Kuidas konfigureerida DJBDNS-i FreeBSD-s

See õpetus näitab, kuidas konfigureerida DNS-teenust, mida on lihtne hooldada, lihtne konfigureerida ja mis on üldiselt turvalisem kui klassikaline BIND-teenus. See artikkel eeldab, et kasutate VPS-i, kuhu on installitud FreeBSD.

Alustuseks avage oma terminal ja installige see pakett:

<ceph>[~]# pkg install djbdns                                              
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 3 packages will be affected (of 0 checked):

New packages to be INSTALLED:
djbdns: 1.05_20,1
ucspi-tcp: 0.88_2
daemontools: 0.76_17

The process will require 1 MB more space.
251 KB to be downloaded.

Proceed with this action? [y/N]: y
Fetching djbdns-1.05_20,1.txz: 100%  139 KB 142.4k/s    00:01    
Fetching ucspi-tcp-0.88_2.txz: 100%   62 KB  63.1k/s    00:01    
Fetching daemontools-0.76_17.txz: 100%   51 KB  51.7k/s    00:01    
Checking integrity... done (0 conflicting)
[1/3] Installing ucspi-tcp-0.88_2...
[1/3] Extracting ucspi-tcp-0.88_2: 100%
[2/3] Installing daemontools-0.76_17...
[2/3] Extracting daemontools-0.76_17: 100%
[3/3] Installing djbdns-1.05_20,1...
[3/3] Extracting djbdns-1.05_20,1: 100%

Installimine installib automaatselt lisapaketid ( daemontoolsja ucspi-tcp).

Looge kaks kasutajat gtinydnsja gdnslog. Alustage esimesest kasutajast:

<ceph>[~]# adduser         
Username: gtinydns
Full name: gtinydns
Uid (Leave empty for default): 
Login group [gtinydns]: 
Login group is gtinydns. Invite gtinydns into other groups? []: 
Login class [default]: 
Shell (sh csh tcsh zsh rzsh nologin) [sh]: nologin
Home directory [/home/gtinydns]: 
Home directory permissions (Leave empty for default): 
Use password-based authentication? [yes]: 
Use an empty password? (yes/no) [no]: 
Use a random password? (yes/no) [no]: yes
Lock out the account after creation? [no]: 
Username   : gtinydns
Password   : <random>
Full Name  : gtinydns
Uid        : 1002
Class      : 
Groups     : gtinydns 
Home       : /home/gtinydns
Home Mode  : 
Shell      : /usr/sbin/nologin
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (gtinydns) to the user database.
adduser: INFO: Password for (gtinydns) is: rTsada2131sa1Mg
Add another user? (yes/no): no
Goodbye!

Nüüd lisage teine ​​kasutaja:

<ceph>[~]# adduser
Username: gdnslog
Full name: gdnslog
Uid (Leave empty for default):  
Login group [gdnslog]: 
Login group is gdnslog. Invite gdnslog into other groups? []: 
Login class [default]: 
Shell (sh csh tcsh zsh rzsh nologin) [sh]: nologin
Home directory [/home/gdnslog]: 
Home directory permissions (Leave empty for default): 
Use password-based authentication? [yes]: 
Use an empty password? (yes/no) [no]: 
Use a random password? (yes/no) [no]: yes
Lock out the account after creation? [no]: 
Username   : gdnslog
Password   : <random>
Full Name  : gdnslog
Uid        : 1003
Class      : 
Groups     : gdnslog 
Home       : /home/gdnslog
Home Mode  : 
Shell      : /usr/sbin/nologin
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (gdnslog) to the user database.
adduser: INFO: Password for (gdnslog) is: jWsdad33aasdaFa0
Add another user? (yes/no): no
Goodbye!

Käivitage järgmine käsk. Asendage IP-aadress oma Vultr-serveri aadressiga.

<ceph>[~]# tinydns-conf gtinydns gdnslog /usr/local/etc/tinydns 108.61.100.100

See käsk loob kataloogid, failid ja muud alamkataloogid /usr/local/etc/tinydns. See sisestab ka VPS-i IP-aadressi /usr/local/etc/tinydns/env/IP.

Loo kataloog /service.

<ceph>[~]# mkdir /service

Muutke oma /etc/rc.conffaili:

<ceph>[~]# ee /etc/rc.conf

... ja ja need read:

svscan_enable="YES"
svscan_servicedir="/service"

Salvestage konfiguratsioon ja käivitage svscanteenus:

<ceph>[~]# /usr/local/etc/rc.d/svscan start
Starting svscan.

