bind9 orqali DNS nameserver sozlash
Kirish
DNS serverlarsiz bugungi kunni tassavvur qilish ancha qiyin masala. Biz har bir veb sayt nomiga murojaat qilayotganimizda ushbu server orqali aylanib o'tamiz. Dasturchilar tomonidan esa ko'p holatlarda yandex, cloudflare yoki provayder orqali dnslarni boshqarish imkoni bor. Ammo domenning o'zi orqali boshqarishchi?
Oddiyroq tilda tushuntirsam:
kun.uz (opens in a new tab) domenining ns ma'lumotlariga qaraydigan bo'lsa dns1.webspace.uz ma'lumotini topishimiz mumkin. Bunda siz kun.uz (opens in a new tab) domenini brauzerga yozganingizda xuddi shu domen ip manzili webspace dns serveri orqali aniqlanadi.
Mendagi manu.uz (opens in a new tab) domenini qaraydigan bo'lsak unda s1.manu.uz yozuvini kuzatamiz. Ya'ni men dns serverni o'z domenim orqali boshqaraman.
Ishni boshlash
Eslatma: ushbu sozlamalarni boshlashdan avval ns yozuv qilish kerak bo'lgan domen (masalan ns.domain.uz) provayder orqali kerakli IPga yo'naltirish kerak bo'ladi. Bu odatda email xat chiqarish orqali amalga oshiriladi.
Avvalo bunday sozlamani amalga oshirish uchun biz bind9 dasturini serverga o'rnatishimiz kerak bo'ladi.
sudo apt update && sudo apt upgrade
sudo apt install bind9 -yShundan so'ng zonalar (ns yozuvlar) uchun alohida papka yaratamiz:
mkdir /etc/bind/zones/NS server uchun ko'rsatiladigan root domenimiz uchun zona yaratish:
nano /etc/bind/named.conf.default-zoneszone "domain.uz" {
type master;
file "/etc/bind/db.fwd.domain.uz"; # zone file path
allow-transfer { 192.168.1.146; };
};
zone "146.1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.rev.domain.uz";
allow-transfer { 192.168.1.146; };
};Bunda: 192.168.1.146 server IP manzili. in-addr.arpa uchun xuddi shu IP manzilni teskari ko'rinishda sozlash lozim.
Zona uchun ns ma'lumotlar xaritasini yaratish:
nano /etc/bind/db.fwd.domain.uz$TTL 3600
@ IN SOA ns.domain.uz. root.ns.domain.uz. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns.domain.uz.
; name servers - A records
ns.domain.uz. IN A 192.168.1.146
;Ns manzilni o'zi uchun xarita:
nano /etc/bind/db.rev.domain.uz$TTL 3600
@ IN SOA ns.domain.uz. root.ns.domain.uz. (
5
604800
86400
2419200
604800 )
; name servers
IN NS ns.domain.uz.
30.10 IN PTR ns.domain.uz.Domen uchun tuzilgan kalitni aniqlaymiz:
cat /etc/bind/rndc.keyTaxminiy natija:
key "rndc-key" {
algorithm hmac-sha256;
secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};Shundan so'ng nano /etc/bind/rndc.conf faylini yaratib ichiga quyidagilarni yozamiz:
nano /etc/bind/rndc.confkey "rndc-key" {
algorithm hmac-sha256;
secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};Yozish va foydalanish huquqlarini qo'shamiz:
chown root:bind -R /etc/bind
chown bind:bind -R /etc/bind/rndc.confServisni ishga tushirish:
systemctl restart bind9.service
systemctl status bind9Yangi domen qo'shish:
nano /etc/bind/zones/db.example.uz$TTL 604800
@ IN SOA ns.domain.uz. admin.yourdomain.com. (
2023031501 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS ns.domain.uz.
ns1 IN A 192.168.1.146
ns2 IN A 192.168.1.146
example.uz. IN A 192.168.1.146
www IN A 192.168.1.146Yangi zonani qo'shish:
nano /etc/bind/named.conf.localzone "example.uz" IN {
type master;
file "/etc/bind/zones/db.example.uz";
allow-transfer { 192.168.1.146; };
};Servisni qayta ishga tushirish
systemctl restart bind9Yozuvlarni tekshirish ko'rish:
dig example.uz allQo'shimcha
Sana: 2024.03.16(2024-yil 16-mart)
Oxirgi yangilanish: 2024.03.29(2024-yil 29-mart)
Muallif: Manuchehr Usmonov
| Telegram (opens in a new tab) | Github (opens in a new tab) | Blog (opens in a new tab) |
|---|