Lektori bqha Boyan Krosnov i Vesselin Kolev
[12:51:18] <@DNS_and_BIND> Zdravei, Boyane! Zdraveite i vsichki prisystvashti tuk! Trygvam kym offica.. Sled 40 min vlizam i se podgotviame za zapochvane:)
[13:53:22] <|IP|> adide malko ostava :)
[13:57:27] <Nik666> koi shte e lektor btw ?
[13:57:59] <@DNS_and_BIND> Pyrvo zapochva ASIC, t.e. Boyan Krosnov
[13:58:08] <@DNS_and_BIND> Sled tova sym az - Vesselin Kolev
[13:58:37] <Nik666> temata obshta li e ili neshto specifichno shte byde ?
[13:58:45] <@ASIC> http://linux-bulgaria.org/lug-bg-list/archive/2002/Sep/0182.html
[13:58:50] <daLizard> oho
[13:58:51] <daLizard> nik
[13:58:52] <daLizard> =)
[13:58:57] <Nik666> zdraste ;-)
[13:59:24] <@ASIC> razbrahme se s Vesselin(DNS_and_BIND) da izchakame zakysneli oshte 5 minuti
[14:00:13] <KeuH> sto servera kazva, ce casa e 11:54? :)))
[14:00:27] <@ASIC> KeuH, koj server ?
[14:00:36] <KeuH> Topic for #bind set by ChanServ!cs@services.ca at Sun Sep 15 11:54:41
[14:00:42] <KeuH> ami kato se joinnah
[14:00:49] <KeuH> tova gore se pokazha v prozoreca na xchata
[14:00:52] <@ASIC> towa oznachawa che topica e setnat togawa
[14:00:53] <Nik666> togava e set topica
[14:00:56] <KeuH> aha
[14:00:57] <|IP|> ./time
[14:00:58] <KeuH> cool
[14:00:59] <KeuH> 10x
[14:01:00] <KeuH> :)
[14:01:28] <KeuH> typ vupros :)))))))
[14:02:58] <Nik666> lekciata shte se logva li ? ne viarvam da mine cialata bez da me izdropi pone vednyj ...
[14:03:00] <daLizard> oho
[14:03:01] <daLizard> rapuntsel
[14:03:02] <daLizard> =)
[14:03:03] <KeuH> na kiriliza li ste se govori? :))))))
[14:03:10] <daLizard> Nik666: da
[14:03:10] <KeuH> ami az logvam uzh
[14:03:14] <@ASIC> na latinica
[14:03:14] <daLizard> shte ima log
[14:03:17] <rapuntsel> daLizard ;p kyky :)
[14:03:30] <daLizard> rapuntsel: 3-ma sme ot rousse za sega
[14:03:38] <Nik666> samo pilenca sme se sybrali ...
[14:03:39] <|IP|> Nik666: az shti pratq log ;)
[14:04:13] <rapuntsel> daLizard :)),. mm damz,. chydno
[14:04:22] <daLizard> super
[14:04:23] <@ASIC> shte publikuwam log na http://boyan.ludost.net/papers/bind-lect.html wednaga sled kraq na sybitieto
[14:04:24] <daLizard> =)
[14:04:33] <daLizard> ASIC: okay.
[14:04:40] <Nik666> gut
[14:04:54] <daLizard> oho
[14:05:03] <daLizard> himika =)
[14:05:12] <Himika> po4nahte li ve4e? :)
[14:05:27] <@ASIC> 30 sekundi oshte da chakame zakysneli :)
[14:05:29] <Nik666> mai chakame zakysnelite ...
[14:05:32] <Nik666> mdam ;-)
[14:05:36] <Himika> sorry za zakusnenieto.. talkvah s jenata
[14:05:42] <daLizard> heh
[14:05:43] <|IP|> az prez tva vreme si serviram da qm pred comp-a :))
[14:05:53] <@ASIC> ok, zapochwame
[14:05:56] <KeuH> :)
=================================================
[14:06:08] <@ASIC> tishina w zalata ...
[14:06:29] <@ASIC> ------------------- CIDR ------------------
[14:06:29] <@ASIC> Tekushtata shema za razpredelenie na adresite w internet se naricha Classless Interdomain Routing.
[14:06:29] <@ASIC> Tq pozwolqwa efektiwno razpredelenie na ip adresnoto prostranstwo mejdu otdelnite organizacii,
[14:06:29] <@ASIC> koito se nujdaqt ot takowa i shte e dostatychna za da zadowoli nujdata ot IPv4 adresi w internet pone oshte 10-20 godini.
[14:06:49] <@ASIC> ----- istoriq
[14:06:49] <@ASIC> Istoricheski pri syzdawaneto na internet prez 1969-ta do 1975-ta godina e zalojena shema za razdelqne na adresnoto prostranstwo na klasowe i mreji ot syotwetnite klasowe.
[14:06:49] <@ASIC> maska /8 za class A. maska /16 za class B. maska /24 za class C.
[14:06:49] <@ASIC> Po towa wreme ne e imalo nikakwo dopylnitelno razdelqne w ramkite na edna klasowa mreja.
[14:07:05] <@ASIC> T.e. na wsqka wryzka - otdelna klasowa mreja.
[14:07:05] <@ASIC> Ako imate nujda ot edna fizicheska mreja ot primerno 300 mini computera sa wi dawali cqla class B mreja - /16.
[14:07:05] <@ASIC> Ako imate 10 Ethernet mreji sys po 10 kompjytyra wyw wsqka sa wi dawali 10 Class C mreji - 10x /24.
[14:07:20] <@ASIC> ---
[14:07:20] <@ASIC> Sled towa w perioda 1983 - 1985 (RFC 917,922,932,936,940) e razrabotena i prieta shema za razdelqne na adresnoto prostranstwo koqto se naricha FLSM (Fixed length subnet masking). Na kratko prawilata na FLSM: Wsqka klasowa mreja moje da se razdelq na RAVNI PO GOLEMINA podmreji. Kato nulewata i poslednata podmreja ne mogat da se polzwat. Prieto e prawiloto che subnet maskite shte imat (ot starshi kym mladshi dwoichno) n bita edinici i 32-n bita nuli.
[14:07:37] <@ASIC> ---
[14:07:37] <@ASIC> Predi kraq na 1985 (RFC 950,1878) e dowyrshena i standartizirana shema za razpredelenie koqto se naricha VLSM (Variable length subnet masking). Koqto pozwolqwa wsqka klasowa mreja da se razdelq na proizwolen broj podmreji sys razlichna golemina. Primerno ako imate alokirana klasowa mreja class C:194.12.224.0, mojete da si naprawite ot neq 3 subneta - 194.12.224.0/26, 194.12.224.64/26 i 194.12.224.128/25. Premahnato e prawiloto za neizpolzwane na nulewiq i posledniq subnet.
[14:07:54] <@ASIC> ---
[14:07:54] <@ASIC> Do 1995 (RFC 1338,1367,1467,1517-1520,1817) e dowyrshena CIDR (Classless Interdomain Routing), koqto totalno premahwa nujdata ot klasowe w IP. Nqma nikakwa zawisimost mejdu pyrwite bitowe (ili oktet) na adresa i maskata koqto mu syotwetstwa. CIDR e nadstrojka na VLSM. Primer 194.12.224.0/19 e edna CIDR mreja systawena 8192 adresa ili ot 32 (biwshi) klas C mreji. tq moje da se razdeli na naj-raznoobrazni podmreji sys razlichni maski. primerno na 1x /21, 23x /24, i 64x /30 podmreji.
[14:08:16] <@ASIC> ------
[14:08:16] <@ASIC> Principa na delegirane na in-addr.arpa. domain-ite e razraboten, nqkyde po wreme na VLSM erata, kogato wsqka organizaciq e imala sobstwena classfull mreja. Razshirenieto i za koeto shte gowori Vesselin pozwolqwa bezklasowo delegirane na obslujwaneto na in-addr.arpa imena (reverse dns). Primer za nujdata ot towa. 194.12.224.0/19 e razdelena na mnogo malki mreji pritejawani i obslujwani ot razlichni organizacii. 194.12.255.248/29 e mreja ot 8 adresa na edna takawa wynshna organizaciq. Za da ne se nalaga za wsqka promqna w reverse dns-ite na tazi mreja da ni zwynqt klienti (ili ot drugata
[14:08:45] <@ASIC> gledna tochka, da zwynite na dostawchika) moje da se izpolzwa bezklasowoto delegirane na reverse dns imena za da se predade 'obslujwaneto' i 'uprawlenieto' na tezi imena na dns serverite na syotwetniq klient.
[14:09:10] <@ASIC> ------
[14:09:10] <@ASIC> --- pauza za izchitane i wyprosi na private kym lektora
[14:09:10] <@ASIC> ------
[14:14:44] <@ASIC> --- otworena diskusiq na temata ---
[14:15:03] <@ASIC> syshto se interesuwam ot mnenieto wi, wsqkakwi drugi idei, mneniq, preporyki
[14:15:49] <Himika> dotuk dobre, nikakvi kritiki, vaprosi, etc:)
[14:16:16] <@ASIC> kafe pauza togawa :)
[14:16:23] <@DNS_and_BIND> 5 min
[14:16:24] <Himika> mislq, 4e koito ima propuski, moje da si gi populni 4rez saotvetnite RFC-ta i docs:)
[14:16:27] <apt-get> pause bese sodta dulga, ako nikoi ne vuzraziava - po-kusa pause
[14:16:58] <Himika> kato produljite, prashtaite notice vmesto message, za da moje clientite ni da izdavat zvuk:))
[14:17:01] <Himika> apt-get:suglasen
[14:17:08] <@ASIC> ok
==============================================
[14:21:10] <@DNS_and_BIND> Zdraveite, celata na moiata lekcia e da vi zapoznae s domaina in-addr.arpa
[14:21:16] <@DNS_and_BIND> s negovoto delegirane
[14:21:23] <@DNS_and_BIND> i bezklasovoto delegirane na in-addr.arpa
[14:21:31] <@DNS_and_BIND> izviniavam se ako pisha bavno
[14:21:38] <@DNS_and_BIND> na ne desktop computera mi niama mishka
[14:21:48] <@DNS_and_BIND> i za tova ne moga da kopiram
[14:21:53] <@DNS_and_BIND> ot fail s text
[14:21:58] <@DNS_and_BIND> Tova, koeto shte obiasniavam
[14:22:04] <@DNS_and_BIND> shte e na takova nivo
[14:22:08] <@DNS_and_BIND> che da mozhe absoliutno vseki
[14:22:14] <@DNS_and_BIND> da razbere tova, koeto shte kazha
[14:22:21] <@DNS_and_BIND> i da mozhe da realizira ideite
[14:22:27] <@DNS_and_BIND> koito shte opisha nakratko
[14:22:38] <@DNS_and_BIND> in-addr.arpa kato domain e prednaznachen
[14:22:48] <@DNS_and_BIND> da byde sredstvo za reshavane na obratnata zadacha
[14:22:50] <@DNS_and_BIND> v DNS
[14:22:58] <@DNS_and_BIND> t.e. preobrazuvaneto na IP adresi v imena na hostove
[14:23:10] <@DNS_and_BIND> bi traibvalo da imate predvid
[14:23:20] <@DNS_and_BIND> che tozi domain e spacialen
[14:23:24] <@DNS_and_BIND> i se syzdaden samo za tova
[14:23:35] <@DNS_and_BIND> Kakva e osnovnata ideia
[14:23:59] <@DNS_and_BIND> imeto na in-addr.arpa subdomaina se opredelia chrez oktetite ne mrezhata
[14:24:06] <@DNS_and_BIND> za koito shte reshava obratnata zadacha
[14:24:13] <@DNS_and_BIND> no izbroeni v obraten red
[14:24:29] <@DNS_and_BIND> naprimer, za mrezhata 193.0.0.0 syotvetnia in-addr.arpa subdomain
[14:24:34] <@DNS_and_BIND> shte byde 193.in-addr.arpa
[14:24:54] <@DNS_and_BIND> ako mrezhata e 193.68.0.0 domaina shte byde 68.193.in-addr.arpa
[14:25:08] <@DNS_and_BIND> ako e 193.68.245 shte byde 245.68.193.in-addr.arpa
[14:25:28] <@DNS_and_BIND> Cialata tazi shema e podchinena na ednonachelie
[14:25:42] <@DNS_and_BIND> Shte obiasnia za kakvo stava duma
[14:25:50] <@DNS_and_BIND> Kakto e izvestnop na povecheto ot vas
[14:26:03] <@DNS_and_BIND> mrezhite se razdavat ot localni registratori
[14:26:10] <@DNS_and_BIND> za Evropa takyv registrator e RIPE
[14:26:37] <@DNS_and_BIND> Po princip ideilogiata e subdomain sydyrzhash samo edin oktet
[14:26:42] <@DNS_and_BIND> kato naprimer 193.in-addr.arpa
[14:26:51] <@DNS_and_BIND> da se dava na localen register
[14:27:18] <@DNS_and_BIND> Shte pomolia da izchakate s vyprosite si!
[14:27:22] <@DNS_and_BIND> ta da prodalzha
[14:27:37] <@DNS_and_BIND> ideologiata v razdavaneto na in-addr.arpa domainite e
[14:28:02] <@DNS_and_BIND> che subdomainite s edin oktet v sebe si se davat na localnite registri
[14:28:05] <@DNS_and_BIND> zasega te sa samo 3
[14:28:10] <@DNS_and_BIND> ARIN za Amerikite
[14:28:18] <@DNS_and_BIND> RIPE za Evropa i Africa
[14:28:26] <@DNS_and_BIND> i APNIC za Asia i Pacific
[14:28:48] <@DNS_and_BIND> Sled kato se reshi koia mrezha
[14:28:54] <@DNS_and_BIND> kym koi register
[14:28:58] <@DNS_and_BIND> shte se obluzhva
[14:29:10] <@DNS_and_BIND> v root-serverite se pravi syotvetnia zapis za tova
[14:29:20] <@DNS_and_BIND> naprimer 193.0.0.0 e predostavena na RIPE
[14:29:37] <@DNS_and_BIND> i za 193.in-addr.arpa
[14:29:58] <@DNS_and_BIND> sa posocheni serverite za imena na RIPE i neini poddyrzhashti organizacii
[14:30:09] <@DNS_and_BIND> syshtoto e polozhenieto s mrezhite 212.0.0.0
[14:30:13] <@DNS_and_BIND> 194.0.0.0
[14:30:37] <@DNS_and_BIND> i tehnite in-addr.arpa domaini se obsluzhvat ot serverite na imena na RIPE i poddryzhashtite organizacii
[14:31:01] <@DNS_and_BIND> Vtorara chast v delegiraneto zapochva pri samia localen register
[14:31:17] <@DNS_and_BIND> Toi prodava
[14:31:19] <@DNS_and_BIND> podmrezhi
[14:31:27] <@DNS_and_BIND> na kraini klienti
[14:31:51] <@DNS_and_BIND> predi godini
[14:31:55] <@DNS_and_BIND> praktikata beshe druga
[14:32:00] <@DNS_and_BIND> osven RIPE
[14:32:13] <@DNS_and_BIND> imashe i localni registry ne samo za kontinente
[14:32:25] <@DNS_and_BIND> predi godini localen register beshe DigSys
[14:32:39] <@DNS_and_BIND> sled tova se reshi, che samo RIPE mozhe da razdava mrezhi
[14:32:55] <@DNS_and_BIND> i za Evropa samo RIPE zapochna da razdava mrezhi
[14:33:05] <@DNS_and_BIND> sledovatelno i in-addr.arpa subdomaini
[14:33:21] <@DNS_and_BIND> Ako vie zakupite mrezha ot class C
[14:33:29] <@DNS_and_BIND> naprimer 212.67.34.0/24
[14:33:42] <@DNS_and_BIND> vie shte poiskate ot RIPE
[14:33:58] <@DNS_and_BIND> da delegira v domaina 212.in-addr.arpa
[14:34:07] <@DNS_and_BIND> subdomain za vashata mrezha, v sluchaia
[14:34:17] <@DNS_and_BIND> 34.67.212.in-addr.arpa
[14:34:35] <@DNS_and_BIND> (zabelezhete pak che oktetite se izbroiavat ot liavo na diasno)
[14:35:06] <@DNS_and_BIND> Za da delegira RIPE vashia subdomain za pritezhavanata ot vas mrezha
[14:35:15] <@DNS_and_BIND> e nuzhno da podadete serveri za imema
[14:35:27] <@DNS_and_BIND> koito da obsluzhvat syotvetnia in-addr.arpa subdomain
[14:35:43] <@DNS_and_BIND> Dotuk tova e obshtata logika na neshtata...
