LINUX-BG Adres : http://www.linux-bg.org |
Kak raboti DNS, chast 3 - instalatsiia na DNS cache survur. |
Ot: Nikolai Hristov Publikuvana na: 16-11-2012 Adres na statiiata: http://www.linux-bg.org/cgi-bin/y/index.pl?page=article&id=advices&key=450988452 |
Predi da prochetete tazi statiia, bi bilo dobre purvo da se
zapoznaete sus statiiata: "Kak raboti DNS, chast 1 - Resolvers
i Cache survuri" - link kum bloga mi ili link kum linux-bg.org.
Predi instalatsiiata, triabva da reshim koi dns survur da
instalirame. Eto kratuk spisuk s nai-razprostranenite dns
survuri: BIND, djbdns, PowerDNS, MaraDNS, Windows DNS
(Izsledvane za DNS softuer v Bulgariia)
V primerite shte izpolzvam paralelno instalatsiia i konfiguratsiia
na nai-razprostraneniiat dns survur - BIND, kakto i tozi, koito
izpolzvam i preporuchvam az - djbdns pod Debian.
Instalatsiia na BIND kato cache survur
V Debian stable (6.x, squeeze v momenta) BIND go ima na paket.
Instalirame go:
# apt-get install bind9
Konfiguratsiiata na bind se namira v /etc/bind/ - direktoriiata,
kato faila se kazva named.conf. V Debian tozi fail e razdelen
na niakolko faila, kato vuv vseki ot tiah se konfigurirat otdelni
neshta. Eto:
# cat named.conf
// This is the primary configuration file for the BIND DNS
server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for
information on the
// structure of BIND configuration files in Debian, *BEFORE*
you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";include
"/etc/bind/named.conf.local";include
"/etc/bind/named.conf.default-zones";
Kakto se vizhda, nastroikite se praviat v niakolko otdelni faila.
Tui kato nie iskame da konfigurirame samo cache survur, failut
koito ni interesuva e named.conf.options.
# cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers
you want
// to talk to, you may need to fix the firewall to
allow multiple
// ports to talk. See
http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for
stable
// nameservers, you probably want to use them as
forwarders.
// Uncomment the following block, and insert the
addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-recursion { 172.20.20.0/24; 172.20.30.3; };}; S tozi red razreshiavame recursive zapitvaniia kum dns cache survura ot mrezhata 172.20.20.0/255.255.255.0 kakto i ot IP adresa 172.20.30.3. Suotvetno - promeniate gi na ip/mrezhite koito shte go polzvat kato dns cache survur. # /etc/init.d/bind9 restart Veche imate rabotesht BIND dns cache survur. Instalatsiia na djbdns cache survur V Debian stable (6.x, squeeze v momenta) djbdns ne e vklyuchen, no go ima v testing/unstable. Ako iskate, mozhete da si napravite paket (http://geroyblog.blogspot.com/2012/09/how-to- install-djbdns-in-debian-squeeze.html), ili da go instalirate ot http://cr.yp.to/djbdns.html. SHTe razgledame vtoriia variant. Za tselta e nuzhno da imate slednite paketi instalirani - daemontools (kak se instalira), ucspi-tcp. Sledvame instruktsiite za instalatsiia na djb: # wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz# zcat djbdns-1.05.tar.gz|tar xvf -# cd djbdns-1.05# echo gcc -O2 -include /usr/include/errno.h > conf-cc# make# make setup check Djbdns paketa sudurzha niakolko programi, kato vsiaka ot koiato vurshi opredelena rabota: tinydns - authoritative dns survur - udp axfrdns - authoritative dns survur - tcp dnscache - dns cache survur kakto i niakolko drugi koito v sluchaia niama da budat raziasniavani. Tui kato shte instalirame dns cache survur, shte razgledame dnscache i programata za konfigurirane, koiato vurvi kum nego - dnscache-conf. Sintaksisa na programata e sledniia: dnscache-conf: usage: dnscache-conf acct logacct /dnscache [ myip ] kudeto: acct - nuzhen e da se suzdade potrebitelski akaunt, s koito shte se startira