Wụnye ma hazie sava DNS naanị caching na RHEL/CentOS 7 - Nkebi 10
Sava DNS na-abịa n'ụdị dị iche iche dị ka nna ukwu, ohu, mbugharị na cache, ịkpọ aha ole na ole, na cache-naanị DNS bụ nke dị mfe ịtọlite. Ebe ọ bụ na DNS na-eji protocol UDP, ọ na-eme ka oge ajụjụ dịkwuo mma n'ihi na ọ chọghị nkwenye.
A na-akpọkwa sava DNS naanị cache dị ka onye na-edozi, nke ga-ajụ ndekọ ndekọ DNS wee wepụta nkọwa DNS niile sitere na sava ndị ọzọ, ma debe arịrịọ ajụjụ ọ bụla na cache ya maka iji mechaa mee otu arịrịọ ahụ n'ọdịnihu. ọ ga-eje ozi site na cache ya, si otú a na-ebelata oge nzaghachi ọbụna karịa.
Ọ bụrụ na ị na-achọ ịtọlite Nanị nkesa DNS Caching na CentOS/RHEL 6, soro ntuziaka a ebe a:
DNS server : dns.tecmintlocal.com (Red Hat Enterprise Linux 7.1) Server IP Address : 192.168.0.18 Client : node1.tecmintlocal.com (CentOS 7.1) Client IP Address : 192.168.0.29
Kwụpụ 1: Wụnye Cache-naanị DNS Server na RHEL/CentOS 7
1. Ihe nkesa DNS naanị cache-nanị, enwere ike itinye ya site na ngwungwu jikọtara. Ọ bụrụ na ichetaghị aha ngwugwu ahụ, ị nwere ike ime ngwa ngwa maka aha ngwugwu site na iji iwu dị n'okpuru.
# yum search bind
2. Na nsonaazụ dị n'elu, ị ga-ahụ ọtụtụ ngwugwu. Site na ndị ahụ, anyị kwesịrị ịhọrọ na wụnye naanị ngwugwu bind na bind-utils site na iji iwu yum.
# yum install bind bind-utils -y
Kwụpụ 2: Hazie cache-naanị DNS na RHEL/CentOS 7
3. Ozugbo arụnyere ngwugwu DNS anyị nwere ike ịga n'ihu wee hazie DNS. Mepee wee dezie /etc/named.conf site na iji editọ ederede masịrị gị. Mee mgbanwe ndị a tụrụ aro n'okpuru (ma ọ bụ ị nwere ike iji ntọala gị dịka ihe ị chọrọ).
listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
Ntuziaka ndị a na-enye ihe nkesa DNS ka ọ gee ntị na ọdụ ụgbọ mmiri UDP 53, na ikwe ka azịza ajụjụ na caches sitere na localhost na igwe ọ bụla ọzọ rutere na nkesa.
4. Ọ dị mkpa iburu n'obi na nwe nke faịlụ a ga-edozi na mgbọrọgwụ: aha ya bụ nakwa ma ọ bụrụ na enyere SELinux aka, mgbe ị dezichara faịlụ nhazi, anyị kwesịrị ijide n'aka na edoziri ya gburugburu named_conf_t dị ka egosiri na Fig. 4 (otu ihe maka faịlụ inyeaka /etc/named.rfc1912.zones):
# ls -lZ /etc/named.conf # ls -lZ /etc/named.rfc1912.zones
Ma ọ bụghị ya, hazie ọnọdụ SELinux tupu ịga n'ihu:
# semanage fcontext -a -t named_conf_t /etc/named.conf # semanage fcontext -a -t named_conf_t /etc/named.rfc1912.zones
5. Ọzọkwa, anyị kwesịrị ịnwale nhazi DNS ugbu a maka ụfọdụ njehie syntax tupu ịmalite ọrụ njikọ:
# named-checkconf /etc/named.conf
6. Mgbe syntax nkwenye nsonaazụ yiri zuru okè, Malitegharịa ekwentị aha ya bụ ọrụ na-ọhụrụ mgbanwe n'ime mmetụta na-emekwa ka ọrụ na akpaaka malite gafee usoro akpụkpọ ụkwụ, na mgbe ahụ lelee ya ọnọdụ:
# systemctl restart named # systemctl enable named # systemctl status named
7. Ọzọ, mepee ọdụ ụgbọ mmiri 53 na firewall.
# firewall-cmd --add-port=53/udp # firewall-cmd --add-port=53/udp --permanent
Kwụpụ 3: Chroot Cache-naanị DNS Server na RHEL na CentOS 7
8. Ọ bụrụ na-ịchọrọ ibunye ihe nkesa DNS naanị cache n'ime mpaghara chroot, ịkwesịrị itinye ngwugwu chroot na sistemụ ahụ ma ọ nweghị nhazi ọzọ achọrọ ka ọ bụrụ na ndabara hard-link to chroot.
# yum install bind-chroot -y
Ozugbo arụnyere ngwugwu chroot, ị nwere ike ịmalitegharị aha ya ka ọ malite mgbanwe ọhụrụ:
# systemctl restart named
9. Ọzọ, mepụta njikọ ihe atụ (kpọkwara /etc/named.conf) n'ime /var/named/chroot/etc/:
# ln -s /etc/named.conf /var/named/chroot/etc/named.conf
Kwụpụ 4: Hazie DNS na igwe Client
10. Tinye sava cache DNS IP 192.168.0.18 dị ka onye na-edozi igwe ndị ahịa. Dezie /etc/sysconfig/network-scripts/ifcfg-enp0s3 dị ka egosiri na foto a:
DNS=192.168.0.18
Na /etc/resolv.conf dị ka ndị a:
nameserver 192.168.0.18
11. N'ikpeazụ ọ bụ oge ịlele ihe nkesa cache anyị. Iji mee nke a, ị nwere ike iji nslookup iwu.
Họrọ weebụsaịtị ọ bụla wee jụọ ya ugboro abụọ (anyị ga-eji facebook.com dịka ọmụmaatụ). Rịba ama na iji gwuo oge nke abụọ ajụjụ a agwụla ngwa ngwa n'ihi na a na-esi na cache na-ebu ya.
# dig facebook.com
Ị nwekwara ike iji nslookup iji nyochaa na sava DNS na-arụ ọrụ dịka a tụrụ anya ya.
# nslookup facebook.com
Nchịkọta
N'isiokwu a, anyị akọwala otu esi edozi ihe nkesa DNS naanị na Red Hat Enterprise Linux 7 na CentOS 7, wee nwalee ya na igwe ndị ahịa. Enwere onwe gị ime ka anyị mara ma ị nwere ajụjụ ma ọ bụ aro ọ bụla site na iji ụdị dị n'okpuru.