[14:35:53] <@DNS_and_BIND> Sega shte navlezem malko po-navytre
[14:36:08] <@DNS_and_BIND> v detaili sled kato obshtata kartina sigurno vi e stanala iasna
[14:36:36] <@DNS_and_BIND> Pyrvo... mnogo hora misliat, che ako edna mrezha e ot class B
[14:36:55] <@DNS_and_BIND> to za neia bi traibvalo da se definira in-addr.arpa subdomain
[14:37:00] <@DNS_and_BIND> koito da sydyrzha v sebe si
[14:37:04] <@DNS_and_BIND> samo dva okteta...
[14:37:15] <@DNS_and_BIND> Tova ne e zadylzhitelno....
[14:37:40] <@DNS_and_BIND> Vyzmozhno e edna subdomaina in-addr.arpa za mrezha ot class B
[14:37:52] <@DNS_and_BIND> da se definira sumarno s 255 subdomaina za mrezhi ot class C
[14:38:27] <@DNS_and_BIND> Tynkostta e, che na DNS cifrite v naimenovanieto na domaina in-addr.arpa ne govoriat nishto za mrezhata
[14:38:54] <@DNS_and_BIND> vsichko tova e edno domainnno dyrvo sys subdomainna struktura
[14:39:18] <@DNS_and_BIND> (Po-kysno shte vi pokazha, che osven cifri, s imeto na edin in-addr.arpa domain mozhe da ima i bukvi)
[14:39:38] <@DNS_and_BIND> Vyzmozhno e i obratnoto...
[14:40:00] <@DNS_and_BIND> Niakoi da zakupi 255 mrezhi ot class C i te da mu bydat delegirani vse edno e mrezha ot class B
[14:40:27] <@DNS_and_BIND> Zatova se abstrahiraite ot iavnata vryzka mrezha <-> in-addr.arpa domain
[14:40:53] <@DNS_and_BIND> Sega shte demonstrirame ierarhita v zapitvaniata
[14:41:20] <@DNS_and_BIND> Pyrvo da spomenem, che osnovnia resursen zapis v zona, koiato obsluzhva domain in-addr.arpa
[14:41:28] <@DNS_and_BIND> e pointer zapisa PTR
[14:41:59] <@DNS_and_BIND> vliavo ot nego traibva da stoi ili cial IP adres ili pone edin oktet ot IP adresa
[14:42:21] <@DNS_and_BIND> v diasnata mu strana traibva da stoi imeto na host, koeto e asociirano s IP-adresa
[14:42:25] <@DNS_and_BIND> eto primer
[14:42:39] <@DNS_and_BIND> ako v zonata 0.168.192.in-addr.arpa
[14:42:59] <@DNS_and_BIND> koiato obsluzhva zapitvaniata za syotvetstvie IP adres <-> ime na domain
[14:43:06] <@DNS_and_BIND> koiato obsluzhva zapitvaniata za syotvetstvie IP adres <-> ime na host (izvinete)
[14:43:19] <@DNS_and_BIND> ima napraven zapis
[14:43:26] <@DNS_and_BIND> 1 PTR test.domain.
[14:43:34] <@DNS_and_BIND> tova znachi, che na IP adresa
[14:43:42] <@DNS_and_BIND> 192.168.0.1 syotvetstva imeto
[14:43:50] <@DNS_and_BIND> test.domain
[14:44:17] <@DNS_and_BIND> Kogato v zonata na in-addr.arpa
[14:44:34] <@DNS_and_BIND> obsluzvashta localen registera naprimer
[14:44:50] <@DNS_and_BIND> e nuzhno da se delegira subdomaina na mrezhata, dadena na klient
[14:45:02] <@DNS_and_BIND> delegiraneto na subdomaina na klienskata mrezha
[14:45:12] <@DNS_and_BIND> stava kato se izpolzvat NS resursni zapisi...
[14:45:15] <@DNS_and_BIND> naprimer...
[14:45:27] <@DNS_and_BIND> ako traibva mrezhata ot class C
[14:45:32] <@DNS_and_BIND> 10.1.1.0
[14:45:51] <@DNS_and_BIND> da ima in-addr.arpa subdomain
[14:45:57] <@DNS_and_BIND> za reshavane na obratnata zadacha v DNS
[14:46:18] <@DNS_and_BIND> to toi bi mogyl da byde delegiran v ramkite na domaina 10.in-addr.arpa po slednia nachin
[14:46:40] <@DNS_and_BIND> 1.1 NS ns1.na-klient.domain
[14:46:53] <@DNS_and_BIND> 1.1 NS ns2.na-klient.domain.
[14:47:08] <@DNS_and_BIND> (v pyrvia red propusnah edna tochka v kraia, dobavete si ia)
[14:47:25] <@DNS_and_BIND> Tova delegirane e vyzmohno obache i po drug nachin...
[14:47:38] <@DNS_and_BIND> registera, koito e otgovoren za domaina 10.in-addr.arpa
[14:48:00] <@DNS_and_BIND> mozhe da predostavi domaina 1.10.in-addr.arpa na klient
[14:48:08] <@DNS_and_BIND> koito naprimer e dostavchik
[14:48:17] <@DNS_and_BIND> i e zakupil 255 mrezhi klas C
[14:48:38] <@DNS_and_BIND> togava domaina 1.1.10.in-addr.arpa, koito obsluzhva mrezhata 10.1.1.0
[14:48:49] <@DNS_and_BIND> niama da byde delegiran v domaina 10.in-addr.arpa
[14:49:02] <@DNS_and_BIND> a shte byde delegiran v domaina 1.10.in-addr.arpa
[14:49:05] <@DNS_and_BIND> i to eto taka
[14:49:16] <@DNS_and_BIND> 1 NS ns1.na-klient.domain.
[14:49:23] <@DNS_and_BIND> 1 NS ns2.na-klient.domain.
[14:49:33] <@DNS_and_BIND> Sega shte vi dam edin realen primer
[14:49:43] <@DNS_and_BIND> za da vidite v detaili kak stavat tezi neshta...
[14:50:03] <@DNS_and_BIND> predi vreme RIPE delegirna na DigSys 255 mrezhi ot class C
[14:50:19] <@DNS_and_BIND> 193.68.0.0-193.68.0.255
[14:50:30] <@DNS_and_BIND> ot svoia strana
[14:50:41] <@DNS_and_BIND> DigSys kato localen register za iztochna evropa
[14:50:55] <@DNS_and_BIND> razdade chast ot tezi mrezhi na drugi strani
[14:51:01] <@DNS_and_BIND> Hungary, Litva... i t.n...
[14:51:18] <@DNS_and_BIND> i sledoivatelno se nae da delegira v subdomaina 68.193.in-addr.arpa
[14:51:26] <@DNS_and_BIND> subdomainite za tezi mrezhi
[14:51:47] <@DNS_and_BIND> 10x na HIMIKA che me popravi
[14:51:52] <@DNS_and_BIND> v byrzaneto sinapravih edna greshka
[14:52:02] <@DNS_and_BIND> 193.68.0.0-193.68.255.255
[14:52:10] <@DNS_and_BIND> a ne 193.68.0.0-193.68.0.255
[14:52:15] <@DNS_and_BIND> izviniavam se za grershkata
[14:52:23] <@DNS_and_BIND> sega shte vi pokazha sourca
[14:52:25] <@DNS_and_BIND> na tazi zona
[14:52:37] <@DNS_and_BIND> za da vidite kak sa delegirani syotvetnite subdomaini
[14:52:56] <@DNS_and_BIND> samo sekunda za da ia postavia na web-servera i da vi dam link (a i da si otdyhnete za minutka)
[14:53:54] <@DNS_and_BIND> Eto vi i linka: http://www.lcpe.uni-sofia.bg/network/68.193.in-addr.arpa
[14:54:11] <@DNS_and_BIND> Razledaite zonata na domainte 68.193.in-addr.arpa
[14:54:22] <@DNS_and_BIND> za minutka-dve i shte prodalzhim
[14:56:01] <@DNS_and_BIND> Sega osnovatelnia vypros e, a kakvo servera na RIPE znae
[14:56:27] <@DNS_and_BIND> za zonite, koito e dal na drug localen register...
[14:56:29] <@DNS_and_BIND> toi ne znae nishto
[14:56:38] <@DNS_and_BIND> prosto v 193.in-addr.arpa
[14:56:47] <@DNS_and_BIND> koito v orifinal se namira na ns.ripe.net
[14:56:52] <@DNS_and_BIND> e napravena slednata delegacia
[14:57:24] <@DNS_and_BIND> 68.193.in-addr.arpa. IN S ns.digsys.bg.
[14:57:30] <@DNS_and_BIND> 68.193.in-addr.arpa. IN NSns.digsys.bg.
[14:57:48] <@DNS_and_BIND> 68.193.in-addr.arpa. IN NS ns2.digsys.bg.
[14:58:10] <@DNS_and_BIND> 68.193.in-addr.arpa. IN NS ns.eu.net
[14:58:26] <@DNS_and_BIND> 68.193.in-addr.arpa. IN NS ns.ripe.net.
[14:58:43] <@DNS_and_BIND> T.e. servera za imena
[14:58:48] <@DNS_and_BIND> na RIPE
[14:58:50] <@DNS_and_BIND> ne znae naprimer
[14:58:58] <@DNS_and_BIND> kak e delegiran subdomaina
[14:59:08] <@DNS_and_BIND> 133.68.193.in-addr.arpa
[14:59:30] <@DNS_and_BIND> za da razbere traibva da popita niakoi ot serverite za imena, koito obsluzhvat 68.193.in-addr.arpa
[14:59:54] <@DNS_and_BIND> Tova beshe i kato otgovor na vyprosa na apt-get
[15:00:11] <@DNS_and_BIND> Taka.. sega da prodylzhim
[15:00:24] <@DNS_and_BIND> stignahme do nai-dolnoto (prividno) nivo
[15:00:35] <@DNS_and_BIND> v obsluzhvaneto na zapitvaniata na in-addr.arpa domaina
[15:01:16] <@DNS_and_BIND> Tova e directnoto izvlichane na PTR resursnite zapisi ot zonalnia file
[15:01:34] <@DNS_and_BIND> Tuk mozhe da ima 3 reshenia...
[15:02:00] <@DNS_and_BIND> pri pyrvoto niama nikakvi subdomaini... a napravo vsichko se opisva
[15:02:24] <@DNS_and_BIND> v sybdomain in-addr.arpa s edin oktet za mrezhata
[15:02:29] <@DNS_and_BIND> naprimer 10.in-addr.arpa
[15:02:34] <@DNS_and_BIND> vyzmozhno e..
[15:02:45] <@DNS_and_BIND> vsichki PTR zapisi za bydat napraveni v 10.in-addr.arpa
[15:02:54] <@DNS_and_BIND> i da ne se delgirat subdomaini in-addr.arpa
[15:03:04] <@DNS_and_BIND> za podmrezhita na 10.0.0.0
[15:03:17] <@DNS_and_BIND> vypreki,. che te mozhe fizicheski da syshtestvuvat katol otdelni...
[15:03:32] <@DNS_and_BIND> v takyv sluchai pri zadavaneto na PTR zapis
[15:03:39] <@DNS_and_BIND> vliavo ot nego
[15:03:44] <@DNS_and_BIND> stoiat 3 okteta
[15:03:46] <@DNS_and_BIND> naprimer
[15:04:00] <@DNS_and_BIND> 1.2.4 PTR test.domain.
[15:04:01] <@DNS_and_BIND> znachi, che
[15:04:24] <@DNS_and_BIND> na IP adres 10.4.2.1 syotvetstva imeto na host test.domain
[15:05:08] <@DNS_and_BIND> Syshtoto mozhe da se napravi naprimer i v 3.10.in-addr.arpa
[15:05:32] <@DNS_and_BIND> da se opishat vsichki syotvetstvvia IP <-> ime na host
[15:05:38] <@DNS_and_BIND> s pomoshtta na PTR resursni zapisi
[15:05:58] <@DNS_and_BIND> i da ne se delegira in-addr.arpa domain za vsiaka fizicheska mrezha class C
[15:06:12] <@DNS_and_BIND> togava vliavo na PTR resursnia zapis
[15:06:24] <@DNS_and_BIND> se opisvat samo dva okteta ot IP adresa:
[15:06:28] <@DNS_and_BIND> naprimer
[15:06:41] <@DNS_and_BIND> 1.3 PTR test.domain.
[15:06:53] <@DNS_and_BIND> (ako opisanieto e napraveno v 3.10.in-addr.arpa)
[15:07:18] <@DNS_and_BIND> shte reche, che na IP adres 10.3.3.1 syotvetstva ime na host test.domain
[15:08:00] <@DNS_and_BIND> V in-addr.arpa koiato e za obsluzhvane na mrezhi ot class C se opisvat samo PTR zapisi, osbven ako ne se pravi bezklasovo delegirane
[15:08:03] <@DNS_and_BIND> za koeto shte stane duma
[15:08:06] <@DNS_and_BIND> po-natatyk
[15:08:26] <@DNS_and_BIND> Sega da obobshtim nachina na izvlichaneto na zapis ot in-addr.arpa
[15:08:52] <@DNS_and_BIND> primerno se iska da se nameri resursnia zapis za imeto, koeto syotvetstva na IP adresa 10.2.3.4
[15:09:05] <@DNS_and_BIND> Pyrvo se zaptva niakoi ot root-serverite za imena...
[15:09:57] <@DNS_and_BIND> Root-serverite
[15:09:58] <@DNS_and_BIND> za imena
[15:10:03] <@DNS_and_BIND> shte dadat otgovor
[15:10:17] <@DNS_and_BIND> koito shte sydyrzha serveri za imena za in-addr.arpa
[15:10:42] <@DNS_and_BIND> (imaite predvid, che makar in-addr da e subdomain na arpa, in-addr.arpa e delegiran kato Top Level Domain)
[15:11:06] <@DNS_and_BIND> Sled kato se poluchi spisyka sys syrvyri za imena
[15:11:11] <@DNS_and_BIND> za in-addr.arpa domaina
[15:11:17] <@DNS_and_BIND> se otiva na sledvashtata stypka
[15:11:29] <@DNS_and_BIND> po sluchaen nachin se izbira edin ot dadenite v spisyka servero
[15:11:41] <@DNS_and_BIND> i se zapitva za subdomaina 10.in-addr.arpa
[15:12:19] <@DNS_and_BIND> (vnimanie, 10.in-addr.arpa e zadelen za nuzhnite na private network spase i ne mozhe da byde izpolzvan kakto za realen domain)
[15:12:36] <@DNS_and_BIND> Shte bydat podadeni serveri za imena za domaina 10.in-addr.arpa
[15:13:19] <@DNS_and_BIND> I edin ot tiah shte dade otgovor za 2.10.in-addr.arpa, za 3.2.10.in-addr.arpa ili napravo za 4.3.2.10.in-addr.arpa
[15:14:07] <@DNS_and_BIND> vsichko zavisi ot tova dali v zonata ima zapis za PTR ili ima delegirane na subdomain, chiito serveri za imena da obsluzhat syotvetnia PTR zapis
[15:14:38] <@DNS_and_BIND> Ako priemem, che v 10.in-addr.arpa ima delegiran subdomaina 2.10.in-addr.arpa
[15:14:48] <@DNS_and_BIND> pri zapitvaneto na serverite za imena za 10.in-addr.arpa
[15:15:00] <@DNS_and_BIND> shte se poluchi spisak sys serveri za imena
[15:15:18] <@DNS_and_BIND> koito sa otgovorni za obsluzhvaneto na 2.10.in-addr.arpa
[15:15:50] <@DNS_and_BIND> Sled kato dostigne zaiavkata do edin ot tezi serveri za imena otnovo shte se povtori syshtata procedura... ako syshtestvuva PTR zapis
[15:16:19] <@DNS_and_BIND> to shte se vyrne toi... ako ima subdomain za 3.2.10.in-addr.arpa shte se vyrne spisyk s imena
[15:16:36] <@DNS_and_BIND> na DNS serveri, otgovorni za obsluzhvanetona zaiavkite
[15:16:42] <@DNS_and_BIND> za syotvetnia im subdomain
[15:17:33] <@DNS_and_BIND> i tova shte se povtaria, dokato ne byde izvlechen PTR resursen zapis ili pri lipsata na takyv ne byde vyrnato syobshtenie za tova, che toi ne syshtestvuva (NXDOMAIN)
[15:18:10] <@DNS_and_BIND> Spiram malko do tuk, zashto sled tova shte opisha niakoi pravila za delegiraneto na domaini v in-addr.arpa...
