Tọọ Caching-naanị DNS nkesa na-eji Bind na CentOS 6.5


Enwere ọtụtụ ụdị sava DNS dị ka nna ukwu, ohu, mbugharị na cache, n'etiti ha Caching-Only DNS bụ nke dị mfe ịtọlite. DNS na-eji UDP protocol ya mere ọ ga-ebelata oge ajụjụ n'ihi na UDP protocol enweghị nkwenye.

Gụkwaakwa: Tọọ Nna-ukwu DNS nkesa na CentOS 6.5

A na-akpọkwa ihe nkesa DNS nke na-echekwa naanị dị ka onye na-edozi ihe. Ọ ga-ajụ ndekọ ndekọ DNS wee nweta ozi DNS niile sitere na sava ndị ọzọ wee chekwaa arịrịọ ajụjụ ọ bụla na cache ya maka iji emechaa. Ka anyị na-ajụ otu arịrịọ nke ugboro abụọ, ọ ga-eje ozi site na cache ya, otu a ọ na-ebelata oge ajụjụ.

Ọ bụrụ na ị na-achọ ịtọlite Nanị nkesa DNS Caching na CentOS/RHEL 7, soro ntuziaka a ebe a:

IP Address	:	192.168.0.200
Host-name	:	dns.tecmintlocal.com
OS		:	Centos 6.5 Final
Ports Used	:	53
Config File	:	/etc/named.conf
script file	:	/etc/init.d/named

Kwụpụ 1: Wụnye Caching-naanị DNS

1. Caching-Only DNS, nwere ike tinye ya site na iji ngwugwu 'bind'. Ka anyị mee ntakịrị ọchụchọ maka aha ngwugwu ma ọ bụrụ na anyị echetaghị aha ngwugwu jupụtara na iji iwu dị n'okpuru.

# yum search bind

2. Na nsonaazụ dị n'elu, ị na-ahụ ngwugwu gosipụtara. Site na nke ahụ, anyị kwesịrị ịhọrọ ngwugwu 'bind' na ''bind-utils', ka anyị tinye ha site na iji iwu 'yum'.

# yum install bind bind-utils -y

Kwụpụ 2: Hazie caching-naanị DNS

3. Ozugbo, DNS nchịkọta arụnyere, gaa n'ihu hazi DNS. Mepee wee dezie ''named.conf' faịlụ site na iji vim editọ.

# vim /etc/named.conf

4. Ọzọ, mee mgbanwe dị ka atụ aro n'okpuru ma ọ bụ ị nwere ike iji ntọala gị dị ka gị chọrọ. Ndị na-esonụ bụ mgbanwe ndị anyị kwesịrị ime maka sava DNS naanị caching. N'ebe a, site na ndabara onye localhost ga-anọ ebe ahụ, anyị kwesịrị ịgbakwunye 'ọ bụla' ịnakwere ajụjụ sitere na netwọk ọ bụla.

listen-on port 53 { 127.0.0.1; any; };
allow-query     { localhost; any; };
allow-query-cache       { localhost; any; };

  1. ọdụ ụgbọ mmiri 53 - Nke a na-ekwu na ihe nkesa cache chọrọ iji ọdụ ụgbọ mmiri 53 maka ajụjụ.
  2. allow-query - Nke a na-akọwapụta adreesị IP nwere ike ịjụ ihe nkesa ahụ, ebe a ka m kọwapụtara maka localhost, site na ebe ọ bụla onye ọ bụla nwere ike izipu ajụjụ.
  3. allow-query-cache - Nke a ga-agbakwunye arịrịọ ajụjụ na njikọ.
  4. recursion - Nke a ga-ajụ azịza wee nyeghachi anyị, mgbe a na-ajụ ajụjụ ọ nwere ike iziga ajụjụ na sava DNS ndị ọzọ na ịntanetị wee weghachi ajụjụ ahụ.

5. Mgbe edezi faịlụ, anyị ga-akwado ma 'named.conf' faịlụ nwe na agbanwebeghị na mgbọrọgwụ: aha, n'ihi na DNS na-agba ọsọ n'okpuru a usoro ọrụ. aha ya.

