		:	Centos 6.5 Final
---------------------------------------------------
Slave DNS Server
---------------------------------------------------

IP Address	:	192.168.0.201
Host-name	:	slavedns.tecmintlocal.com
OS		:	Centos 6.5 Final
---------------------------------------------------
Client Machine to use DNS
---------------------------------------------------

IP Address	:	192.168.0.210
Host-name	:	node1.tecmintlocal.com
OS		:	Centos 6.5 Final
bind, bind-utils, bind-chroot
config file	:	/etc/named.conf
script file	:	/etc/init.d/named
53, UDP

Melite Master DNS Server

Mbụ, nyochaa adreesị IP, Aha nnabata na ụdị nkesa nke Nna-ukwu DNS Server, tupu ịga n'ihu maka nhazi.

$ sudo ifconfig | grep inet
$ hostname
$ cat /etc/redhat-release

Ozugbo, ị na-akwado na ntọala ndị dị n'elu ziri ezi, oge ọ ga-aga n'ihu iji wụnye ngwugwu achọrọ.

$ sudo yum install bind* -y

Mgbe ị wụnyechara ngwugwu achọrọ, kọwaa faịlụ mpaghara na nhazi nhazi 'named.conf'faịlụ.

$ sudo vim /etc/named.conf

Nyere n'okpuru bụ ntinye faịlụ aha m.conf, gbanwee faịlụ nhazi dịka mkpa gị.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 192.168.0.200; }; # Here we need to add our Master DNS Server IP.
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24; }; # subnet range where my hosts are allowed to query our DNS.
        allow-transfer     { localhost; 192.168.0.201; };  # Here we need to our Slave DNS server IP.
        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

## Define our forward & reverse Zone file here for tecmintlocal.com.


zone"tecmintlocal.com" IN {
type master;
file "tecmintlocal.fwd.zone";
allow-update { none; };
};

zone"0.168.192.in-addr.arpa" IN {
type master;
file "tecmintlocal.rev.zone";
allow-update { none; };
};

#####
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Nke a bụ nkọwa nke nhazi ọ bụla anyị ji mee ihe na faịlụ dị n'elu.

  1. ọdụ ụgbọ mmiri 53 - A na-eji nke a maka DNS ege ntị na oghere dịnụ.
  2. Master DNS - Kọwaa, adreesị IP Nna-ukwu gị iji gee ajụjụ a.
  3. DNS Ohu - Kọwaa DNS ohu gị, nke a na-eji mekọrịta ozi mpaghara anyị iji dozie ndị ọbịa sitere na Master.
  4. mgbegharị mba - Ọ bụrụ na edobere ya ee, ajụjụ ntugharị ga-eme ka sava ahụ bụrụ ọgụ DDOS.
  5. Aha Mpaghara - Kọwaa aha mpaghara gị ebe a akọwara dị ka tecminlocal.com.
  6. ụdị nna ukwu - Dịka ahaziri sistemụ a maka sava ukwu, maka sava ohu na-abịa nke a ga-abụ ohu.
  7. tecmintlocal.fwd.zone - Faịlụ a nwere ozi nnabata maka mpaghara a.
  8. ollow-update ọ dịghị ihe - Ọ bụrụ na ọ nweghị nke ga-edobe. ọ gaghị eji Dynamic DNS (DDNS).

Na mbụ ka anyị kọwapụta ntinye mpaghara nleba anya. N'ebe a, anyị kwesịrị ịmepụta faịlụ mpaghara n'aha ihe anyị kọwapụtara na faịlụ named.conf dị ka n'okpuru.

tecmintlocal.fwd.zone
tecmintlocal.rev.zone

Anyị na-eji faịlụ nhazi ihe atụ maka ịmepụta faịlụ mpaghara mbugharị, maka nke a, anyị ga-eṅomi faịlụ nhazi nhazi.

$ sudo cp /var/named/named.localhost /var/named/tecmintlocal.fwd.zone
$ sudo cp /var/named/named.loopback /var/named/tecmintlocal.rev.zone

Otu oge, ị depụtaghachila faịlụ nhazi, ugbu a dezie faịlụ mpaghara ndị a site na iji editọ vim.

$ sudo vim /var/named/tecmintlocal.fwd.zone

Tupu ịkọwa ozi onye ọbịa anyị na faịlụ mpaghara mbugharị, buru ụzọ lelee faịlụ mpaghara mpaghara ngwa ngwa.

Nke a bụ nhazi mpaghara m na-aga n'ihu, tinye ntinye n'okpuru ma mee mgbanwe dịka mkpa gị si dị.

$TTL 86400
@       IN SOA  masterdns.tecmintlocal.com.     root.tecmintlocal.com. (
                                  2014090401    ; serial
                                        3600    ; refresh
                                        1800    ; retry
                                      604800    ; expire
                                       86400 )  ; minimum

; Name server's

@       IN      NS      masterdns.tecmintlocal.com.
@       IN      NS      slavedns.tecmintlocal.com.

; Name server hostname to IP resolve.