[15:18:25] <@DNS_and_BIND> Ako imate vyprosi po-gorenapisanoto .. molia pitaite
[15:20:12] <@DNS_and_BIND> Ako niama vyprosi napravo da prodylzhavame...
[15:20:34] <@DNS_and_BIND> predi vreme se zanimavahme s edni kolegi v MIT
[15:20:56] <@DNS_and_BIND> da napravim stohastichen model na povedenieto na zaiavkite kyd domaina EDU
[15:21:13] <@DNS_and_BIND> i kym syotvetnate in-addr.arpa za mrezhata na MIT (18.in-addr.arpa)
[15:21:22] <@DNS_and_BIND> Iznenadate beshe goliama....
[15:22:01] <@DNS_and_BIND> potoka ot in-addr.arpa zaiavki beshe po-goliam ot tozi za pravata zadacha, t.e za izvlichane na A resursni zapisi ot TLD .EDU
[15:22:20] <@DNS_and_BIND> Pyrvo ne mozhehme da si go obiasnim, no sled tova se nameri logichno obiasnenie...
[15:22:41] <@DNS_and_BIND> Problema, e che mnogo servici iskat da poluchat PTR resursen zapis
[15:23:24] <@DNS_and_BIND> niakoi ot tiah dazhe iskat da ima syvpadenie mezhdu A i PTR resursni zapisi...
[15:23:36] <@DNS_and_BIND> Mnogo hora
[15:23:46] <@DNS_and_BIND> misliat, che in-addr.arpa
[15:23:59] <@DNS_and_BIND> e edva li ne neshto ekzotichno i niama da generira goiliam traffic
[15:24:05] <@DNS_and_BIND> zashtoto riadko se pita
[15:24:09] <@DNS_and_BIND> ne e izosbhto taka
[15:24:27] <@DNS_and_BIND> Za tova ima niakoi nachini za delegirane na in-addr.arpa domaini
[15:24:34] <@DNS_and_BIND> koito sega shte spomena...
[15:24:54] <@DNS_and_BIND> Za da vi onagledia kakvo iskam da kazha...
[15:25:12] <@DNS_and_BIND> neka si predstavim, che klient e zakupil mrezhata 10.2.3.0/24
[15:25:23] <@DNS_and_BIND> i toi iska da poddryzha vyrhu svoite serveri za imena
[15:25:36] <@DNS_and_BIND> zonata 3.2.10.in-addr.arpa
[15:25:57] <@DNS_and_BIND> Dostavchika na tozi klient pritezhava 2.10.in-addr.arpa
[15:26:17] <@DNS_and_BIND> i traibva da delegira 3.2.10.in-addr.arpa
[15:26:26] <@DNS_and_BIND> v zonalnia file na 2.10.in-addr.arpa
[15:26:34] <@DNS_and_BIND> Vyzmozhni sa niakolko varianta...
[15:26:53] <@DNS_and_BIND> pri pyrvia variant klienta podava na dostavchika samo svoi serveri za imena
[15:27:05] <@DNS_and_BIND> naprimer: ns1.klient.domain i ns2.klient.domain
[15:27:22] <@DNS_and_BIND> i taka, dostavchika pravi v zonalnia file na 2.10.in-addr.apra
[15:27:27] <@DNS_and_BIND> slednite zapisi:
[15:27:38] <@DNS_and_BIND> 3 NS ns1.klient.domain.
[15:27:44] <@DNS_and_BIND> 3 NS ns2.klient.domain.
[15:28:07] <@DNS_and_BIND> Taka vsichki kraini obsluzhvania (priovidno) shte se praviat ot serverite za imena na klienta
[15:28:28] <@DNS_and_BIND> ako zaiavkite ot strana na IP adresite ot klientskata mrezha
[15:28:47] <@DNS_and_BIND> za navyn sa mnogo to mnoto shte se i zapitvaniata za izvlichane na PTR resursni zapisi
[15:28:56] <@DNS_and_BIND> ot 3.2.10.in-addr.arpa
[15:29:28] <@DNS_and_BIND> ako liniata e natovarena s drug traffic (ili liniata po princip dopuska malko traffic) mozhe otgovorite ne zaiavkitge
[15:29:32] <@DNS_and_BIND> silno da se zabaviat
[15:30:03] <@DNS_and_BIND> Vyzmozhno e dori pri dobra linia zaiavkite kym DNS serverite da sa mnogo i da zabavliat samata usluga DNS
[15:30:14] <@DNS_and_BIND> Tova mozhe da se izbegne...
[15:30:20] <@DNS_and_BIND> Pri pyrvia nachin
[15:30:51] <@DNS_and_BIND> Klienta moli dostavchika da transferira pri sebe si zonata 3.2.10.in-addr.arpa vyrhu negov server za imena
[15:31:01] <@DNS_and_BIND> neka uslovno da go narechen ns.isp.domain
[15:31:29] <@DNS_and_BIND> togava subdomaina 3.2.10.in-addr.arpa mozhe da se delegira taka
[15:31:43] <@DNS_and_BIND> edinia server za imena da e tozi na dostavchika, a drugia da e na klienta
[15:31:45] <@DNS_and_BIND> naprimer:
[15:31:54] <@DNS_and_BIND> 3 NS ns1.klient.domain.
[15:31:59] <@DNS_and_BIND> 3 NS ns.isp.domain.
[15:32:22] <@DNS_and_BIND> Taka dvata servera za imena shte balansirat potoka ot zaiavki
[15:32:29] <@DNS_and_BIND> i tiahnoto obsluzhvane
[15:32:33] <@DNS_and_BIND> tuk se izhozhda ot tova
[15:32:45] <@DNS_and_BIND> che dostavchika ima dobra linia
[15:32:56] <@DNS_and_BIND> i mozhe da poeme poveche traffic (makara i interactiven)
[15:33:13] <@DNS_and_BIND> Ima oshte edin podhod...
[15:33:38] <@DNS_and_BIND> V samia zonalen file na 3.2.10.in-addr.arpa
[15:33:45] <@DNS_and_BIND> se opisvat s NS resursni zapisi
[15:34:02] <@DNS_and_BIND> osven dvata servera za imena, s koito e napraveno delegiraneto na 3.2.10.in-addr.arpa
[15:34:09] <@DNS_and_BIND> i oshte serveri za imena...
[15:34:13] <@DNS_and_BIND> naprimer;
[15:34:21] <@DNS_and_BIND> NS ns1.klient.domain.
[15:34:30] <@DNS_and_BIND> NS ns.isp.domain.
[15:34:38] <@DNS_and_BIND> NS ns.niakoi.domain.
[15:34:58] <@DNS_and_BIND> Tuk ima edna mnogo tynka ideia, koito koi znae zashto adski trudno se razbira...
[15:35:23] <@DNS_and_BIND> Ideiata e, che na praktika pri obsluzhvaneto na zapitvaneto za PTR resursen zapis
[15:35:59] <@DNS_and_BIND> shte se potyrsi otgovor ot edin ot trite serveri za imena, koito sa opisani v samata zona na 3.2.10.in-addr.arpa
[15:36:12] <@DNS_and_BIND> a ne tezi koito sa opisani v 2.10.in-addr.arpa...
[15:36:31] <@DNS_and_BIND> t.e. tezi, opisani v 2.10.in-addr.arpa shte vyrnat samo serverite za imena na domaina...
[15:36:48] <@DNS_and_BIND> Tova neshto mi e mnogo trudno da go obiasnia vinagi...
[15:36:59] <@DNS_and_BIND> Niama da izpadam v podrobnosti zashto to stava taka...
[15:37:27] <@DNS_and_BIND> Ako niakoi iska da se ubedi v pravotata na tova neka opita da prosledi ziavkite...
[15:37:32] <@DNS_and_BIND> i shte vidi che e taka...
[15:37:47] <@DNS_and_BIND> vsashnost tova mozhe da e tema i za drug seminar...
[15:38:05] <@DNS_and_BIND> Poslednata hitrost pri delegiraneto na in-addr.arpa ot strana na klient
[15:38:09] <@DNS_and_BIND> kym register
[15:38:19] <@DNS_and_BIND> e izpozlvaneto na Stealt DNS server
[15:38:35] <@DNS_and_BIND> Vypreki, che zvuchi strashno, tova e dosta elementarno...
[15:39:03] <@DNS_and_BIND> Prosto niakoi drug server, a ne tozi na klienta se angazhira da tegli zonata 3.2.10.in-addr.arpa
[15:39:29] <@DNS_and_BIND> v KOIATO NE PRISYSTVA NS RESURSEN ZAPIS koito da ukazva servera za imena na klient
[15:39:39] <@DNS_and_BIND> pravia ulyustracia s gornia primer,,,
[15:39:51] <@DNS_and_BIND> dostachika pritezhava 2.10.in-addr.arpa
[15:39:58] <@DNS_and_BIND> klienta ima 3.2.10.in-addr.arpa
[15:40:04] <@DNS_and_BIND> sledv slednoto deistvie...
[15:40:23] <@DNS_and_BIND> dostavchika predostavia pone dva servera za imena na koito shte se trasnferira
[15:40:29] <@DNS_and_BIND> 3.2.10.in-addr.arpa
[15:40:34] <@DNS_and_BIND> naprimer
[15:40:38] <@DNS_and_BIND> ns.isp.domain
[15:40:43] <@DNS_and_BIND> i ns2.isp.domain
[15:40:59] <@DNS_and_BIND> tezi dva servera za imena se zadavat kato NS resursni zapisi
[15:41:20] <@DNS_and_BIND> v zonalnia file za 3.2.10.in-addr.arpa, koito se pazi na servera za imena na klienta
[15:41:33] <@DNS_and_BIND> servera za imena na klienta ima IP 10.2.3.1
[15:41:41] <@DNS_and_BIND> v 2.10.in-addr.arpa
[15:41:47] <@DNS_and_BIND> 3.2.10.in-addr.arpa
[15:41:49] <@DNS_and_BIND> se opisva taka:
[15:41:56] <@DNS_and_BIND> 3 NS ns.isp.domain.
[15:42:02] <@DNS_and_BIND> 3 NS ns2.isp.domain.
[15:42:11] <@DNS_and_BIND> sled tova v /etc/named.conf
[15:42:14] <@DNS_and_BIND> se pravi slednoto opisanie
[15:42:24] <@DNS_and_BIND> zone "3.2.10.in-addr.arpa" {
[15:42:29] <@DNS_and_BIND> type slave;
[15:42:43] <@DNS_and_BIND> file "arpa/3.2.10.in-addr.arpa";
[15:42:55] <@DNS_and_BIND> };
[15:43:00] <@DNS_and_BIND> ops
[15:43:03] <@DNS_and_BIND> izpusnah edin red
[15:43:13] <@DNS_and_BIND> masters { 10.2.3.1;};
[15:43:18] <@DNS_and_BIND> i posle zatvariashta skoba
[15:43:21] <@DNS_and_BIND> };
[15:43:25] <@DNS_and_BIND> taka... kakva e ideiata...
[15:43:44] <@DNS_and_BIND> ideiata e, che zapitvania kym servera za imena na klienta vyobshte ne stigat
[15:44:00] <@DNS_and_BIND> zashtoto nikoi ne znae, che tozi server e server za imena na zonata
[15:44:14] <@DNS_and_BIND> vswichki ziavki otivat pri servera za imena na dostavchika...
[15:44:24] <@DNS_and_BIND> Tazi shema e mnogo praktichna
[15:44:41] <@DNS_and_BIND> no samo 2 dosatavchika v BG mai ia praktikuvat... pone az ne sym chuval za poveche
[15:44:53] <@DNS_and_BIND> Taka...
[15:45:02] <@DNS_and_BIND> Samo da napravia edno utochnenie..
[15:45:27] <@DNS_and_BIND> vsichko tova gore, sym go dal kato primer s 2 servera za imena, koito se posochvat v registera..
[15:45:45] <@DNS_and_BIND> tova ne e zadylzhitelno da e taka... mozhe da e samo edin, mozhe i da sa 50
[15:45:50] <@DNS_and_BIND> vazhnoto e da ima takyv
[15:45:58] <@DNS_and_BIND> po tradicia se slagat dva...
[15:46:04] <@DNS_and_BIND> no tova ne sledva ot nikyde...
[15:46:27] <@DNS_and_BIND> Shte prodylzha napravo s bezklasovoto delegirane na in-addr.arpa
[15:46:32] <@DNS_and_BIND> zashtoto to bezpokoi povecheto ot vas
[15:46:38] <@DNS_and_BIND> kato klienti s malki mrezhi...
[15:46:44] <@DNS_and_BIND> i shte go obvyrzha
[15:46:51] <@DNS_and_BIND> sys po-gore kazanite neshta
[15:47:08] <@DNS_and_BIND> zashtoto to e logicheska posledovatelnost na konstrukciata po-gore
[15:47:25] <@DNS_and_BIND> KOGA se nalaga da se pravi bezklasovo delegirane na in-addr.arpa
[15:47:30] <@DNS_and_BIND> Eto vi e realen primer...
[15:48:01] <@DNS_and_BIND> Klient ima mrezha 192.168.100.192/28 (okteten zapis na subnetnata maska 255.255.255.240)
[15:48:16] <@DNS_and_BIND> toi iska da upravliava sam in-addr.arpa zapisite
[15:48:22] <@DNS_and_BIND> za negovite IP adresi
[15:48:31] <@DNS_and_BIND> a ne vseki pyt, kato iska da promeni neshto
[15:48:43] <@DNS_and_BIND> da se obazhda na dostavchika, koito obiknoveno e sobstvenik
[15:48:52] <@DNS_and_BIND> na in-addr.arpa domaina za mrezhata ot class C
[15:49:08] <@DNS_and_BIND> I taka... kak se pravi tova...
[15:49:16] <@DNS_and_BIND> Obiasniavam go stypka po stypka...
[15:49:38] <@DNS_and_BIND> Predi da kazhete na dostavchika, che iskate takava shema na delegacia na in-addr.arpa napravete neshtata pyrvo pri sebe si
[15:49:43] <@DNS_and_BIND> i gi testvaite dali rabotiat...
[15:50:14] <@DNS_and_BIND> Eto prmera kak da stane tova za mrezhata 192.168.100.192/28
[15:50:25] <@DNS_and_BIND> syzdava se zonalen file
[15:50:35] <@DNS_and_BIND> i se opisva v /etc/named.conf
[15:50:47] <@DNS_and_BIND> imeto na zonata, opisana v tozi file
[15:51:03] <@DNS_and_BIND> traibva da byde oktetnata posledovatelnost na nomera na mrezhata...
[15:51:09] <@DNS_and_BIND> v obraten red
[15:51:09] <@DNS_and_BIND> t.e.
[15:51:37] <@DNS_and_BIND> 192.100.168.192.in-addr.arpa
[15:52:01] <@DNS_and_BIND> v neia se praviat zapisite za IP adresite v klientska mrezha
[15:52:01] <@DNS_and_BIND> taka
[15:52:12] <@DNS_and_BIND> vse edno se praviat v 100.168.192.in-addr.arpa
[15:52:28] <@DNS_and_BIND> (spestiavam SOA zapisi i NS zapisi)
[15:52:37] <@DNS_and_BIND> 193 PTR host1.domain.
[15:52:46] <@DNS_and_BIND> 194 PTR host2.domain.
[15:52:48] <@DNS_and_BIND> ...
