bind9 orqali nameserver
Loyihani qo'llab quvvatlash uchub buyerga bosing
DNS serverlarsiz bugungi kunni tassavvur qilish ancha qiyin masala. Biz har bir veb sayt nomiga murojaat qilayotganimizda ushbu server orqali aylanib o’tamiz. Dasturchilar tomonidan esa ko’p holatlarda yandex, cloudflare yoki provayder orqali dnslarni boshqarish imkoni bor. Ammo domenning o’zi orqali boshqarishchi?
Oddiyroq tilda tushuntirsam:
kun.uz domenining ns ma’lumotlariga qaraydigan bo’lsa dns1.webspace.uz ma’lumotini topishimiz mumkin. Bunda siz kun.uz domenini brauzerga yozganingizda xuddi shu domen ip manzili webspace dns serveri orqali aniqlanadi.
Mendagi manu.uz domenini qaraydigan bo’lsak unda s1.manu.uz yozuvini kuzatamiz. Ya’ni men dns serverni o’z domenim orqali boshqaraman.
Ishni boshlash:
Eslatma: ushbu sozlamalarni boshlashdan avval ns yozuv qilish kerak bo’lgan domen (masalan ns.domain.uz) provayder orqali kerakli ipga yo’naltirish kerak bo’ladi. Bu odatda email xat chiqarish orqali amalga oshiriladi.
Avvalo bunday sozlamani amalga oshirish uchun biz bind9 dasturini serverga o’rnatishimiz kerak bo’ladi.
sudo apt update && sudo apt upgrade
sudo apt install bind9 -y
Shundan so’ng zonalar (ns yozuvlar) uchun alohida papka yaratamiz:
mkdir /etc/bind/zones/
NS server uchun ko’rsatiladigan root domenimiz uchun zona yaratish:
nano /etc/bind/named.conf.default-zones
zone "domain.uz" {
type master;
file "/etc/bind/db.fwd.domain.uz"; # zone file path
allow-transfer { 192.168.1.146; };
};
zone "146.1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.rev.domain.uz";
allow-transfer { 192.168.1.146; };
};
Bunda: 192.168.1.146 server ip manzili. in-addr.arpa uchun xuddi shu ip manzilni teskari ko’rinishda sozlash lozim.
Zona uchun ns ma’lumotlar xaritasini yaratish:
nano /etc/bind/db.fwd.domain.uz
$TTL 3600
@ IN SOA ns.domain.uz. root.ns.domain.uz. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns.domain.uz.
; name servers - A records
ns.domain.uz. IN A 192.168.1.146
;
Ns manzilni o’zi uchun xarita:
nano /etc/bind/db.rev.domain.uz
$TTL 3600
@ IN SOA ns.domain.uz. root.ns.domain.uz. (
5
604800
86400
2419200
604800 )
; name servers
IN NS ns.domain.uz.
30.10 IN PTR ns.domain.uz.
Demon uchun tuzilgan kalitni aniqlaymiz:
cat /etc/bind/rndc.key
Taxminiy natija:
key "rndc-key" {
algorithm hmac-sha256;
secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};
Shundan so’ng nano /etc/bind/rndc.conf
faylini yaratib ichiga quyidagilarni yozamiz:
key "rndc-key" {
algorithm hmac-sha256;
secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Yozish va foydalanish huquqlarini qo’shamiz:
chown root:bind -R /etc/bind
chown bind:bind -R /etc/bind/rndc.conf
Servisni ishga tushirish:
systemctl restart bind9.service
systemctl status bind9
Yangi domen qo’shish:
nano /etc/bind/zones/db.example.uz
$TTL 604800
@ IN SOA ns.domain.uz. admin.yourdomain.com. (
2023031501 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS ns.domain.uz.
ns1 IN A 192.168.1.146
ns2 IN A 192.168.1.146
example.uz. IN A 192.168.1.146
www IN A 192.168.1.146
Yangi zonani qo’shish:
nano /etc/bind/named.conf.local
zone "example.uz" IN {
type master;
file "/etc/bind/zones/db.example.uz";
allow-transfer { 192.168.1.146; };
};
Servisni qayta ishga tushirish
systemctl restart bind9
Yozuvlarni tekshirish ko’rish:
dig example.uz all