Tọọ Caching-naanị DNS nkesa na-eji Bind na CentOS 6.5
Enwere ọtụtụ ụdị sava DNS dị ka nna ukwu, ohu, mbugharị na cache, n'etiti ha Caching-Only DNS bụ nke dị mfe ịtọlite. DNS na-eji UDP protocol ya mere ọ ga-ebelata oge ajụjụ n'ihi na UDP protocol enweghị nkwenye.
Gụkwaakwa: Tọọ Nna-ukwu DNS nkesa na CentOS 6.5
A na-akpọkwa ihe nkesa DNS nke na-echekwa naanị dị ka onye na-edozi ihe. Ọ ga-ajụ ndekọ ndekọ DNS wee nweta ozi DNS niile sitere na sava ndị ọzọ wee chekwaa arịrịọ ajụjụ ọ bụla na cache ya maka iji emechaa. Ka anyị na-ajụ otu arịrịọ nke ugboro abụọ, ọ ga-eje ozi site na cache ya, otu a ọ na-ebelata oge ajụjụ.
Ọ bụrụ na ị na-achọ ịtọlite Nanị nkesa DNS Caching na CentOS/RHEL 7, soro ntuziaka a ebe a:
IP Address : 192.168.0.200 Host-name : dns.tecmintlocal.com OS : Centos 6.5 Final Ports Used : 53 Config File : /etc/named.conf script file : /etc/init.d/named
Kwụpụ 1: Wụnye Caching-naanị DNS
1. Caching-Only DNS, nwere ike tinye ya site na iji ngwugwu 'bind'. Ka anyị mee ntakịrị ọchụchọ maka aha ngwugwu ma ọ bụrụ na anyị echetaghị aha ngwugwu jupụtara na iji iwu dị n'okpuru.
# yum search bind
2. Na nsonaazụ dị n'elu, ị na-ahụ ngwugwu gosipụtara. Site na nke ahụ, anyị kwesịrị ịhọrọ ngwugwu 'bind' na ''bind-utils', ka anyị tinye ha site na iji iwu 'yum'.
# yum install bind bind-utils -y
Kwụpụ 2: Hazie caching-naanị DNS
3. Ozugbo, DNS nchịkọta arụnyere, gaa n'ihu hazi DNS. Mepee wee dezie ''named.conf' faịlụ site na iji vim editọ.
# vim /etc/named.conf
4. Ọzọ, mee mgbanwe dị ka atụ aro n'okpuru ma ọ bụ ị nwere ike iji ntọala gị dị ka gị chọrọ. Ndị na-esonụ bụ mgbanwe ndị anyị kwesịrị ime maka sava DNS naanị caching. N'ebe a, site na ndabara onye localhost ga-anọ ebe ahụ, anyị kwesịrị ịgbakwunye 'ọ bụla' ịnakwere ajụjụ sitere na netwọk ọ bụla.
listen-on port 53 { 127.0.0.1; any; }; allow-query { localhost; any; }; allow-query-cache { localhost; any; };
- ọdụ ụgbọ mmiri 53 - Nke a na-ekwu na ihe nkesa cache chọrọ iji ọdụ ụgbọ mmiri 53 maka ajụjụ.
- allow-query - Nke a na-akọwapụta adreesị IP nwere ike ịjụ ihe nkesa ahụ, ebe a ka m kọwapụtara maka localhost, site na ebe ọ bụla onye ọ bụla nwere ike izipu ajụjụ.
- allow-query-cache - Nke a ga-agbakwunye arịrịọ ajụjụ na njikọ.
- recursion - Nke a ga-ajụ azịza wee nyeghachi anyị, mgbe a na-ajụ ajụjụ ọ nwere ike iziga ajụjụ na sava DNS ndị ọzọ na ịntanetị wee weghachi ajụjụ ahụ.
5. Mgbe edezi faịlụ, anyị ga-akwado ma 'named.conf' faịlụ nwe na agbanwebeghị na mgbọrọgwụ: aha, n'ihi na DNS na-agba ọsọ n'okpuru a usoro ọrụ. aha ya.