[15:53:01] <@DNS_and_BIND> 206 PTR the-end.domain.
[15:53:28] <@DNS_and_BIND> Sled tova zapazvate faila
[15:53:38] <@DNS_and_BIND> reloadvate konfiguraciata
[15:53:43] <@DNS_and_BIND> ili pozlvate rndc
[15:53:53] <@DNS_and_BIND> rndc reload 192.100.168.192.in-addr.arpa
[15:54:02] <@DNS_and_BIND> i vizhdate dali raboti...
[15:54:13] <@DNS_and_BIND> dobre e predi tova da pregledate file-a
[15:54:19] <@DNS_and_BIND> s pomoshtta na named-checkzona
[15:54:28] <@DNS_and_BIND> za da vidite niamate li syntaktichni greshki
[15:54:39] <@DNS_and_BIND> sled tova mozhete da izpozlvane host, dig ili nslookup
[15:54:48] <@DNS_and_BIND> za da vidite dali shte svyrshili dobre rabotata
[15:54:59] <@DNS_and_BIND> za celta prashtate zapitvaniata do servera za imena
[15:55:06] <@DNS_and_BIND> na koito stoi originalnia file
[15:55:09] <@DNS_and_BIND> sys zonata
[15:55:24] <@DNS_and_BIND> povecheto ot vas sigurno pozlvat nslookup
[15:55:28] <@DNS_and_BIND> eto vi edin primer s nego...
[15:55:37] <@DNS_and_BIND> startirate go
[15:55:49] <@DNS_and_BIND> pishete
[15:55:53] <@DNS_and_BIND> server localhost
[15:55:57] <@DNS_and_BIND> set type=ptr
[15:56:11] <@DNS_and_BIND> 193.192.100.168.192.in-addr.arpa
[15:56:28] <@DNS_and_BIND> shte poluchite za otgovor imeto asociirano chrez PTR zapiste
[15:56:44] <@DNS_and_BIND> i ako tova stane znachi viarno ste napravili vsichko pri vas.,.,.
[15:57:06] <@DNS_and_BIND> Sega se obazhdate ne dostavchika i mu kazvate, che shte gotovi i mu davate serverite za imena
[15:57:16] <@DNS_and_BIND> na koito se namira 192.100.168.192.in-addr.arpa
[15:57:33] <@DNS_and_BIND> toi pravi slednoto opisanie v zonalnia file za 100.168.192.in-addr.arpa
[15:57:55] <@DNS_and_BIND> pyrvo definira 192.100.168.192.in-addr.arpa kato subdomain na 100.168.192.in-addr.arpa
[15:58:10] <@DNS_and_BIND> 192 NS server1.klient.domain.
[15:58:17] <@DNS_and_BIND> 192 NS server1.klient.domain.
[15:58:59] <@DNS_and_BIND> sled tova definira vsichkite okteti syotvetstvashti na klientskata mrezha, vkl i broadacast adresa (za tazi mrezha toi e 192.168.100.207)
[15:59:19] <@DNS_and_BIND> 193 CNAME 193.192
[15:59:24] <@DNS_and_BIND> 194 CNAME 194.192
[15:59:31] <@DNS_and_BIND> 195 CNAME 195.192
[15:59:32] <@DNS_and_BIND> ...
[15:59:49] <@DNS_and_BIND> 207 CNAME 207.192
[16:00:04] <@DNS_and_BIND> s tova bezklasovoto delegirane prikluchva v tozi mu vid...
[16:00:49] <@DNS_and_BIND> otnovo mozhe da se postavi vyprosa za serverite za imena s koito se dlgira bezklasovo zonata dali da sa samo na klienta, dali edin da e na dostavcnhika, a drugia da e na klienta.. dali da e stealt DNS server i t.nm...
[16:01:05] <@DNS_and_BIND> Tova NE E EDINSTVENIA nachin za bezklasovo delegirane!
[16:01:26] <@DNS_and_BIND> sega shte naptavia malka pauza, prez koiato mozhete da zadadete vaprosi....
[16:01:36] * @DNS_and_BIND 5 min pauza za vyprosi
[16:02:04] <+Himika> Imam sledniq vapros: Kak trqbva da mu se kaje na bind-a, 4e tova, koeto delegira na klienta e to4no /28 mreja, a ne /24 ; /26 ili nqkoq druga? Tova po na4ina, koito pokaza sus CNAME, li stava?
[16:02:04] <@ASIC> neka jelaeshtite da zadawat wyprosi da pishat na men ili DNS_and_BIND, nie shte dawame flag za goworene
[16:02:18] <+Himika> poneje samo nego ne go shvanah mnogo dobre
[16:02:57] <@DNS_and_BIND> Himika: Da, vyprosa e osnovatelen... Defakto stava taka... Ako subdomaina za mrezhata na klienta
[16:03:22] <@DNS_and_BIND> Himika: e delegiran v zonalnia file na clasovo delegiranata in-addr.arpa
[16:03:39] <@DNS_and_BIND> Himika: to togava traibva da se opishe taka, kakto e napraveno po-gore
[16:04:11] <@DNS_and_BIND> Himika: Tova e t.nar. kanonichno opisanie na bezklasovo delegirane i e za preporychvane. To proticha nai-gladko
[16:04:24] <@DNS_and_BIND> Himika: Taka e i opisano v RFC 2317
[16:04:47] <+Himika> shte moje li sega ili kogato e udobno da ostavish na web/ftp/etc primerni confove po tozi vapros?
[16:04:49] <@DNS_and_BIND> Himika: Sled malko shte pokazha shema, pri koiato tozi stil na opisanie na e zadyzlhitelen
[16:05:06] <@DNS_and_BIND> Da, shte predostavia oshte sega edin primer REALEN i rabotesh
[16:05:18] <@DNS_and_BIND> Sekunda da prikacha fileovete ne zonite kym web-servera
[16:05:23] <+Himika> blagodarq
[16:05:31] <@ASIC> sledwashtiq: moze li vupros - kak s dig ili nslookup da razbera dali isp mi e deligiral /28 domain-a?
[16:07:15] <@DNS_and_BIND> Taka...
[16:07:33] <@DNS_and_BIND> neka dovyrsha s vyrposa na Himika
[16:07:40] <@DNS_and_BIND> samo za moment i shte minem kym vtoria
[16:08:22] <@DNS_and_BIND> Eto vi edna zona obsluzhvashta in-addr.arpa za mrezha ot class C
[16:08:24] <@DNS_and_BIND> http://www.lcpe.uni-sofia.bg/network/191.68.193.in-addr.arpa
[16:08:38] <@DNS_and_BIND> V neia delegiraneto e praveno izkliuchitelno bezklasovo
[16:08:52] <@DNS_and_BIND> zbelezhete kak sa opisani mrezhite...
[16:08:54] <@DNS_and_BIND> ot .. do
[16:08:59] <@DNS_and_BIND> s broadcasta zaedno
[16:09:20] <@DNS_and_BIND> Eto vi sega edna klientska
[16:09:21] <@DNS_and_BIND> mrezha
[16:09:31] <@DNS_and_BIND> zona t.e.
[16:09:44] <@DNS_and_BIND> koiato e bezklasovo delegirana v 191.68.193.in-addr.arpa
[16:10:03] <@DNS_and_BIND> stava vypros za zonata 192.191.68.193.in-addr.arpa
[16:10:08] <@DNS_and_BIND> http://www.lcpe.uni-sofia.bg/network/192.191.68.193.in-addr.arpa
[16:10:39] <@DNS_and_BIND> Zabezlezhete kak e napraveno delegiraneto na 192.191.68.193.in-addr.arpa
[16:11:06] <@DNS_and_BIND> 192 NS ns.lcpe.uni-sofia.bg.
[16:11:06] <@DNS_and_BIND> NS lcpe.pip.digsys.bg.
[16:11:32] <@DNS_and_BIND> i sled tova se izbroeni 16 IP adresa
[16:11:36] <@ASIC> DNS_and_BIND, towa ne se chete ..
[16:11:44] <@ASIC> d_BIND> 192 NS ns.lcpe.uni-sofia.bg.
[16:11:52] <@ASIC> tabulatorite predpolagam
[16:11:55] <@DNS_and_BIND> oh da
[16:11:56] <@DNS_and_BIND> sorry
[16:12:14] <@DNS_and_BIND> povtariam:
[16:12:20] <@DNS_and_BIND> Eto kak e napraveno delegiraneto
[16:12:40] <@DNS_and_BIND> 192 NS ns.lcpe.uni-sofia.bg.
[16:12:47] <@DNS_and_BIND> 192 NS lcpe.pip.digsys.bg.
[16:13:07] <@DNS_and_BIND> Himika: Dovolen li si ot tozi moi otgovor!?
[16:13:33] <@DNS_and_BIND> Sledvashtia vyrpros za host, dig i t.n..
[16:13:39] <@DNS_and_BIND> shte go kombiniram s poiasnenie
[16:13:52] <@ASIC> izwinqwaj, moje li da te prekysna.
[16:13:55] <@DNS_and_BIND> da,,,
[16:14:17] <@ASIC> imam nqkolko dootochneniq na terminologiqta, koito mislq che shte priemesh :)
[16:14:23] <@DNS_and_BIND> davai...
[16:14:29] <@ASIC> mrejite ne se zakupuwat, a se oprawdawat i alokirat. nqma taksa kym Regionalnite Registrita koqto da e swyrzana sys obema na adresnoto prostranstwo.
[16:14:29] <@ASIC> kogato Vesselin kazwa class C toj ima predwid /24 a ne klasowa mreja ot class C adresnoto prostrantwo (koeto e obsolete). syshto za Class B -> /16. Izbqgwajte upotrebata na imenata class C, class B i class A, t.k. powecheto hora razbirat ot imeto dylinata na maskata, no ima i mnogo, koito razbirat grupata (klasa) ot adresi, primerno class C - 192.0.1.0 - 223.255.254.255. Wmesto tqh polzwajte slash-notaciqta - /24, /16, /8.
[16:14:50] <@DNS_and_BIND> Da, prav si...
[16:14:57] <@DNS_and_BIND> syzheliavam za netochnostite
[16:15:06] <@ASIC> nishto de :)
[16:15:06] <@DNS_and_BIND> no se opitvam da pisha byrzo i da mislia byrzo
[16:15:09] <@DNS_and_BIND> i mai...
[16:15:11] <@ASIC> ot syobrajeniq za stabilnost e dobre dns serverite za wsqka zona da sa _pone_ dwa.
[16:15:27] <@DNS_and_BIND> Da, taka e...
[16:15:40] <@DNS_and_BIND> Sega za vtoia vypros...
[16:15:46] <@ASIC> tehnicheski moje da sa kolkoto na was wi e udobno, wlk. 1, no ne e preporychitelno
[16:15:54] <@DNS_and_BIND> Da, taka e...
[16:16:30] <@DNS_and_BIND> Ia mi pripomnete vtoria vypros.
[16:17:17] <@ASIC> moze li vupros - kak s dig ili nslookup da razbera dali isp mi e deligiral /28 domain-a?
[16:17:35] <@DNS_and_BIND> lesno e...
[16:17:46] <@DNS_and_BIND> napravo shte ti dam primer s gorepokazanite zoni
[16:17:52] <@DNS_and_BIND> za da visish kak e v realnia sluchai
[16:18:00] <@DNS_and_BIND> pyrvo pochvame s nslookup
[16:18:09] <@DNS_and_BIND> sled kato go pusnesh
[16:18:16] <@DNS_and_BIND> zadai s pomoshtta na server
[16:18:28] <@DNS_and_BIND> imeto ili IP adresa na serrvera za imena
[16:18:32] <@DNS_and_BIND> pri dostavchika
[16:18:41] <@DNS_and_BIND> pri men naprimer tova e ns.digsys.bg
[16:18:47] <@DNS_and_BIND> eto ti i posledovatelnostta
[16:18:52] <@DNS_and_BIND> server ns.digsys.bg
[16:18:57] <@DNS_and_BIND> set type=ns
[16:19:07] <@DNS_and_BIND> 192.191.68.193.in-addr.arpa
[16:19:15] <@DNS_and_BIND> ako delegiraneto e proteklo
[16:19:33] <@DNS_and_BIND> shte se poiavi spisyka sys serveri za imena
[16:20:05] <@DNS_and_BIND> > server ns.digsys.bg
[16:20:05] <@DNS_and_BIND> Default server: ns.digsys.bg
[16:20:05] <@DNS_and_BIND> Address: 192.92.129.1#53
[16:20:05] <@DNS_and_BIND> > set type=ns
[16:20:05] <@DNS_and_BIND> > 192.191.68.193.in-addr.arpa
[16:20:06] <@DNS_and_BIND> Server: ns.digsys.bg
[16:20:10] <@DNS_and_BIND> Address: 192.92.129.1#53
[16:20:14] <@DNS_and_BIND> 192.191.68.193.in-addr.arpa nameserver = ns.lcpe.uni-sofia.bg.
[16:20:16] <@DNS_and_BIND> 192.191.68.193.in-addr.arpa nameserver = lcpe.pip.digsys.bg.
[16:20:18] <@DNS_and_BIND> >
[16:20:20] <@DNS_and_BIND> Dano tova se vizhda,.,...
[16:20:35] <@DNS_and_BIND> Ako ne se poluchi otgovor
[16:20:45] <@DNS_and_BIND> znachi ima neshto gnilo v delegiraneto
[16:20:54] <@DNS_and_BIND> eto sega kak tova stava s dig
[16:20:58] <+apt-get> tova ste vurne ns records, ne i cname?
[16:21:13] <+apt-get> dostatuchno e samo za ednoto - nslookup stiga.
[16:21:34] <@DNS_and_BIND> ne i cname
[16:21:38] <@DNS_and_BIND> za CNAME
[16:21:43] <@DNS_and_BIND> shte e nuzhno da proveriavash
[16:21:45] <@DNS_and_BIND> po otdelno
[16:21:56] <@DNS_and_BIND> ili da listnesh zonata v koiato e izvyrshena delegaciata
[16:22:06] <@DNS_and_BIND> preporychvam ti vtoroto
[16:22:13] <@DNS_and_BIND> inache s nslookup stava tala
[16:22:51] <@DNS_and_BIND> [root@lcpe network]# nslookup -sil
[16:22:51] <@DNS_and_BIND> > server ns.digsys.bg
[16:22:51] <@DNS_and_BIND> Default server: ns.digsys.bg
[16:22:51] <@DNS_and_BIND> Address: 192.92.129.1#53
[16:22:51] <@DNS_and_BIND> > set type=ptr
[16:22:52] <@DNS_and_BIND> > 193.68.191.194
[16:22:55] <@DNS_and_BIND> Server: ns.digsys.bg
[16:22:57] <@DNS_and_BIND> Address: 192.92.129.1#53
[16:22:59] <@DNS_and_BIND> 194.191.68.193.in-addr.arpa canonical name = 194.192.191.68.193.in-addr.arpa.
[16:23:01] <@DNS_and_BIND> 194.192.191.68.193.in-addr.arpa name = eth-in.backbone-1.lcpe.pip.digsys.bg.
[16:23:03] <@DNS_and_BIND> >
[16:23:18] <@DNS_and_BIND> Vizhda se iasno kak CNAME srabotva i prenasochva zapisa kym subdomaina
[16:23:31] <+apt-get> blagodaria, dostatuchno mi e.
[16:23:34] <@DNS_and_BIND> ok
[16:23:37] <@DNS_and_BIND> sledvashtia...
[16:24:53] <@DNS_and_BIND> Boyan iskashe da pita neshto... ochakvam vyprosa mu
[16:25:04] <@ASIC> vypros: ne e li problem da se polzwa 192.191.68.193.in-addr.arpa kato poddomain. ne trqbwa li da se izpolzwa neshto.191.68.in-adr.arpa kato neshto ne e chislo ot 0 do 255 ?
[16:25:49] <@DNS_and_BIND> Da, vyzmozhno e... ti ziprevari razvitieto na lekciata:)) no shte otgovoria...
[16:25:52] <@DNS_and_BIND> Da, vyzmozhno e...