@       IN      A       192.168.0.200
@       IN      A       192.168.0.201

; Hosts in this Domain

@       IN      A       192.168.0.210
@       IN      A       192.168.0.220
masterdns       IN      A       192.168.0.200
slavedns        IN      A       192.168.0.201
node1           IN      A       192.168.0.210
rhel1           IN      A       192.168.0.220

Chekwaa ma kwụsị faịlụ site na iji wq!. Mgbe edezichara nlele anya, ọ dị ka n'okpuru, Jiri TAB nweta usoro dị mma na faịlụ mpaghara.

Ugbu a, mepụta faịlụ nchọgharị azụ, anyị emelarị otu faịlụ loop-back n'aha tecmintlocal.rev.zone. Yabụ, anyị na-eji faịlụ a hazie nyocha azụ anyị.

$ sudo vim /var/named/tecmintlocal.rev.zone

Tupu ịkọwapụta ozi nnabata anyị na faịlụ mpaghara azụ, nwee ngwa ngwa nlele faịlụ nchọgharị azụ dịka egosiri n'okpuru.

Nke a bụ nhazi mpaghara azụ m, tinye ntinye n'okpuru ma mee mgbanwe dịka mkpa gị.

$TTL 86400
@       IN SOA  masterdns.tecmintlocal.com. root.tecmintlocal.com. (
                                2014090402      ; serial
                                      3600      ; refresh
                                      1800      ; retry
                                    604800      ; expire
                                     86400 )    ; minimum

; Name server's

@       IN      NS      masterdns.tecmintlocal.com.
@       IN      NS      slavedns.tecmintlocal.com.
@       IN      PTR     tecmintlocal.com.

; Name server hostname to IP resolve.

masterdns       IN      A       192.168.0.200
slavedns        IN      A       192.168.0.201

;Hosts in Domain 

node1           IN      A       192.168.0.210
rhel            IN      A       192.168.0.220
200             IN      PTR     masterdns.tecmintlocal.com.
201             IN      PTR     slavedns.tecmintlocal.com.
210             IN      PTR     node1.tecmintlocal.com.
220             IN      PTR     rhel1.tecmintlocal.com.

Chekwaa ma kwụsị faịlụ site na iji wq!. Mgbe edezichara nlele anya, ọ dị ka n'okpuru, Jiri TAB nweta usoro dị mma na faịlụ mpaghara.

Lelee ikike otu nke nlele anya & tụgharịa faịlụ nyocha, tupu ịlele maka mperi ọ bụla na nhazi.

$ sudo ls -l /var/named/

N'ebe a, anyị nwere ike ịhụ faịlụ abụọ ahụ dị na ndị ọrụ mgbọrọgwụ, n'ihi na faịlụ ndị anyị na-eme ka otu faịlụ sitere na faịlụ nlele dị n'okpuru /var/named/. Gbanwee otu ka aha ya na faịlụ abụọ ahụ site na iji iwu ndị a.

$ sudo chgrp named /var/named/tecmintlocal.fwd.zone
$ sudo chgrp named /var/named/tecmintlocal.rev.zone

Mgbe ịtọlitechara ikike ziri ezi na faịlụ ndị ahụ, nyochaa ha ọzọ.

$ sudo ls -l /var/named/

Ugbu a, lelee njehie dị na faịlụ mpaghara, tupu ịmalite ọrụ DNS. Buru ụzọ lelee faịlụ aha.conf, wee lelee faịlụ mpaghara ndị ọzọ.

$ sudo named-checkconf /etc/named.conf
$ sudo named-checkzone masterdns.tecminlocal.com /var/named/tecmintlocal.fwd.zone
$ sudo named-checkzone masterdns.tecminlocal.com /var/named/tecmintlocal.rev.zone

Site na ndabara iptables na-agba ọsọ na ihe nkesa DNS anyị na-ejedebe na localhost, ọ bụrụ na onye ahịa chọrọ idozi aha site na sava DNS anyị, mgbe ahụ anyị ga-ahapụ arịrịọ inbound, n'ihi na anyị kwesịrị ịgbakwunye iwu inbound iptables maka ọdụ ụgbọ mmiri 53.

$ sudo iptables -I INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT

Ugbu a, chọpụta na agbakwunyela iwu ndị ahụ nke ọma na yinye INPUT.

$ sudo iptables -L INPUT

Na-esote, chekwaa iwu ma malitegharịa firewall.

$ sudo service iptables save
$ sudo service iptables restart

Bido ọrụ akpọrọ aha wee mee ka ọ na-aga n'ihu.

$ sudo service named start
$ sudo chkconfig named on
$ sudo chkconfig --list named

N'ikpeazụ, nwalee faịlụ mpaghara mpaghara Master DNS ahaziri (gaa n'ihu na tụgharịa), na-eji ngwa igwu & nslookup.

$ dig masterdns.tecmintlocal.com		[Forward Zone]
$ dig -x 192.168.0.200
$ nslookup tecmintlocal.com
$ nslookup masterdns.tecmintlocal.com
$ nslookup slavedns.tecmintlocal.com

Jụụ! anyị ahazila Nna-ukwu DNS, ugbu a, anyị kwesịrị ịtọlite ohu DNS Server. Ka anyị gaa n'ihu ịtọlite sava ohu, nke a agaghị ewe oge dị ka nhazi nhazi.