# ls -l /etc/named.conf # ls -l /etc/named.rfc1912.zones
6. Ọ bụrụ na ihe nkesa na-enyere aka na selinux, mgbe ị dezie faịlụ 'named.conf', anyị kwesịrị ịlele maka ọnọdụ selinux, faịlụ nhazi ọ bụla aha ya kwesịrị ịdị na system_u:object_r: Aha ya bụ_conf_t:s0 dị ka egosiri na foto dị n'okpuru.
# ls -lZ /etc/named.conf # ls -lZ /etc/named.rfc1912.zones
Ọ dị mma, ebe a anyị kwesịrị ịnwale nhazi DNS ugbu a maka ụfọdụ njehie syntax, tupu ịmalite ọrụ njikọ, ọ bụrụ na achọpụtara njehie ọ bụla enwere ike ịchọta ụfọdụ site na /var/messages kwa.
# named-checkconf /etc/named.conf
Mgbe nsonaazụ nyocha syntax ahụ dị ka nke zuru oke, malitegharịa ọrụ ahụ ka ọ rụọ ọrụ maka mgbanwe ndị dị n'elu wee mee ka ọrụ ahụ na-aga n'ihu mgbe ị na-emegharị ihe nkesa wee kwado otu ihe ahụ.
# /etc/init.d/named restart # chkconfig named on # chkconfig --list named
7. Ọzọ, mepee ọdụ ụgbọ mmiri 53 na firewall ka ị nweta ohere.
# iptables -I INPUT -p udp --dport 53 -j ACCEPT
Kwụpụ 4: Chroot Caching-naanị DNS
8. Ọ bụrụ na ịchọrọ ịgba ọsọ DNS caching-server n'okpuru chroot gburugburu, ịkwesịrị ịwụnye ngwugwu chroot naanị, ọ dịghị mkpa nhazi ọzọ, dịka ọ na-esi na ndabara siri ike. - njikọ na chroot.
# yum install bind-chroot -y
Ozugbo arụnyere ngwungwu chroot, ị nwere ike ịmalitegharị ọrụ akpọrọ ka ịme mgbanwe ọhụrụ.
# /etc/init.d/named restart
9. Ozugbo ị malitegharịrị ọrụ aha ya, ọ na-akpaghị aka na-emepụta hard-link site na /etc/named config faịlụ gaa na /var/named/chroot/etc/b> directory. Iji gosi, jiri naanị iwu nwamba n'okpuru /var/named/chroot.
# sudo cat /var/named/chroot/etc/named.conf
Na nhazi dị n'elu, ị ga-ahụ otu nhazi /etc/named.conf, dịka a ga-edochi ya mgbe ị na-etinye ngwugwu bind-chroot.
Kwụpụ 5: Ntọala DNS nke onye ahịa
10. Tinye sava caching DNS IP 192.168.0.200 dị ka onye na-edozi maka igwe ndị ahịa.
Na igwe dabere na Debian, ọ ga-adị n'okpuru /etc/resolv.conf na na igwe dabere na RPM ọ ga-adị n'okpuru setup iwu ma ọ bụ anyị nwere ike dezie aka n'okpuru / wdg. /sysconfig/network-scripts/ifcfg-eth0 faịlụ.
11. N'ikpeazụ ọ bụ oge ịlele ihe nkesa cache anyị site na iji ụfọdụ ngwaọrụ. Anyị nwere ike ịnwale site na iji dig & nslookup iwu na sistemụ Linux, na na windo ị nwere ike iji iwu nslookup.
Ka anyị jụọ 'facebook.com' maka oge mbụ, ka ọ wee chekwaa ajụjụ ya.
# dig facebook.com
# dig facebook.com
Jiri 'nslookup' iwu iji kwado otu ihe ahụ.
# nslookup facebook.com
Iji gụkwuo gbasara igwu na nslookup iwu atụ na ojiji, jiri njikọ ndị a.
- 8 nslookup iwu na ojiji
- 10 gwuo iwu na ojiji
N'ebe a, anyị ahụla ka anyị siri hazie ihe nkesa na-echekwa DNS naanị site na iji ngwugwu bid ma chekwaa ya site na iji ngwugwu chroot.