[16:26:37] <@DNS_and_BIND> Togava obache e preporychitelno subdomaina da ne se delegirna napravo v zonata na clasovo delegirania in-addr.arpa domain
[16:26:50] <@DNS_and_BIND> naprimer
[16:26:58] <@DNS_and_BIND> az moga da delegioram
[16:27:07] <@DNS_and_BIND> 192.191.68.193.in-addr.arpa i taka...
[16:27:15] <@DNS_and_BIND> pri klienta ima zona:
[16:27:26] <@DNS_and_BIND> client.191.68.193.in-addr.arpa
[16:27:44] <@DNS_and_BIND> tazi zona ZADYLZHITELNO se transferira na servera za imena, koito obsluzhva zaiavkitge
[16:27:52] <@DNS_and_BIND> za 191.68.193.in-addr.arpa
[16:28:08] <@DNS_and_BIND> sled tova v zonalnia file na 191.68.193.in-addr.arpa
[16:28:13] <@DNS_and_BIND> se pravi slednoto opisanie...
[16:28:37] <@DNS_and_BIND> 193 CNAME 193.client.191.68.193.in-addr.arpa.
[16:28:38] <@DNS_and_BIND> i t.n..
[16:28:51] <@DNS_and_BIND> pri tova ti ne si zadylzhen po tozi nachin
[16:28:57] <@DNS_and_BIND> da opisvash vsichkite IP adresi...
[16:29:11] <@DNS_and_BIND> ne e nuzhno da opisvash i broadcasta...
[16:29:42] <@DNS_and_BIND> mozhesh da kazhesh SAMO za koi IP adresi da se izvlichat PTR zapisi ot client.191.68.193.in-addr.arpa
[16:29:55] <@ASIC> no ako polzwash 192 za poddomain ne moje da imash delegirane ot wida 192 CNAME 192.192.191.68... zashtoto shte se poluchat NS i CNAME zapisi za syshtoto ime, nali ?
[16:29:58] <@DNS_and_BIND> Tozi nomer mozhe da se pozlva i bezklasovo delegirane SAMO na 1 IP
[16:30:10] <@DNS_and_BIND> Da, pravilno!
[16:30:13] <@ASIC> ok, 10x
[16:30:20] <@DNS_and_BIND> Samo pak da napomnia...
[16:30:23] <@DNS_and_BIND> tuk stava duma
[16:30:35] <@DNS_and_BIND> za mnimo delegirane na subdomain...
[16:30:50] <@DNS_and_BIND> tova e malko tynka rabota... i e po-dobre da se sledva RFC 2317
[16:30:54] <@DNS_and_BIND> Taka...
[16:31:03] <@DNS_and_BIND> Imashe oshte edin vypros...
[16:31:14] <@DNS_and_BIND> MUFA iskashe da pokazha
[16:31:20] <@DNS_and_BIND> kak da proveri delegaciata
[16:31:23] <@DNS_and_BIND> s pomoshtta na dig
[16:31:39] <@DNS_and_BIND> izpylniavam molbata, kato pak za po-lesno davam primer s gornia sluchai
[16:31:53] <@DNS_and_BIND> [root@lcpe network]# dig @ns.digsys.bg -t ns 192.191.68.193.in-addr.arpa
[16:31:53] <@DNS_and_BIND> ; <<>> DiG 9.2.1 <<>> @ns.digsys.bg -t ns 192.191.68.193.in-addr.arpa
[16:31:53] <@DNS_and_BIND> ;; global options: printcmd
[16:31:53] <@DNS_and_BIND> ;; Got answer:
[16:31:53] <@DNS_and_BIND> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19023
[16:31:55] <@DNS_and_BIND> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
[16:31:57] <@DNS_and_BIND> ;; QUESTION SECTION:
[16:31:59] <@DNS_and_BIND> ;192.191.68.193.in-addr.arpa. IN NS
[16:32:01] <@DNS_and_BIND> ;; ANSWER SECTION:
[16:32:03] <@DNS_and_BIND> 192.191.68.193.in-addr.arpa. 86400 IN NS lcpe.pip.digsys.bg.
[16:32:05] <@DNS_and_BIND> 192.191.68.193.in-addr.arpa. 86400 IN NS ns.lcpe.uni-sofia.bg.
[16:32:07] <@DNS_and_BIND> ;; ADDITIONAL SECTION:
[16:32:11] <@DNS_and_BIND> lcpe.pip.digsys.bg. 86400 IN A 193.68.0.202
[16:32:13] <@DNS_and_BIND> ns.lcpe.uni-sofia.bg. 9992 IN A 62.44.103.1
[16:32:17] <@DNS_and_BIND> ;; Query time: 68 msec
[16:32:19] <@DNS_and_BIND> ;; SERVER: 192.92.129.1#53(ns.digsys.bg)
[16:32:21] <@DNS_and_BIND> ;; WHEN: Sun Sep 15 16:20:17 2002
[16:32:25] <@DNS_and_BIND> ;; MSG SIZE rcvd: 141
[16:32:37] <@DNS_and_BIND> Dovolen li si!?
[16:32:39] <+MUFA> asno qno 10x
[16:32:42] <@DNS_and_BIND> oks
========================================================================================================================================================
[16:32:48] <@DNS_and_BIND> Sega natatyk...
[16:33:02] <@DNS_and_BIND> Drugi tynkosti v bezklasovoto delegirane na in-addr.arpa
[16:33:23] <@DNS_and_BIND> Mnogo hora niamat delegirana ciala mrezha ot IP adresi
[16:33:27] <@DNS_and_BIND> a imat samo edin IP adres
[16:33:43] <@DNS_and_BIND> i iskat da si obsluzhvat in-addr.arpa zapisa za nego
[16:33:45] <@DNS_and_BIND> sami...
[16:33:56] <@DNS_and_BIND> t.e. da ne se obazhdat na dostavchika si vseki pyy
[16:33:58] <@DNS_and_BIND> t.e. da ne se obazhdat na dostavchika si vseki pyt
[16:34:08] <@DNS_and_BIND> kato se nalozhi smiana na PTR resursnia zapis
[16:34:28] <@DNS_and_BIND> Ideiata na tozi vid delegirane e slednata...
[16:34:51] <@DNS_and_BIND> Pri klienta se definira zona, v koiato poslenata systavka na domainnioto dyrvo ne e oktet...
[16:34:53] <@DNS_and_BIND> naprimer
[16:35:04] <@DNS_and_BIND> client.191.68.193.in-addr.arpa
[16:35:11] <@DNS_and_BIND> v nego se syzdava PTR zapis
[16:35:22] <@DNS_and_BIND> samo za hosta, koito shte se obsluzhva.,.,
[16:35:26] <@DNS_and_BIND> mozhe da ima i drugi zapisi
[16:35:46] <@DNS_and_BIND> no ako delegiraneto e samo za tozi IP adres, te prosto niama da bydat cheteni
[16:35:53] <@DNS_and_BIND> i taka..
[16:36:01] <@DNS_and_BIND> primetrno klienta ime IP adres
[16:36:06] <@DNS_and_BIND> 193.68.191.200
[16:36:09] <@DNS_and_BIND> togava
[16:36:18] <@DNS_and_BIND> toi v client.191.68.193.in-addr.arpa
[16:36:20] <@DNS_and_BIND> opisva slednoto:
[16:36:31] <@DNS_and_BIND> 200 PTR my.host.domain.
[16:36:40] <@DNS_and_BIND> a v 191.68.193.in-addr.arpa
[16:36:44] <@DNS_and_BIND> tova se delegira taka:
[16:36:59] <@DNS_and_BIND> 200 CNAME 200.client.191.68.193.in-addr.arpa
[16:37:03] <@DNS_and_BIND> 200 CNAME 200.client.191.68.193.in-addr.arpa.
[16:37:06] <@DNS_and_BIND> s tochka:)))
[16:37:13] <@DNS_and_BIND> iziadoh ia malko:)
[16:37:19] <@DNS_and_BIND> mozhe i da ne se pisha in-addr.arpa
[16:37:19] <@DNS_and_BIND> de
[16:37:23] <@DNS_and_BIND> mozhe da se napravi i taka
[16:37:33] <@DNS_and_BIND> 200 CNAME 200.client
[16:37:42] <@DNS_and_BIND> taka...
[16:37:46] <@DNS_and_BIND> pak spomenavam
[16:37:49] <@DNS_and_BIND> che za da stane tova neshto
[16:38:00] <@DNS_and_BIND> domaina client.191.68.193.in-addr.arpa
[16:38:09] <@DNS_and_BIND> ne se opisva v 191.68.193.in-addr.arpa
[16:38:18] <@DNS_and_BIND> a samo se transferira na serverite za imena
[16:38:28] <@DNS_and_BIND> otgovorni za 191.68.193.in-addr.arpa
[16:38:56] <@DNS_and_BIND> imaite predvid, che po RFC 2317 opisanieto na 1 IP adres
[16:39:01] <@DNS_and_BIND> ne e vyzmozho
[16:39:04] <@DNS_and_BIND> i ne se pravi...
[16:39:23] <@DNS_and_BIND> t.e. ne se i opitvaite... pravi zonata vi nerabotosposobna
[16:39:37] <@DNS_and_BIND> ima i drug nachin za bezklasovo delegirane
[16:39:45] <@DNS_and_BIND> na in-addr.arpa za 1 IP adres...
[16:40:08] <@DNS_and_BIND> tova e kato PTR zapisa se nasochi kym domain... Predi ne znaeh, che v BG se pravi,
[16:40:15] <@DNS_and_BIND> no Boyan priatno me iznenada s tova
[16:40:18] <@DNS_and_BIND> predi niakolko dni
[16:40:31] <@DNS_and_BIND> ASIC: Pokazhi molia te
[16:40:35] <@ASIC> ok
[16:41:21] <@ASIC> w zonata 255.12.194.in-addr.arpa. ima
[16:41:21] <@ASIC> 250.255.12.194.in-addr.arpa. 86394 IN CNAME rdns-lirexnet-250.ludost.net.
[16:42:23] <@ASIC> a w ludost.net zonata ima
[16:42:23] <@ASIC> rdns-lirexnet-250 IN PTR marla
[16:42:32] <@DNS_and_BIND> Taka...
[16:42:38] <@DNS_and_BIND> Tova e mnogo hitar nachin...
[16:42:49] <@DNS_and_BIND> za zhalost niakoi web-formi za upravlenie na domaini
[16:43:05] <@DNS_and_BIND> ne pozvoliavat da se pravi PTR zapis, koeto e otkrovenio kazano pylna divotia
[16:43:37] <@DNS_and_BIND> i mnogo hora mozhe da ne mogat da napravia tozi nachin na delegirane, no iskam da vi kazha, che tova e edin mnogo dobyr nachin za bezklasovo delegirane
[16:43:45] <@DNS_and_BIND> toi mozhe da se polzva ne samo za 1 IP adres
[16:43:52] <@DNS_and_BIND> mozhe da se pozlva i za ciala mrezha...
[16:44:06] <@DNS_and_BIND> Pozdeavlenia za Boyan, che go e napravil!
[16:44:16] <@DNS_and_BIND> Sega shte sravnia izlozhenia ot men nachin
[16:44:19] <@DNS_and_BIND> i toi na Boyan
[16:44:28] <@DNS_and_BIND> i shte napravia niakolko izvoda...
[16:45:00] <@DNS_and_BIND> 1. nachina na delegirane prilozhen ot Boyan e po-sigurn ot gledna tochka na delegirane na domaina v koito e napraven PTR zapisa
[16:45:14] <@DNS_and_BIND> 2. izlozhenia ot men nachin kyca tochno tam
[16:45:21] <@DNS_and_BIND> chesto sreshtano iavlenie e slednoto...
[16:45:45] <@DNS_and_BIND> clientskata zona se transferira samo na edinia server za imena
[16:45:57] <@DNS_and_BIND> na domaina delegiran po clasov pyt
[16:46:01] <@DNS_and_BIND> a ne i na drugite...
[16:46:04] <@DNS_and_BIND> i se poluchava taka
[16:46:30] <@DNS_and_BIND> che kogato se zapitvat drugite serveri za imena, na koito ima clasovo delegiranata zona
[16:46:42] <@DNS_and_BIND> na niama mnimo definirania clientski domain
[16:46:48] <@DNS_and_BIND> otgovor niama...
[16:47:12] <@DNS_and_BIND> 3. Nachina izlozhen ot Boyan obvyrzva zapisa s opredelen domain...
[16:47:22] <@DNS_and_BIND> i sledovatelno s dryg register
[16:47:45] <@DNS_and_BIND> 4. Moia nachin ne pravi tova, no e obvyrzan s techicheskata poddryzhka ot strana na sobstvenika
[16:47:57] <@DNS_and_BIND> na clasovo delegiranataz zona...
[16:48:05] <@DNS_and_BIND> Koi nachin shte predpochete vie
[16:48:14] <@DNS_and_BIND> si zavisi ot konkretnite osobenosti
[16:48:47] <@DNS_and_BIND> I dvata sa prilozhimi... samo se syobraziavaite s technicheskata vyzmozhnost za realizirane
[16:48:51] <@DNS_and_BIND> Taka...
[16:49:02] <@DNS_and_BIND> Sega shte pochna edna tema, koiato mozhe na niakoi
[16:49:08] <@ASIC> predi da q zapochnesh
[16:49:08] <@DNS_and_BIND> da se stoi bezinteresna
[16:49:11] <@DNS_and_BIND> da?
[16:49:26] <@ASIC> da otbeleja fakta za da ne se obyrka nqkoj
[16:50:14] <@ASIC> wyzmojdo e mnimata zona client.191.68.... da ne se transferira na serverite koito obslujwat 191.68... a da ima ns zapisi w 191.68.... zonata koito da izglejdat taka
[16:50:35] <@ASIC> client IN NS ns1.domain.com.
[16:50:40] <@ASIC> client IN NS ns2.domain.com
[16:50:54] <@DNS_and_BIND> vyzmozhno e... no po nepisani pravila nikoi ne go pravi
[16:50:55] <@ASIC> towa mislq che go kaza, no ne sym siguren dali sa go razbrali wsichki ..
[16:51:13] <@DNS_and_BIND> ok, propuska e moi...
[16:51:20] <@DNS_and_BIND> syzheliavam...
[16:51:22] <@ASIC> wsyshtnost w RFC-to po temata e opisano po tozi nachin
[16:51:37] <@DNS_and_BIND> znachi sega shte poisnia neshto:))
[16:51:50] <@ASIC> i ponqkoga e po-udobno, zashtoto ne mojesh da nakarash primerno ripe da transferirat zonata client.191.68... pri tqh
[16:52:08] <@DNS_and_BIND> dobre:) samo da poiasnia neshto:)
[16:52:46] <@DNS_and_BIND> ISP-tata, koito sa sobstvenici na clasovo delegirani in-addr.arpa domaini
[16:52:53] <@DNS_and_BIND> i koito pravia bezklasovo delegirane
[16:53:10] <@DNS_and_BIND> predvaritelno preparcelirat zonite za in-addr.arpa
[16:53:12] <@DNS_and_BIND> domainite si
[16:53:24] <@DNS_and_BIND> i kato doite niakoi client da si kupi mrezha
[16:53:31] <@DNS_and_BIND> te ne pipat zonata...
[16:53:48] <@DNS_and_BIND> samo nasochvat da se tegli zonata mu ot edi koi si server za imena
[16:54:02] <@DNS_and_BIND> i tia e mnima v sluchaia...
[16:54:05] <@DNS_and_BIND> drugia podhod e
[16:54:34] <@DNS_and_BIND> Taka i go opisvat povecheto dostavchici
[16:54:54] <@DNS_and_BIND> V chastnost DigSys izpozvat i stealth serveri
[16:54:56] <@DNS_and_BIND> t.e.
[16:55:02] <@DNS_and_BIND> praviat bezklasovo delegirane
[16:55:16] <@DNS_and_BIND> no vinagi delegirat sys svoite si serveri za imena
[16:55:32] <@DNS_and_BIND> t.e. te tegliat ot clienta zonite
[16:55:39] <@DNS_and_BIND> a technite serveri gi obsluzhvat
[16:55:43] <@DNS_and_BIND> i tova e nachin...
[16:56:00] <@DNS_and_BIND> Niama recepta... vazhnoto e da ti e udobno:)
[16:56:03] <@DNS_and_BIND> tova e...