Järgmisena minge sellesse kataloogi:

 <ceph>[~]# cd /usr/local/etc/tinydns/root

Redigeeri datafaili:

 <ceph>[root]# ee data

... ja lisage mõned DNS-andmed:

# domain1.com
Zdomain1.com:dns1.domain1.com.:ns.domain1.com.:2013101203:604800:86400:2419200:604800:3600
&domain1.com::dns1.domain1.com.:3600
&domain1.com::dns2.domain1.com.:3600

# MX
@domain1.com::mail1.domain1.com.:10:3600
@domain1.com::mail2.domain1.com.:30:3600

# IP's (A records)
=dns1.domain1.com:108.61.210.99:3600
=dns2.domain1.com:89.201.163.42:3600
=mail1.domain1.com:89.201.163.42:3600
=mail2.domain1.com:85.114.41.8:3600
=www.domain1.com:108.61.178.194:3600
=test1.domain1.com:193.198.184.100:3600
=test2.domain1.com:108.61.178.215:3600

# Aliases
+domain1.com:108.61.178.194:3600
+smtp.domain1.com:89.201.163.42:3600
+imap.domain1.com:89.201.163.42:3600

Salvestage fail ja väljuge.

Jookse ls:

<ceph>[root]# ls
Makefile  add-alias  add-childns  add-host  add-mx  add-ns  data

Teisendage oma tekstiandmed andmebaasivormingusse:

<ceph>[root]# make
/usr/local/bin/tinydns-data

Jookse lsuuesti:

<ceph>[root]# ls
Makefile  add-alias  add-childns  add-host  add-mx  add-ns  data  data.cdb

Pange tähele data.cdbfaili. Olete selle makekäsuga loonud .

Ja veel üks asi, looge sümboolne link:

<ceph>[root]# ln -s /usr/local/etc/tinydns /service

Nüüd testige oma uut DNS-serverit. Asenda 108.61.178.110oma serveri IP-aadressiga.

<ceph>[root]# host www.domain1.com 108.61.178.110 
Using domain server:
Name: 108.61.178.110
Address: 108.61.178.110#53
Aliases: 

www.domain1.com has address 108.61.178.194

Nimeserveri otsing:

<ceph>[root]# host -t ns domain1.com 108.61.178.110 
Using domain server:
Name: 108.61.178.110
Address: 108.61.178.110#53
Aliases: 

domain1.com name server dns1.domain1.com.
domain1.com name server dns2.domain1.com.

Mailserver MX otsing:

<ceph>[root]# host -t mx domain1.com 108.61.178.110 
Using domain server:
Name: 108.61.178.110
Address: 108.61.178.110#53
Aliases: 

domain1.com mail is handled by 10 mail1.domain1.com.
domain1.com mail is handled by 30 mail2.domain1.com.

Veel üks kord, et olla kindel:

<ceph>[root]# host mail1.domain1.com 108.61.178.110 
Using domain server:
Name: 108.61.178.110
Address: 108.61.178.110#53
Aliases: 

mail1.domain1.com has address 89.201.163.42

Palju õnne! Teil on töötav DNS-server. Asendage domain1.comoma domeeniga. Pärast iga muudatust käivitage makekäsk uue data.cdbfaili loomiseks.

Andmefaili selgitus:

"A" kirjed algavad =märgiga. Pseudonüümid või CNAME-kirjed koos +märgiga. Meiliserverid algavad @märgiga. Nimeserverid &märgiga.

Näide 1:

=test1.domain1.com:193.198.184.100:3600

=tähistab "A" rekordit. test1.domain1.comon DNS-nimi, IP 193.198.184.100on aadress, milles test1.domain1.comlahendatakse, ja 3600 on TTL (aeg elada).

Näide 2:

# MX
@domain1.com::mail1.domain1.com.:10:3600
@domain1.com::mail2.domain1.com.:30:3600

Selles näites mail1ja mail2on e-posti serverid domain1.com. mail1prioriteet on 10 ja mail2prioriteet 30. See tähendab, et meiliserverid proovivad esmalt kirju kohale toimetada aadressile mail1. Kui mail1ebaõnnestub, siis nad proovivad mail2.

Järgmine rida tähistab tsooni teabe algust. See on nõutav.

Zdomain1.com:dns1.domain1.com.:ns.domain1.com.:2013101203:604800:86400:2419200:604800:3600

2013101203numbrit kasutatakse siis, kui teil on mõne teise teenusepakkuja teisese DNS. Kui muudate numbriks 2013101204, teab sekundaarne DNS, et DNS-is on tehtud muudatusi, ja võtab need muudatused vastu. See on ainult informatiivsel eesmärgil (teil on vaja AXFR DNS-i edastusteenust). Teise võimalusena saate programmiga kopeerida ja kleepida oma DNS-i muudatused kahe DJBDNS-serveri vahel rsync.

Kui teie FreeBSD serveris on PF tulemüür, lisage DNS-päringute lubamiseks see rida:

pass quick proto {tcp, udp} from any to $me port 53 flags S/SA keep state