Mepụta sava DNS ohu

Na igwe ohu, anyị kwesịkwara ịwụnye otu ngwugwu njikọ dị ka egosiri na Master, yabụ ka anyị tinye ha site na iji iwu na-esote.

$ sudo yum install bind* -y

Mepee ma dezie faịlụ 'named.conf' maka nchekwa data mpaghara na ntị ọdụ ụgbọ mmiri.

$ sudo vim /etc/named.conf

Mee mgbanwe dịka egosiri, dịka ihe ị chọrọ.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 192.168.0.201}; # Our Slave DNS server IP
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24; };
        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

## Define our slave forward and reverse zone, Zone files are replicated from master.

zone"tecmintlocal.com" IN {
type slave;
file "slaves/tecmintlocal.fwd.zone";
masters { 192.168.0.200; };
};

zone"0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/tecmintlocal.rev.zone";
masters { 192.168.0.200; };
};

#####
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Iji malite ọrụ DNS.

$ sudo service named start

Mgbe ịmalitegharị ọrụ njikọ ahụ, anyị agaghị akọwapụta ozi mpaghara n'otu n'otu, n'ihi na ịnyefe ikike anyị ga-emegharị ozi mpaghara site na sava ukwu dị ka egosiri na foto dị n'okpuru.

$ sudo ls -l /var/named/slaves

Nyochaa, ozi mpaghara site na iji iwu pusi.

$ sudo cat /var/named/slaves/tecmintlocal.fwd.zone
$ sudo cat /var/named/slaves/tecmintlocal.rev.zone

Na-esote, mepee ọdụ ụgbọ mmiri DNS 53 na iptables iji kwe ka njikọ inbound.

$ sudo iptables -I INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT

Chekwaa iwu iptables wee malitegharịa ọrụ iptables.

$ sudo service iptables save
$ sudo service iptables restart

Mee ka ọrụ ahụ na-adịgide adịgide na buut sistemụ.

$ sudo chkconfig iptables on
Check whether persistent set for run-levels .
$ sudo chkconfig --list iptables

Ọ bụ ya!. Ugbu a oge iji hazie igwe ndị ahịa anyị wee lelee aha nnabata.

Hazie igwe onye ahịa

N'akụkụ ndị ahịa anyị kwesịrị ekenye Primary (192.168.0.200) na Secondary DNS (192.168.0.201) ntinye na ntọala netwọkụ iji kenye aha nnabata. Iji mee, gbaa iwu ntọlite iji kọwapụta ndenye ndị a niile dịka egosiri na foto a.

$ setup

Ọzọ, dezie faịlụ '/etc/reslov.conf' wee tinye ndenye ndị a.

$ vim /etc/resolv.conf
search tecmintlocal.com
nameserver 192.168.0.200
nameserver 192.168.0.201

Ugbu a, nyochaa ip, aha nnabata na nyocha aha nkesa.

$ ifconfig | grep inet
$ hostname
$ nslookup tecmintlocal.com

Ugbu a, lelee n'ihu & tụgharịa nyocha DNS site na iji.

$ dig masterdns.tecmintlocal.com
$ dig -x 192.168.0.200

Ịghọta ihe nrụpụta igwu:

  1. Onye isi - Nke a na-ekwu ihe niile anyị jụrụ yana ka nsonaazụ ya siri bụrụ.
  2. Ọnọdụ – Ọnọdụ abụghị ERROOR, nke pụtara na arịrịọ anyị zitere gara nke ọma na-enweghị njehie ọ bụla.
  3. Ajụjụ – Ajụjụ nke anyị mere, ebe a ajuju m bụ masterdns.tecmintlocal.com.
  4. Azịza – A na-edozi arịrịọ ajụjụ ma ọ bụrụ na ozi dị.
  5. Ikike - Nzaghachi nke sava aha maka ngalaba na mpaghara.
  6. Mgbakwunye – Ozi mgbakwunye gbasara aha-sava dị ka onye ọbịa-aha na adreesị IP.
  7. Oge ajụjụ - Ogologo oge ole ka o were maka idozi aha sitere na sava ndị dị n'elu.

N'ikpeazụ lelee ọnụ anyị ma mee ping.

$ dig node1.tecmintlocal.com
$ ping masterdns.tecmintlocal.com -c 2
$ ping slavedns.tecmintlocal.com -c 2
$ ping 192.168.0.200 -c 2
$ ping 192.168.0.201 -c 2

N'ikpeazụ, ntọlite mechara, ebe a anyị ahaziri ma Primary (Master) na ohu (Seconday) DNS nkesa nke ọma, na-atụ anya na onye ọ bụla edozila-ed na-enweghị nsogbu ọ bụla, nweere onwe gị ịhapụ ikwu okwu ma ọ bụrụ na ị na-eche nsogbu ọ bụla ihu mgbe ị na-edozi.