[16:56:14] <@DNS_and_BIND> Vyrposi ima li ili da minavam natataka!?
[16:56:36] <@ASIC> ako nqkoj iska da zadawa wypros da prati private message na men ili DNS_and_BIND
[16:57:18] <@DNS_and_BIND> mai niama...
[16:57:21] <@ASIC> ima FAQ
[16:57:26] <@ASIC> mnogo hora me pitat
[16:57:32] <@ASIC> kyde shte postnesh loga
[16:57:44] <@ASIC> otgowora e: http://boyan.ludost.net/papers/bind-lect.html
[16:57:51] <@DNS_and_BIND> dobre.,. malko pochivka za utochnenia
[16:59:10] <@DNS_and_BIND> Taka...
[16:59:16] <@DNS_and_BIND> kym poslednite temi
=================================================================================================================================
[17:00:06] <@DNS_and_BIND> Stava duma za in-addr.arpa za obsluzhvane na adresni prostranstva otdeleni za chastni virtualni mrezhi
[17:00:48] <@DNS_and_BIND> Tuk neshtata sa dosta neednoznachni
[17:01:00] <@DNS_and_BIND> i shte se opitam da go obiasnia po-detailno...
[17:01:26] <@DNS_and_BIND> Prichinata e, che sega mnogo se govori za chastni virtualni mrezhi i za tiahnoto obsluzhvane
[17:01:42] <@DNS_and_BIND> no niama praktichesko rykovodstvo za DNS obsluzhvaneto im
[17:01:51] <@DNS_and_BIND> oshte po-malko za in-addr.arpa delegiraneto
[17:02:09] <@DNS_and_BIND> Eto vi edin primer
[17:02:14] <@DNS_and_BIND> za realen anahronizam...
[17:02:27] <@DNS_and_BIND> Edna organizacia gradi chastna virtualna mrezha
[17:02:41] <@DNS_and_BIND> tia ima tri mrezhi
[17:02:48] <@DNS_and_BIND> 192.168.0.0/24
[17:02:54] <@DNS_and_BIND> 192.168.1.0/24
[17:02:59] <@DNS_and_BIND> i 192.168.2.0/24
[17:03:19] <@DNS_and_BIND> (primerno za razlichnite otdeli)
[17:03:43] <@DNS_and_BIND> pita se sega
[17:03:55] <@DNS_and_BIND> kakvo da pravim s in-addr.arpa obsluzhvaneto
[17:04:23] <@DNS_and_BIND> ako vsiaka ot tezi mreshi pritezhava server za imena, koito da obsluzhva in-addr.arpa domainte im
[17:04:32] <@DNS_and_BIND> Ima edin tromav izhod...
[17:04:40] <@DNS_and_BIND> toi se systoi v slednoto...
[17:04:54] <@DNS_and_BIND> primerno servera za imena za 0.168.192.in-addr.arpa
[17:05:01] <@DNS_and_BIND> e 192.168.0.1
[17:05:12] <@DNS_and_BIND> za 1.168.192.in-addr.arpa
[17:05:17] <@DNS_and_BIND> e 192.168.1.1
[17:05:21] <@DNS_and_BIND> za 2.168.192.in-addr.arpa
[17:05:22] <@DNS_and_BIND> e 192.168.1.2
[17:05:56] <@DNS_and_BIND> vsichki te sa svyrzani kym Internet prez dostavchik i sledvat forward politika za obsluzhvane na zaiavkite...
[17:06:34] <@DNS_and_BIND> Ako sega klient ot mrezhata 192.168.0.0/24 poiska da izvleche PTR resursen zapis za 192.168.1.10
[17:06:56] <@DNS_and_BIND> toi se popita servera, koito e za negovata mrezha (obiknoveno taka se konfigurira)
[17:07:32] <@DNS_and_BIND> togava
[17:07:47] <@DNS_and_BIND> shte traibva da izvleche PTR resursnia zapis
[17:07:57] <@DNS_and_BIND> 10.1.168.192.in-addr.arpa
[17:08:13] <@DNS_and_BIND> koito se namira na servera za imena 192.168.1.1
[17:08:35] <@DNS_and_BIND> pita se kak servera za imena 192.168.0.1 (prez koito klienta izprashta zaiavkata) shte postypi...
[17:09:08] <@DNS_and_BIND> Ami shte postypi kakto se podobava.. shte izprati zapitvaneto kym servera, chrez koito se razalizira forward
[17:09:12] <@DNS_and_BIND> disciplinata
[17:10:12] <@DNS_and_BIND> a toi shte go preprati do niakoi root-server i shte se tigne samo do nikade...
[17:10:30] <@DNS_and_BIND> problema e v tova, che ponezhe mrezhata e chastna.. tia mozhe da se polzva ot vseki...
[17:11:06] <@DNS_and_BIND> i zaiavkite za 168.192.in-addr.arpa shte bydat preprateni
[17:11:19] <@DNS_and_BIND> kym niakoi ot serverite za imena za 192.in-addr.arpa
[17:11:29] <@DNS_and_BIND> no v opisanieto na zonata 192.in-addr.arpa
[17:11:38] <@DNS_and_BIND> e kazano, che vsichko za 168.192.in-addr.arpa
[17:11:43] <@DNS_and_BIND> otiva v chernata dupka...
[17:12:06] <@DNS_and_BIND> i po-natatushnata posledovatelnost za obsluzhvane
[17:12:11] <@DNS_and_BIND> se prekysva
[17:12:22] <@DNS_and_BIND> pita se togava kak da se izleze ot tozi problem...
[17:12:38] <@DNS_and_BIND> Tromavia otgovor, koito spomenah kato poniatie po-gore
[17:12:42] <@DNS_and_BIND> e vseki server za imena
[17:12:50] <@DNS_and_BIND> na vsiaka ot podmrezhite
[17:12:54] <@DNS_and_BIND> da transferira
[17:13:18] <@DNS_and_BIND> zonata na syotvetnia clasov in-addr.arpa domain
[17:13:22] <@DNS_and_BIND> pri sebe si
[17:13:28] <@DNS_and_BIND> tova znachi che
[17:13:43] <@DNS_and_BIND> 192.168.0.1 shte transferira 1.168.192.in-addr.arpa
[17:13:48] <@DNS_and_BIND> i 2.168.192.in-addr.arpa
[17:14:12] <@DNS_and_BIND> (a vyrhi nego shte e originala na 0.168.192.in-addr.arpa)
[17:14:28] <@DNS_and_BIND> i t.n....
[17:14:46] <@DNS_and_BIND> tova e tromavo i nenormalno... osobeno ako mrezhata se razsrasne...
[17:15:03] <@DNS_and_BIND> izhodyt e edin i se osnovava na izpozlvane na zoni ot tib "stub"
[17:15:12] <@DNS_and_BIND> i izgrazhdane na register
[17:15:17] <@DNS_and_BIND> (localen)
[17:15:22] <@DNS_and_BIND> za 168.192.in-addr.arpa
[17:15:40] <@DNS_and_BIND> celta na tazi shema e da ne dopuska zaiavkite da izlizat izvyn virtualnata mrezha
[17:15:56] <@DNS_and_BIND> i v chastnost da otivat kym root-serverite i posle kym tezi na arin.net
[17:16:23] <@DNS_and_BIND> eto i detailite na realiziraneto na cialata tazi rabota...
[17:16:47] <@DNS_and_BIND> Pyrvo se pravi centralen server za imena na chastnata mrezha
[17:16:56] <@DNS_and_BIND> toi shte izylniava roliata na register...
[17:17:07] <@DNS_and_BIND> Vyrhu nego
[17:17:22] <@DNS_and_BIND> ne e nuzhno da se tegliat vsichki zoni na in-addr.arpa domaini
[17:17:29] <@DNS_and_BIND> dostatychno e te da sa opisani
[17:17:36] <@DNS_and_BIND> kato tip stub...
[17:17:48] <@DNS_and_BIND> Pak se obryshtam kym gornia primer za da stane iasno i nagledno
[17:18:14] <@DNS_and_BIND> naprimer v mrezha (koiato mozhe da se polzva i za backbone adresno prostranstvo) 192.168.100.0/24
[17:18:30] <@DNS_and_BIND> se izgrazhda servera za imena
[17:18:34] <@DNS_and_BIND> 192.168.100.1
[17:18:38] <@DNS_and_BIND> i toi e registera..
[17:18:41] <@DNS_and_BIND> v negovia file
[17:18:46] <@DNS_and_BIND> /etc/named.conf
[17:18:52] <@DNS_and_BIND> se praviat slednite opisania...
[17:19:07] <@DNS_and_BIND> zone "0.168.192.in-addr.arpa" {
[17:19:11] <@DNS_and_BIND> type stub;
[17:19:21] <@DNS_and_BIND> forwarders {};
[17:19:40] <@DNS_and_BIND> file "stubs/0.168.192.in-addr.arpa";
[17:19:44] <@DNS_and_BIND> };
[17:19:49] <@DNS_and_BIND> zone "0.168.192.in-addr.arpa" {
[17:19:55] <@DNS_and_BIND> ops...
[17:19:58] <@DNS_and_BIND> zone "1.168.192.in-addr.arpa" {
[17:20:01] <@DNS_and_BIND> type stub;
[17:20:03] <@DNS_and_BIND> forwarders {};
[17:20:09] <@DNS_and_BIND> file "stubs/1.168.192.in-addr.arpa";
[17:20:24] <@DNS_and_BIND> izpusnah obache masterite
[17:20:28] <@DNS_and_BIND> i zatova shte pochna otnovo
[17:20:31] <@DNS_and_BIND> izvinete me za tova
[17:20:40] <@DNS_and_BIND> tova sa riskovete na on-line iziavat
[17:20:52] <@DNS_and_BIND> ta pak povtariam kak da se izvyrshi opisanieto
[17:21:02] <@DNS_and_BIND> na tezi zoni...
[17:21:09] <@DNS_and_BIND> zone "0.168.192.in-addr.arpa" {
[17:21:13] <@DNS_and_BIND> type stub;
[17:21:16] <@DNS_and_BIND> forwarders {}
[17:21:41] <@DNS_and_BIND> masters { 192.168.0.1;};
[17:21:51] <@DNS_and_BIND> file "stubs/0.168.192.in-addr.arpa"
[17:21:54] <@DNS_and_BIND> };
[17:22:00] <@DNS_and_BIND> i taka za vsichkite...
[17:22:14] <@DNS_and_BIND> Kakva e ideiata pri tozi nachin na delegirane na zonite...
[17:22:36] <@DNS_and_BIND> zonite ne se transferirat v registera...
[17:22:53] <@DNS_and_BIND> a samo se izteglia SOA zapisa i NS zapisite
[17:23:16] <@DNS_and_BIND> taka, ako niakoi e zabranil da se transferira zonata si
[17:23:27] <@DNS_and_BIND> taka, ako niakoi e zabranil da se transferira zonata mu (izvinete)
[17:23:41] <@DNS_and_BIND> mozhe pak da se ima informacia za neia
[17:23:54] <@DNS_and_BIND> pod formata na SOA i NS resursni zapisi
[17:24:02] <@DNS_and_BIND> Sledvashtata stypka
[17:24:16] <@DNS_and_BIND> e dvuznachna...
[17:24:26] <@DNS_and_BIND> ili registera
[17:24:37] <@DNS_and_BIND> shte traibva da podchini vsichki zaiavki da minavat prez nego
[17:24:52] <@DNS_and_BIND> i chrtez NS resursnite zapisi za zonite da prenasochva zaiavkite kym tiah
[17:25:00] <@DNS_and_BIND> ili da se napravi drugo...
[17:25:05] <@DNS_and_BIND> a imenno
[17:25:28] <@DNS_and_BIND> da se prepravi ciala shema...
[17:25:37] <@DNS_and_BIND> T.e. da se izraboti nov variant...
[17:25:59] <@DNS_and_BIND> pri nego v registera se syzdava zonalnia file 168.192.in-addr.arpa
[17:26:11] <@DNS_and_BIND> opisvat se clasovo delegirano subdomainite
[17:26:27] <@DNS_and_BIND> i sled tova VSEKI server za imena ot clientskite mrezhi
[17:26:43] <@DNS_and_BIND> definira 168.192.in-addr.arpa kato zona tip stub
[17:26:52] <@DNS_and_BIND> i izteglia samo SOA zapisa i serverite za imena
[17:26:56] <@DNS_and_BIND> pak davam primer
[17:27:25] <@DNS_and_BIND> zapisite vyv 168.192.in-addr.arpa bih bili slednite:
[17:27:39] <@DNS_and_BIND> 0 NS net1.vpn.
[17:27:49] <@DNS_and_BIND> 1 NS net2.vpn.
[17:27:55] <@DNS_and_BIND> 2 NS net3.vpn.
[17:28:05] <@DNS_and_BIND> Pisha gi s po edin NS zapis v delegaciata
[17:28:13] <@DNS_and_BIND> no mozhe da se slozhat i poveche
[17:28:27] <@DNS_and_BIND> i taka... seha otivame na serverite za imena
[17:28:35] <@DNS_and_BIND> pri syotvetnite mrezhi...
[17:28:45] <@DNS_and_BIND> primerno na 192.168.0.1
[17:28:56] <@DNS_and_BIND> tam v /etc/named.conf se pishe
[17:29:04] <@DNS_and_BIND> zone "168.192.in-addr.arpa" {
[17:29:08] <@DNS_and_BIND> type stub;
[17:29:16] <@DNS_and_BIND> forwarders {};
[17:29:28] <@DNS_and_BIND> file "stubs/168.192.in-addr.arpa";
[17:29:38] <@DNS_and_BIND> masters { 192.169.100.1;};
[17:29:39] <@DNS_and_BIND> };
[17:29:49] <@DNS_and_BIND> tova se pravi i na 192.168.1.1
[17:29:52] <@DNS_and_BIND> i na 192.168.2.1
[17:30:09] <@DNS_and_BIND> zabelezhete tova forwarders {}; v opisanito na zonata
[17:30:13] <@DNS_and_BIND> za kakvo sluzhi to!?
[17:30:50] <@DNS_and_BIND> to se postavia za da mozhe, ako v ramkite na niakoia in-addr.arpa domain, koito obsluzhva chastnata mrezha, ima definiran subdomain
[17:31:22] <@DNS_and_BIND> da ne se pita forward servera, koito obiknoveno e izvyn chastnata mrezha, a da se sledvat NS resursnite zapisi ot zonata
[17:31:27] <@DNS_and_BIND> Chestno tova se propuska
[17:31:49] <@DNS_and_BIND> ne se znae ili ne se zabeliazva i se kazva "Takyv nachin na delegirane ne raboti za subdomaini"
[17:32:05] <@DNS_and_BIND> niama nishto podobno! raboti, ako se napravi vnimatelno
[17:32:11] <@DNS_and_BIND> taka...
[17:32:15] <@DNS_and_BIND> Samo oshte da kazha neshto
[17:32:57] <@DNS_and_BIND> Problema s forward v chastnite mrezhi vinagi e problem, no po nachina, po-koito izlozhih vtoria variant na napravata na register
[17:33:03] <@DNS_and_BIND> za 168.192.in-addr.arpa
[17:33:24] <@DNS_and_BIND> toi problem ne stoi i niama da ima zaiavki izlezli navyn ot neia
[17:33:36] <@DNS_and_BIND> Tova e udobnoto na tazi shema!
[17:34:27] <@DNS_and_BIND> Traibva da vi kazha, che mnogo firmi, koito slagat emblema, che izgrazhdat chasti virtualni mrezhi ne znaiat tova, a tezi koito go znaiat pecheliat s tova ogromni pari
[17:35:03] <@DNS_and_BIND> znam, che mnogo hora shte se syrdiat, che tova neshto e kazano taka na vsichki... no bylgarina e beden i niama tolkova pari, a tova spyva navlizaneto na novoto....
[17:35:08] <@DNS_and_BIND> Tova e ot men...
[17:35:13] <@DNS_and_BIND> Umorih se dosta
[17:35:19] <@DNS_and_BIND> sega davaite s vyprosite...
[17:37:51] <@DNS_and_BIND> Boyan ima neshto da dopylni ...