dnscache; logacct - nuzhen e da se suzdade potrebitelski akaunt, s koito shte se startira multilog, koito shte zapisva log - failovete na dnscache; /directory - v koia direktoriia da budat suzdadeni startirashtite/log - failove na dnscache myip - na koe IP shte "slusha" dnscache. # useradd dnscache # useradd dnslog # dnscache-conf dnscache dnslog /etc/dnscache 172.20.20.1 Ostava da ukazhem ot koi ip/mrezhi e razreshen da se polzva dns cache survurut. Tova se pravi v direktoriiata /etc/dnscache/root/ip/, kato v neia se suzdavat prazni failove s imenata na mrezhi/ip adresi ot koito mozhe da se polzva survura. # touch /etc/dnscache/root/ip/127.0.0.1 # touch /etc/dnscache/root/ip/172.20.20 Kakto sledva, dnscache mozhe da se izpolzva ot 127.0.0.1 ip adresa i ot mrezhata 172.20.20.0/24 Ostava samo da startirame dnscache. Tova stava, kato napravim symbolic link kum /etc/services direktoriiata: # ln -s /etc/dnscache /etc/service/dnscache # svstat /etc/service/dnscache /etc/service/dnscache/log /etc/service/dnscache: up (pid 1273) 3 seconds /etc/service/dnscache/log: up (pid 1277) 3 seconds Konfiguratsionnata direktoriia na djbdns se namira v /etc/dnscache/env, kato vsichki promenlivi sa v otdelni failove. # ls -l /etc/dnscache/env/ -rw-r--r-- 1 root root 8 Sep 9 2008 CACHESIZE -rw-r--r-- 1 root root 8 Sep 9 2008 DATALIMIT -rw-r--r-- 1 root root 15 Sep 9 2008 IP -rw-r--r-- 1 root root 8 Sep 9 2008 IPSEND -rw-r--r-- 1 root root 23 Sep 9 2008 ROOT Po podrazbirane CACHESIZE e 1000000 baita, koeto e tvurde malko i triabva da bude promeneno na po-goliama stoinost v zavisimost ot svobodnata pamet s koiato razpolagate. DATALIMIT se izpolzva ot programata softlimit, koiato ogranichava dnscache da izpolzva opredelen resurs pamet. DATASIZE triabva da e po-goliam ot CACHESIZE. ROOT ukazva v koia direktoriia se namirat dns root hints. IP ukazva na koi IP adres shte otgovaria dnscache pri zapitvaniia. IPSEND ukazva ot koi adres da se izprashtat rekursivnite zaiavki. # echo 134217728 > /etc/dnscache/env/CACHESIZE # echo 154000000 > /etc/dnscache/env/DATALIMIT Tezi stoinosti ukazvat 128mb za cache na dns zapitvaniiata i 154mb kato tsialo zadelena pamet za programata dnscache. Ako po niakakvi prichini samata programa se opita da zaeme poveche ot tazi pamet, programata softlimit shte vurne greshka "out of memory". Ostava da konfigurirate PC-to si da izpolzva tozi DNS, i tova e vsichko. Veche imame rabotesht dns cache survur. Keshiraneto stava samo v pametta, toest nishto ne se pishe po diska, ot koeto sledva, che pri vsiako restartirane na dns cache survura keshiranite danni se gubiat. Ako iskate dnscache survura vi da poddurzha DNSCurve protokola (predlozhen ot Dan Bernstein), izpolzvaite eto tozi patch i instruktsiite kum nego: http://shinobi.dempsky.org/~matthew/patches/djbdns-dnscurve-20090602.patch Statiiata e publikuvana i v bloga na avtora na adres: http://geroyblog.blogspot.com/2012/11/dns-3-dns- cache.html << Mikrotik + Openvpn + android | Periodichna tablitsa na distributsiite na Linux ... >> |
Avtorite na saita, kakto i tehnite sutrudnitsi zapazvat avtorskite prava vurhu sobstvenite si materiali publikuvani tuk,
no te sa copyleft t.e. mogat svobodno da budat kopirani i razprostraniavani s iziskvaneto izrichno da se upomenava imeto na avtora,
kakto i da se publikuva na vidno miasto, che te sa vzeti ot originalniia im URL-adres na tozi survur (http://www.linux-bg.org). Avtorskite prava na prevodnite materiali prinadlezhat na tehnite avtori. Ako s publikuvaneto tuk na niakakuv material nevolno sa narusheni nechii prava - sled konstatiraneto na tozi fakt materialut shte bude svalen.
All trademarks, logos and copyrights mentioned on this site are the property of their respective owners.
|