# ls -l /etc/named.conf
# ls -l /etc/named.rfc1912.zones

6. Ọ bụrụ na ihe nkesa na-enyere aka na selinux, mgbe ị dezie faịlụ 'named.conf', anyị kwesịrị ịlele maka ọnọdụ selinux, faịlụ nhazi ọ bụla aha ya kwesịrị ịdị na system_u:object_r: Aha ya bụ_conf_t:s0 dị ka egosiri na foto dị n'okpuru.

# ls -lZ /etc/named.conf
# ls -lZ /etc/named.rfc1912.zones

Ọ dị mma, ebe a anyị kwesịrị ịnwale nhazi DNS ugbu a maka ụfọdụ njehie syntax, tupu ịmalite ọrụ njikọ, ọ bụrụ na achọpụtara njehie ọ bụla enwere ike ịchọta ụfọdụ site na /var/messages kwa.

# named-checkconf /etc/named.conf

Mgbe nsonaazụ nyocha syntax ahụ dị ka nke zuru oke, malitegharịa ọrụ ahụ ka ọ rụọ ọrụ maka mgbanwe ndị dị n'elu wee mee ka ọrụ ahụ na-aga n'ihu mgbe ị na-emegharị ihe nkesa wee kwado otu ihe ahụ.

# /etc/init.d/named restart
# chkconfig named on
# chkconfig --list named

7. Ọzọ, mepee ọdụ ụgbọ mmiri 53 na firewall ka ị nweta ohere.

# iptables -I INPUT -p udp --dport 53 -j ACCEPT

Kwụpụ 4: Chroot Caching-naanị DNS

8. Ọ bụrụ na ịchọrọ ịgba ọsọ DNS caching-server n'okpuru chroot gburugburu, ịkwesịrị ịwụnye ngwugwu chroot naanị, ọ dịghị mkpa nhazi ọzọ, dịka ọ na-esi na ndabara siri ike. - njikọ na chroot.

# yum install bind-chroot -y

Ozugbo arụnyere ngwungwu chroot, ị nwere ike ịmalitegharị ọrụ akpọrọ ka ịme mgbanwe ọhụrụ.

# /etc/init.d/named restart

9. Ozugbo ị malitegharịrị ọrụ aha ya, ọ na-akpaghị aka na-emepụta hard-link site na /etc/named config faịlụ gaa na /var/named/chroot/etc/b> directory. Iji gosi, jiri naanị iwu nwamba n'okpuru /var/named/chroot.

# sudo cat /var/named/chroot/etc/named.conf

Na nhazi dị n'elu, ị ga-ahụ otu nhazi /etc/named.conf, dịka a ga-edochi ya mgbe ị na-etinye ngwugwu bind-chroot.

Kwụpụ 5: Ntọala DNS nke onye ahịa

10. Tinye sava caching DNS IP 192.168.0.200 dị ka onye na-edozi maka igwe ndị ahịa.

Na igwe dabere na Debian, ọ ga-adị n'okpuru /etc/resolv.conf na na igwe dabere na RPM ọ ga-adị n'okpuru setup iwu ma ọ bụ anyị nwere ike dezie aka n'okpuru / wdg. /sysconfig/network-scripts/ifcfg-eth0 faịlụ.

11. N'ikpeazụ ọ bụ oge ịlele ihe nkesa cache anyị site na iji ụfọdụ ngwaọrụ. Anyị nwere ike ịnwale site na iji dig & nslookup iwu na sistemụ Linux, na na windo ị nwere ike iji iwu nslookup.

Ka anyị jụọ 'facebook.com' maka oge mbụ, ka ọ wee chekwaa ajụjụ ya.

# dig facebook.com
# dig facebook.com

Jiri 'nslookup' iwu iji kwado otu ihe ahụ.

# nslookup facebook.com

Iji gụkwuo gbasara igwu na nslookup iwu atụ na ojiji, jiri njikọ ndị a.

  1. 8 nslookup iwu na ojiji
  2. 10 gwuo iwu na ojiji

N'ebe a, anyị ahụla ka anyị siri hazie ihe nkesa na-echekwa DNS naanị site na iji ngwugwu bid ma chekwaa ya site na iji ngwugwu chroot.