[17:38:11] <@ASIC> DNS_and_BIND spomena za blackhole w kojto otiwat wsichki zaqwki za priwate reverse dns imena koito sa izleznali ot wytreshna mreja
[17:39:30] <@ASIC> primerno ako nqkoj zapita root server za ptr zapis za 1.0.0.10.in-addr.arpa. toj shte otgowori che ne e authoritative za tazi zona, a authoritative serverite sa blackhole-1.iana.org i blackhole-2.iana.org
[17:40:15] <@ASIC> koito sa istinski mashini koito si imat dobre izwesten adres syotwetno 192.175.48.6 i 192.175.48.42
[17:40:49] <@ASIC> wsichki query-ta dns za reverse dns na private adresnoto prostranstwo 10.0.0.0/8 172.16.0.0/12 i 192.168.0.0/16 stigat do tezi dwa servera
[17:41:20] <@ASIC> ta... www.as112.net opiswa dns serverite koito obslujwat tezi greshni zaqwki.
[17:41:53] <+apt-get> osven ako ne kazes NA REZOLVER-a da ne stiga do tezi servers
[17:41:57] <@ASIC> w momenta trafika kym wseki edin ot 5-te servera e nqkolko megabita.. syizmerim s tozi kym wseki ot root serverite
[17:42:15] <@ASIC> apt-get, ne razbrah kakwo imash predwid
[17:42:44] <@ASIC> as112 serverite sa prysnati po sweta. obshto 5 servera koito spodelqt syshtiq public ip adres
[17:43:03] <+apt-get> ako kazes na local resolver-a da pita local server-s za local IPs
[17:43:44] <@ASIC> apt-get: obiknowenno resolvera e stub resolver, kojto ako ne mu kajesh adres na rekursiwen dns server ne raboti
[17:44:16] <@ASIC> apt-get: oshte ako dns servera ti ne e konfiguriran prawilno pak shte iztyrwash dns queri-ta kym blackhole serverite
[17:44:22] <@ASIC> apt-get, izchakaj me da dowyrsha molq
[17:44:30] <+apt-get> ideiata e che dnscache ot djbdns paketa pozvoliava da se ukaze koi e authoritativa za daden domain
[17:45:17] <@ASIC> apt-get: pyrwo, nikoj ne gowori za nqkoj konkreten produkt na vendora X ili vendora Y. dnscache moje da e mnogo gotin produkt. ama nachina po kojto se reshawat s nego opredeleni problemi ne e unikalen za nego
[17:45:32] <@ASIC> apt-get: s wseki dns server mojesh da okajesh syshtoto
[17:45:41] <@ASIC> apt-get, ako obichash da ne me prekyswash
[17:45:49] <@ASIC> taka
[17:46:49] <@ASIC> ta do tezi serveri stigat mnogo query-ta, koito poluchawat NXDOMAIN otgowor, kojto se keshira ot prilichnite dns caching serveri.
[17:47:28] <@ASIC> syshto wsqka organizaciq ili isp moje da obslujwa blackhole zaqwkite lokalno. kakto primerno prawq az w LirexNet wijte http://as112.ludost.net/
[17:48:44] <@ASIC> nikoj ne moje da dade garanciq che nito edno pc w edin golqm enterprice, polzwash private adresno prostranstwo ne e natroeno greshno sys wynshen dns server.
[17:49:34] <@ASIC> ta, dobra ideq e ako znaete che wie ili washi klienti polzwat private adresno prostranstwo da obslujwate lokalno tezi zaqwki. Ne e zadyljitelno razbira se.
[17:50:04] <@ASIC> no ne e dobra ideq prosto da filtrirate adresite, trqbwa da wryshtate nxdomain na dns serverite ili resolverite koito popitat
[17:50:07] <@ASIC> wyprosi ?
[17:52:50] <@ASIC> utochnenie, obiknowenno towa koeto se prawi e samo da imate wytreshnite reverse dns zoni opisani kato stub na wseki server na kojto priemate zaqwki ot wytreshnite mashini
[17:53:19] <@ASIC> po nachina po kojto kazwa apt-get sys dnscache i explicitno opisani authoritative serveri
[17:54:08] <@ASIC> ili s bind i stub zona za 168.192.in-addr.arpa. ili sys kojto i da e drug caching dns server, kojto moje da wryshta auth otgowori
[17:54:53] <@ASIC> ako nqma wyprosi 5 minuti otworena diskusiq, i sled towa zapochwa moqta lekciq
[17:57:15] <@ASIC> ok ako imate wyprosi po kakwoto i da e dosega zadajte gi
[17:57:26] <ZeaN> kajete neshto za vhosts
[17:57:44] <ZeaN> kato novak pitam za obshti prikazki
[17:58:15] <@ASIC> ZeaN, kakwo iskash da postignesh ?
[17:58:24] <@ASIC> za razlichnite celi ima razlichni instrumenti
[17:58:40] <ZeaN> az lichno nishto
[17:59:05] <ZeaN> interesyva me kato ponqtie kakvo a i dokolkoto znam ne se plashta za tqh t.e. nastroiki e
[17:59:12] <@ASIC> ako ne iskash da postignesh nishto a se interesuwash ot dns po-dobre razgledaj dokumentaciqta na nqkoj populqren dns server - primerno BIND
[17:59:30] <@ASIC> pod vhosts razlichnite hora razbirat razlichni neshta
[17:59:33] <ZeaN> dobre
[17:59:40] <@ASIC> primerno virtualni http (Web) serveri
[17:59:47] <ZeaN> dam
[17:59:52] <ZeaN> i takiva sum sreshtal
[18:00:06] <@ASIC> pri koito na edna mashina se tyrkalqt mnogo otdelni dns domain-i
[18:00:18] <ZeaN> dam tova e qsno
[18:00:21] <@ASIC> konkretno za towa, zashtoto ima i drugi vhostowe
[18:00:26] <@ASIC> moje da se naprawi po dwa nachina
[18:00:45] <@ASIC> ediniq e address-based virtual hosts, kojto za wsqko domain ime imash otdelen ip adres
[18:01:15] <ZeaN> ami za tezi koito se polzvat ot irc bnc-tata
[18:01:17] <@ASIC> wsichkite ip adresi sa na edna i syshta mashina i http server poznawa po towa ne koj adres e doshla zaqwkata
[18:01:32] <@ASIC> ZeaN, koi tezi.... vhostowe li ?
[18:01:39] <ZeaN> dam
[18:01:48] <@ASIC> t.e interesuwash se ot vhostowete, koito se polzwat ot irc bnc-tata ?
[18:01:55] <ZeaN> za tqh sum chyval che ne se registrirat
[18:02:05] <@ASIC> nikoj vhost ne se registrira
[18:02:41] <ZeaN> i ne mogat da se polzvat na mqstoto na domaini?
[18:02:42] <@ASIC> wsqko reverse dns ime (ako shtesh wikaj mu ip adres) moje da ima tochno edno 'prawo' ime koeto mu syotwetstwa
[18:02:58] <ZeaN> s cel izbqgvane plashtaniqta
[18:03:14] <@ASIC> t.e. ako iskashed na mashina da se wijda kato mnogo razlichni imena ti trqbwat otdelni ip adresi za wsqko ime
[18:03:25] <@ASIC> irc servera prowerqwa dali ima prawo ime koeto da syotwetstwa na obratnoto
[18:03:35] <ZeaN> aaaham
[18:03:52] <@ASIC> taka che ako nqmash prawo ime primerno nasa.gov ne mojesh da wlizash s nasa.gov w irc, dori i da imash konfiguriran reverse dns
[18:04:12] <@ASIC> oswen ako razbira se ne se sloji konfiguraciq w irc servera
[18:04:28] <@ASIC> ... no towa e malko out of topic mi se struwa, ne mislish li ?
[18:04:29] <ZeaN> da de ... spoofove razni i V: linii
[18:04:39] <ZeaN> tova imash predvid nali?
[18:04:44] <@ASIC> da
[18:04:50] <@ASIC> drugi wyprosi ima li ?
[18:05:00] <apt-get> az
[18:05:31] <apt-get> po-poslednia ti otgovor - daze serever da ima dve-tri imena - triabva samo edin reverse record?
[18:05:52] <ZeaN> az samo iskam da ako moje da preporuchate neshto za chetene
[18:06:06] <ZeaN> bilo za newbies bilo za advanced
[18:06:17] <@ASIC> ne, moje da imash mnogo reverse records, wypreki che rfc-to ne kazwa dali za wsqko prawo ime trbqwa da imash syotweten reverse
[18:06:52] <_Lupo> ? ima li drugi DNS osven BIND ?
[18:07:06] <@ASIC> no ne mojesh po tozi nachin da prawish irc vhosts, t.k. irc servera prawi prawata prowerka
[18:07:21] <@ASIC> _Lupo da, ima djbdns, powerdns primerno
[18:07:33] <@ASIC> _Lupo, ima i drugi
[18:07:53] <@DNS_and_BIND> M$ DNS:)
[18:07:58] <apt-get> ASIC: ne specialno za irc, a kakva e dobrata praktika. kak da pravim pravilni in-addr.arpa
[18:07:59] <@ASIC> naj-izwestnite sa bind i djbdns
[18:07:59] <ZeaN> :)
[18:08:05] <@DNS_and_BIND> Koito si e na praktika BIND...
[18:08:07] <@ASIC> MS DNS e baziran na bind (ili pone beshe)
[18:08:09] <_Lupo> Predpolagam tiahnoto config. e dr.
[18:08:33] <@ASIC> apt-get, az lichno preporychwam da ima samo edin ptr zapis sys _primary_ imeto na mashinata
[18:08:40] <apt-get> dori mnogo cname kum host ip - edin reverse record?
[18:08:43] <@ASIC> _Lupo, da
[18:08:48] <ZeaN> a moje da "setne" primerno vhost (irc) na IP koeto vurvi s M$ OS (Win 98 primerno)
[18:09:00] <ZeaN> ili tova zavisi ot dns-a na mrejata?
[18:09:04] <@ASIC> apt-get, dori mnogo A kym syshtoto ip -> edin ptr
[18:09:15] <apt-get> ASIC: 10x
[18:09:22] <_Lupo> OK
[18:09:36] <@ASIC> ZeaN, neshtata koito goworim ne sa vendor-specific.
[18:09:46] <@ASIC> ako mojesh da go naprawish s edin dns shte mojesh i s drug
[18:10:16] <@ASIC> wse edno da pitash moga li s mozilla da cheta stranici zapisani na ms iss web server ...
[18:10:19] <ZeaN> da, no zashtoto sum chyval che za win98 primerno se bara WINS-a
[18:10:20] <@ASIC> drugi ?
[18:10:50] <@ASIC> ZeaN, byrkash neshtata - wins name service za microsoftskata mreja, kogato tq raboti wyrhu ip
[18:11:01] <@ASIC> nqma obshto s internet domain name sistemata - DNS
[18:11:01] <ZeaN> sega e qsno veche
[18:11:11] <ZeaN> 10x
[18:12:05] <@DNS_and_BIND> Dobre...
[18:12:07] <@ASIC> ok, ako nqma poweche shte pomolq za tishina w zalata :)
[18:12:12] <@DNS_and_BIND> samo kato zakluchenie
[18:12:33] <@DNS_and_BIND> ako niakoi iska da pita neshto oshte konkretno...
[18:12:39] <@DNS_and_BIND> da mi pishe
[18:12:46] <@DNS_and_BIND> na vlk@lcpe.uni-sofia.bg
[18:12:46] <apt-get> ako moze 1-2 min pause - za pish ;)
[18:13:01] <@DNS_and_BIND> Shte se postaraia da dam otgovor na vseki
[18:13:11] <@DNS_and_BIND> Ponezhe mi stana malko losho i se preumorih
[18:13:22] <@DNS_and_BIND> shte trygvam
[18:13:28] <@DNS_and_BIND> Inache za preporychvane...
[18:13:32] <@DNS_and_BIND> na documenti...
[18:13:41] <@DNS_and_BIND> Chetete documentaciata idvashta s BIND
[18:13:55] <@DNS_and_BIND> niakoi neshta, ot tezi koito govorih go ima
[18:13:55] <@DNS_and_BIND> na
[18:14:04] <@DNS_and_BIND> http://www.lcpe.uni-sofia.bg/linuxdoc
[18:14:12] <@DNS_and_BIND> tova e ot men
[18:14:25] <@DNS_and_BIND> Ostavam Boyan natatyk da poema kormiloto na seminara
[18:14:34] <@DNS_and_BIND> Blagodaria vi che ni uvazhihte!
[18:15:07] * Hristo pod formata na lamerche blagodari
[18:15:39] <@ASIC> blagodarq i az. a sega moqta (wtora?) lekciq
[18:15:40] <KeuH> 10x :))
==================================================================================
[18:16:31] <@ASIC> ----------------- DNS tunning ------------------
[18:16:31] <@ASIC> DNS trafika moje da se klasificira na dwa wida - trafik mejdu krajnite klienti i keshirashtite serveri (predimno rekursiwni zaqwki, koito keshirashtiq server obslujwa ot imeto na klienta, i non-authoritive otgowori ot kesha kym klienta) i trafik kym ot ot authoritivni serveri za daden domain (authoritive dns) (predimno ne-rekursiwni zaqwki i authoritive otgowori).
[18:16:31] <@ASIC> Za keshirashtiq dns trafik. Kogato e mejdu wash server i klienti, nqmate drug izbor oswen tozi trafik da e wyrhu DNS protokola na port 53 wyrhu tcp i/ili udp. Kogato obache e mejdu
[18:16:58] <@ASIC> -
[18:16:59] <@ASIC> Tazi lekciq se zanimawa samo s optimiziraneto na recursive/caching dns trafika, mejdu mashini pod wash administrativen kontrol.
[18:17:00] <@ASIC> -
[18:17:21] <@ASIC> Primer kyde mojete da widite lwres trafik - mejdu washiq mail server i keshirasht dns server, mejdu mashinata na koqto analizirate web logowe i washiq keshirasht dns server. mejdu mashina koqto poluchawa syslog i keshirashtiq dns server.
[18:17:21] <@ASIC> Syshto taka moje lwres trafika da e zatworen w ramkite na edin host, s cel namalqwane na natowarwaneto na mashinite i mrejata.
[18:17:21] <@ASIC> Na praktika na wsqko mqsto kydeto imate dns trafik mejdu stub resolver biblioteka i dns server mojete da go zamenite sys lwres trafik.
[18:17:22] <@ASIC> -
[18:17:49] <@ASIC> Az lichno predpochitam na wsqka mashina da imam lwres server (keshirasht dns server, kojto obslujwa zaqwki podadeni po lwres protokola).
[18:17:49] <@ASIC> Primeri za takyv server sa lwresd ili bind9. te sa wzaimozameniqmi, kato stawa duma za lwres zaqwki i otgowori.
[18:17:49] <@ASIC> BIND9 ima dopylnitelno wyzmojnost da sluji za DNS caching i/ili authoritative server, koito lwresd nqma.
[18:17:56] <@ASIC> -
[18:18:09] <@ASIC> vyprosi do tuk
[18:19:06] <@ASIC> ot tuk natatyk na mesta spomenawam pytishta i komandi koito moje da sa specifichni za debian gnu/linux
[18:19:10] <@ASIC> --
[18:19:10] <@ASIC> Kak se nastrojwa serverskata strana -
[18:19:10] <@ASIC> lwresd: prosto instalirate lwresd paketa, startirate sys
[18:19:10] <@ASIC> /etc/init.d/lwresd start
[18:19:10] <@ASIC> --
[18:19:17] <@ASIC> bind9: instalirate bind9, dobawqte
[18:19:17] <@ASIC> lwres { };
[18:19:17] <@ASIC> w /etc/bind/named.conf (ili kydeto se namira named.conf wyw washata distribuciq)
[18:19:17] <@ASIC> startirate sys
[18:19:17] <@ASIC> /etc/init.d/bind9 start
[18:19:17] <@ASIC> ili
[18:19:17] <@ASIC> rndc start
[18:19:23] <@ASIC> -
[18:19:31] <@ASIC> Ima razlichni resheniq za towa kak lwres servera namira otgowora na zapitwaneto.
