..

bind9 orqali nameserver

Loyihani qo'llab quvvatlash uchub buyerga bosing

DNS serverlarsiz bugungi kunni tassavvur qilish ancha qiyin masala. Biz har bir veb sayt nomiga murojaat qilayotganimizda ushbu server orqali aylanib o’tamiz. Dasturchilar tomonidan esa ko’p holatlarda yandex, cloudflare yoki provayder orqali dnslarni boshqarish imkoni bor. Ammo domenning o’zi orqali boshqarishchi?

Oddiyroq tilda tushuntirsam:

kun.uz domenining ns ma’lumotlariga qaraydigan bo’lsa dns1.webspace.uz ma’lumotini topishimiz mumkin. Bunda siz kun.uz domenini brauzerga yozganingizda xuddi shu domen ip manzili webspace dns serveri orqali aniqlanadi.

Mendagi manu.uz domenini qaraydigan bo’lsak unda s1.manu.uz yozuvini kuzatamiz. Ya’ni men dns serverni o’z domenim orqali boshqaraman.

Ishni boshlash:

Eslatma: ushbu sozlamalarni boshlashdan avval ns yozuv qilish kerak bo’lgan domen (masalan ns.domain.uz) provayder orqali kerakli ipga yo’naltirish kerak bo’ladi. Bu odatda email xat chiqarish orqali amalga oshiriladi.

Avvalo bunday sozlamani amalga oshirish uchun biz bind9 dasturini serverga o’rnatishimiz kerak bo’ladi.

sudo apt update && sudo apt upgrade
sudo apt install bind9 -y

Shundan so’ng zonalar (ns yozuvlar) uchun alohida papka yaratamiz:

mkdir /etc/bind/zones/

NS server uchun ko’rsatiladigan root domenimiz uchun zona yaratish:

nano /etc/bind/named.conf.default-zones
zone "domain.uz" {
 type master;
 file "/etc/bind/db.fwd.domain.uz"; # zone file path
 allow-transfer { 192.168.1.146; };
};
zone "146.1.168.192.in-addr.arpa" {
 type master;
 file "/etc/bind/db.rev.domain.uz";
 allow-transfer { 192.168.1.146; }; 
};

Bunda: 192.168.1.146 server ip manzili. in-addr.arpa uchun xuddi shu ip manzilni teskari ko’rinishda sozlash lozim.

Zona uchun ns ma’lumotlar xaritasini yaratish:

nano /etc/bind/db.fwd.domain.uz
$TTL    3600
@       IN      SOA     ns.domain.uz. root.ns.domain.uz. (
 2         ; Serial
 604800         ; Refresh
 86400         ; Retry
 2419200         ; Expire
 604800 )       ; Negative Cache TTL
;
; name servers - NS records
 IN      NS      ns.domain.uz.
; name servers - A records
ns.domain.uz.          IN      A       192.168.1.146
;

Ns manzilni o’zi uchun xarita:

nano /etc/bind/db.rev.domain.uz
$TTL    3600
@       IN      SOA     ns.domain.uz. root.ns.domain.uz. (
 5
 604800
 86400
 2419200
 604800 )
; name servers
 IN      NS      ns.domain.uz.
30.10      IN      PTR    ns.domain.uz.

Demon uchun tuzilgan kalitni aniqlaymiz:

cat /etc/bind/rndc.key

Taxminiy natija:

key "rndc-key" {
 algorithm hmac-sha256;
 secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};

Shundan so’ng nano /etc/bind/rndc.conf faylini yaratib ichiga quyidagilarni yozamiz:

key "rndc-key" {
 algorithm hmac-sha256;
 secret "BPHuhhHVX+CoLmmw6hfwh9a0R5CyRHOhNuPyqvogfps=";
};
options {
 default-key "rndc-key";
 default-server 127.0.0.1;
 default-port 953;
};

Yozish va foydalanish huquqlarini qo’shamiz:

chown root:bind -R /etc/bind
chown bind:bind -R /etc/bind/rndc.conf

Servisni ishga tushirish:

systemctl restart bind9.service
systemctl status bind9

Yangi domen qo’shish:

nano /etc/bind/zones/db.example.uz
$TTL    604800
@       IN      SOA     ns.domain.uz. admin.yourdomain.com. (
                              2023031501  ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

@       IN      NS      ns.domain.uz.

ns1     IN      A       192.168.1.146
ns2     IN      A       192.168.1.146

example.uz. IN      A       192.168.1.146
www     IN      A       192.168.1.146

Yangi zonani qo’shish:

nano /etc/bind/named.conf.local
zone "example.uz" IN {
    type master;
    file "/etc/bind/zones/db.example.uz";
    allow-transfer { 192.168.1.146; };
};

Servisni qayta ishga tushirish

systemctl restart bind9

Yozuvlarni tekshirish ko’rish:

dig example.uz all