[18:19:31] <@ASIC> Moje da pita drug keshirasht dns server (po dns protokola) za imeto, koeto se nastrojwa s
[18:19:31] <@ASIC> options { forward only; forwarders { ip.adres.na.dns.server; ip.address.na.dns.server2; ... }; };
[18:19:39] <@ASIC> Moje da prawi pylen resolving po dns dyrwoto, koeto e po podrazbirane, no ne go preporychwam, zaradi po-golemiq trafik, kojto prawi i po-golemite zakysneniq na otgoworite na zaqwkite.
[18:19:46] <@ASIC> Moje i da prawi kombinaciq mejdu dwete - pita forwarderite, ako te otgoworqt sys serverfail ili ne otgoworqt izobshto da prawi pylen resolving.
[18:19:46] <@ASIC> options { forward first; forwarders { ip.adres.na.dns.server; ip.address.na.dns.server2; ...}; };
[18:19:46] <@ASIC> Tezi nastrojki sa ednakwi za bind9 i lwresd.
[18:20:21] <@ASIC> Ako iskate da polzwate lwres servera ot prilojeniq na druga mashina trqbwa da dobawite w lwres { }; chastta ot konfiguraciqta lwresd da slusha na nqkoj mrejov interface.
[18:20:21] <@ASIC> Po podrazbirane slusha samo na lo (loopback) interface-a. Ne wi preporychwam da go otwarqte za slushane otwyn, ako ne znaete zashto wi e towa.
[18:20:42] <@ASIC> -
[18:20:43] <@ASIC> Preporychwam wi da instalirate pylen BIND9 na wsqka mashina, wmesto lwresd. Za da mojete da keshirate lokalno i DNS zaqwki za prilojeniqta, koito ne umeqt da zapitwat prez lwres protokola.
[18:21:33] <@ASIC> ako ima wyprosi pitajte na private za da znam da prekysna da otogorq
[18:21:40] <@ASIC> --
[18:21:41] <@ASIC> Kak se nastrojwa klientskata strana -
[18:21:41] <@ASIC> Kato klient za lwres, naj-chesto se izpolzwa nss (name service switch) bibliotekata, koqto e chast ot glibc.
[18:21:41] <@ASIC> Wsichki programi na praktika izpolzwat neq, kogato wikat sistemni funkciq ot grupata getXbyname i inet_aton izpolzwat syshtata biblioteka.
[18:21:49] <@ASIC> nss bibliotekata se nastrojwa sys konfiguracionniq file /etc/nsswitch.conf i izpolzwa (pod)biblioteki (oshte gi narichat moduli) za razlichnite nachini na resolvvane (/lib/libnss_dns.so /lib/libnss_files.so /lib/libnss_lwres.so /lib/libnss_db.so t.n).
[18:21:53] <@ASIC> Pyrwata zadacha e da si instalirate paketa libnss-lwres, kojto nosi bibliotekata /lib/libnss_lwres.so (ili da si go kompilirate sami ot source).
[18:22:03] <@ASIC> Wtorata zadacha e da redaktirate /etc/nsswitch.conf i na wsqko mqsto na koeto pishe dns da go zamestite s dumata lwres.
[18:22:03] <@ASIC> primer:
[18:22:03] <@ASIC> hosts: files dns
[18:22:03] <@ASIC> networks: files dns
[18:22:03] <@ASIC> trqbwa da se zamesti s:
[18:22:09] <@ASIC> hosts: files lwres
[18:22:09] <@ASIC> networks: files lwres
[18:22:09] <@ASIC> -----
[18:22:24] <@ASIC> towa okazwa che pri resolving na internet host imena shte se prowerqwa pyrwo syotweteno w /etc/hosts i /etc/networks a sled towa shte se pita lwres servera opisan w /etc/resolv.conf.
[18:22:24] <@ASIC> ako nqma opisan, prashta zaqwkata na lwres servera na 127.0.0.1. (btw dns nss modula se dyrji po syshtiq nachin - ako nqma opisan nameserver prashta zaqwkata na 127.0.0.1).
[18:22:49] <@ASIC> Treta zadacha (optional)- da redaktirate /etc/resolv.conf i da dobawite red
[18:22:49] <@ASIC> lwres 127.0.0.1
[18:22:49] <@ASIC> ili syotwetno lwres .
[18:23:06] <@ASIC> Zabelejete che w /etc/nsswitch.conf i /etc/resolv.conf se nastrojwat samo nss i resolver bibliotekite. Ot tam ne opredelqte na koj server da se preprashtat dns zaqwkite ot lwres servera, towa se prawi w /etc/bind/named.conf.
[18:23:15] <@ASIC> primeren /etc/resolv.conf:
[18:23:15] <@ASIC> ----8<----
[18:23:15] <@ASIC> search ludost.net
[18:23:15] <@ASIC> lwserver 127.0.0.1
[18:23:15] <@ASIC> ---8<--------------
[18:23:24] <@ASIC> primeren /etc/nsswitch.conf
[18:23:24] <@ASIC> ---8<--------------
[18:23:24] <@ASIC> group: compat
[18:23:24] <@ASIC> shadow: compat
[18:23:24] <@ASIC> hosts: files lwres
[18:23:24] <@ASIC> networks: files lwres
[18:23:28] <@ASIC> protocols: db files
[18:23:28] <@ASIC> services: db files
[18:23:28] <@ASIC> ethers: db files
[18:23:28] <@ASIC> rpc: db files
[18:23:28] <@ASIC> ----8<---------
[18:23:52] <@ASIC> Drugiq nachin za polzwane na lwres protokola ot prilojenie e chrez liblwres bibliotekata (/usr/lib/liblwres.so.1). Ako edno prilojenie ne polzwa nsswitch za resolving, a primerno ima statichno linknata resolver biblioteka, nachina da go nakarate da polzwa lwres protokola, e kato go prekompilirate s liblwres bibliotekata. liblwres bibliotekata se nastrojwa prez /etc/resolv.conf, po syshtiq nachin kato libnss_lwres
[18:24:02] <@ASIC> -------------------------------
[18:24:21] <@ASIC> towa e teksta otnosno lwres protokola i upotrebata mu
[18:24:49] <@ASIC> 2 minuti za wyprosi i sled towa shte goworq malko za security na dns serveri (za koeto nqmam podgotwen tekst)
[18:25:27] <@ASIC> [18:24:54] lwresd ~ local dnscache (no ne po udp/tcp a lwres protocol)?
[18:25:27] <@ASIC> [18:25:11] da
[18:25:27] <@ASIC> [18:25:22] ima lwres protokol, kojto raboti na port 921 udp
[18:26:17] <@ASIC> lwres bibliotekata pita lwres servera po lwres protokol po udp na port 921. obiknowenno towa stawa prez lo interface-a
[18:27:07] <@ASIC> da razbiram li, che ako nqma dobaveno lwres { }; v named.conf, bind9 ne keshira zaqvki?
[18:27:08] <@ASIC> ne
[18:27:36] <@ASIC> bind9 po podrazbirane e rekursiwen/keshirasht i authoritative dns za wseki kojto mu podawa zaqwki
[18:27:59] <@ASIC> towa moje da se ogranichawa s acl-i razbira se, no po podrazbirane e keshirash za wseki kojto podade syotwetnata dns zaqwka
[18:28:22] <@ASIC> lwres {}; konfiguraciqta puska lwres servera w bind
[18:28:47] <@ASIC> towa pozwolqwa oswen po DNS protokol da pitate BIND9 i po lwres protokol, kojto e po-lek za obrabotka
[18:29:17] <@ASIC> za kakvi OS ima implamentaciq na lwres i koi dns server-i go poddyrjat?
[18:29:40] <@ASIC> az lichno sym go wijdal samo w BIND, no mislq che ima rfc na temata, taka che bi trqbwalo da ima i dguri
[18:29:53] <@ASIC> na wsqka os na koqto raboti BIND9 ima lwres implementaciq
[18:30:37] <@ASIC> -
[18:30:39] <@ASIC> drugi ?
[18:32:42] <@ASIC> [10:07] apt-get, az lichno preporychwam da ima samo edin ptr zapis sys _primary_ imeto na mashinata.... ne razbrah kolko sa pozvolenite ptr reccords za reverse
[18:32:45] <@ASIC> nqma ogranichenie
[18:34:59] <@ASIC> ok togava na koi 6te resolve ako kym 1 Ip so4at nqkolko primar ptr reccords
[18:34:59] <@ASIC> [18:33:54] edin proizwolen ot tqh
[18:34:59] <@ASIC> [18:34:13] kakto i sys wskichki drugi resursni zapisi se prawi balansirane ot strana na dns servera.
[18:34:59] <@ASIC> [18:34:31] na praktika dns servera shte wyrne wsichki, no programata s koqto pitash naj-weroqtno shte otreje samo pyrwiq
[18:35:22] <@ASIC> dns servera wryshta wsichki zapisi w psewdosluchaen red
[18:38:32] <@ASIC> ptr zapisite sa ot kym <"prawo" ime>
[18:38:55] <@ASIC> mojesh na edno reverse ime da imash mnogo syotwetswashti prawi, wypreki che az lichno ne namiram smisyla w towa
[18:41:01] <@ASIC> koj pitashe za logowete koito se wijdat na http://marla.ludost.net/ che sym zatworil djama
[18:42:39] <apt-get> az
[18:42:42] <Diablo666> ASIC imash runnat DNS no ISP ti zatvarq backresolve
[18:43:00] <@ASIC> kak ti go zatwawq ? i kakwo e backresolve ?
[18:43:12] <Diablo666> reverse loock up
[18:43:18] <Diablo666> look de
[18:43:34] <@ASIC> t.e. maha ns zapisite ot negowata zona ? ili maha cname zapisite ot negowata zona?
[18:43:44] <@ASIC> ili nikoga ne imalo ns zapisi
[18:43:56] <Diablo666> na prav resolve hosta otgovarq na IP
[18:44:10] <@ASIC> Diablo666, i towa ne go razbrah
[18:44:13] <@ASIC> sorry
[18:44:14] <Diablo666> na reverse look up IP otgovarq na ISP
[18:44:27] <@ASIC> otgovarq ?
[18:44:33] <@ASIC> ip ?
[18:44:51] <Diablo666> primer nslookup domain name -> answer IP-to
[18:44:59] <@ASIC> da
[18:45:13] <@ASIC> t.e. prawiq ti resolving raboti kakto ochakwash ili ne ?
[18:45:18] <Diablo666> nslookup IP-to -> answer domain na ISP a ne na moq domain
[18:45:26] <@ASIC> aha
[18:45:41] <@ASIC> a isp-to ti nqkoga delegiralo li e reverse dns kym teb za da si go menajirash sam ?
[18:46:11] <Diablo666> delegira za 300$ ne6to koeto ne mi se pla6ta
[18:46:17] <@ASIC> ako ne te pritesnqwa da kajesh ip adresa za kojto stawa duma
[18:46:26] <@ASIC> 300$ za edin cname zapis ?
[18:46:42] <Diablo666> tolkoz iskat :)
[18:46:43] <Hristo> Diablo666: iskam da sym ti ISP:)
[18:46:49] <Diablo666> hahaha
[18:46:49] <@ASIC> Diablo666, i az
[18:47:20] <@ASIC> Diablo666, za edin cname zapis - 300$ ? towa e meko kazano stranno
[18:47:43] <Diablo666> ima li na4in aklo runna nqkolko DNS ot razl pc-ta, tehnite otgovori da preborqt DNS na ISP
[18:47:49] <@ASIC> a ip adresa za kojto stawa duma si e twoj, nali? t.e. statichen ip adres za kojto taka ili inache plashtash nqkakwa taksa
[18:47:58] <Diablo666> to4no taka
[18:48:00] <Diablo666> moi si e
[18:48:15] <Diablo666> no obqsnqvat 4e za home user tva bilo
[18:48:37] <Diablo666> za business acc ve4e stoeli po drug na4in ne6tata ama iskat 300$
[18:48:40] <@ASIC> Diablo666, nqma da ne i za neogranichen broj klienti
[18:48:43] <Diablo666> a az ne iskam da dam :P
[18:49:06] <@ASIC> t.e. za home ne dawat cname a za bussines dawat free, taka li ?
[18:49:07] <apt-get> aide davaite obratno kum lekciata, che zenata e bez gasti i chaka ;)
[18:49:16] <@ASIC> apt-get :)
[18:49:42] <Diablo666> oks moje li da se napravi ne6to ako se runnat nqkolko DNS ot razl pc-ta
[18:49:47] <@ASIC> Diablo666, polojenieto e takowa, ako ne ti go delegirat mojesh da go podmenish samo za mashini koito sa pod twoj kontrol.
[18:49:49] <Diablo666> i spiram da pitam :P
[18:49:58] <apt-get> verno be, tuk e 1 prez nosta i az sedia zaradi likciata
[18:50:04] <@ASIC> :)
=================================================================================================================
[18:50:26] <@ASIC> ok, shte pogoworq malko za security na bind, no shte e malko
[18:51:00] <@ASIC> vyprosite na private po wreme na goworeneto
[18:51:17] <@ASIC> ta.. osnowi na security-to w dns-a
[18:51:24] <@ASIC> moje da se klasificira na pone dwe grupi
[18:51:45] <@ASIC> pyrwo ogranichenie do dostyp do authoritative informaciqta prez dns protokola
[18:51:53] <@ASIC> wtoro ogranichenie na rekursiwnite zaqwki
[18:52:08] <@ASIC> treto software security na dns servera
[18:52:19] <@ASIC> po pyrwiq wypros.
[18:52:31] <@ASIC> Ako si imate edna zona primerno ludost.net
[18:53:24] <@ASIC> moje da ne iskate wseki ot sweta da moje da q transferira, i ako e taka moje da ogranichite transfera na zonata syotwetnite redowe ok konfiguraciqta na bind
[18:53:41] <@ASIC> zone "ludost.net" {
[18:53:42] <@ASIC> type master;
[18:53:42] <@ASIC> file "master-zones/ludost.net";
[18:53:42] <@ASIC> allow-query { any; };
[18:53:42] <@ASIC> allow-transfer { 217.79.68.4; 66.40.16.194; trusted; };
[18:53:42] <@ASIC> };
[18:53:56] <@ASIC> tuk trusted e predwaritelno definiran acl
[18:54:07] <@ASIC> acl trusted {
[18:54:07] <@ASIC> 127.0.0.1/32;
[18:54:08] <@ASIC> 194.12.255.250/32;
[18:54:08] <@ASIC> };
[18:54:31] <@ASIC> taka zonata shte moje da se transferira samo ot opisanite ip adresi.
[18:54:59] <@ASIC> moje syshto da se prawi ogranichenie za transferirane na bazata na kljuchowe, koito se konfigurirat w serverite
[18:55:11] <@ASIC> acl e access-list
[18:56:28] <@ASIC> allow-query { any; }; e po podrazbirane, no na tozi konkreten dns server e eto taka
[18:56:34] <@ASIC> options {
[18:56:34] <@ASIC> allow-query { trusted; };
[18:56:34] <@ASIC> allow-recursion { trusted; };
[18:56:34] <@ASIC> allow-transfer { trusted; };
[18:56:34] <@ASIC> blackhole { bogons; };
[18:56:42] <@ASIC> ...
[18:56:42] <@ASIC> ...
[18:56:43] <@ASIC> };
[18:57:07] <@ASIC> koeto pozwolqwa wsichko na mashinata na koqto wqrwam i nishto na nikoj drug
[18:57:27] <@ASIC> oswen ako nqmam specifichno pozwolenie za nqkoq zona.
[18:58:44] <@ASIC> parchetata ot konfiguracii koito pastewam sa ot /etc/named.conf ili file-owe koito sa includenati w nego
[18:59:25] <@ASIC> kato cqlo za dns, ne samo za bind, ne e dobra ideq da se meshat w edna obshta dns baza keshirani zapisi i authoritative zapisi.
[18:59:42] <@ASIC> poradi problem w samiq dns protokol, za kojto nqma reshenie, nqma i da ima
[19:00:26] <@ASIC> wseki server kojto e ednowremenno keshirasht i authoritative e wyzmojno da byde 'izlygan' za nqkoe ime.
[19:00:44] <@ASIC> primerno ns.digsys.bg e otworen za rekursivni zaqwki ot celiq swqt.
[19:01:32] <@ASIC> az moga da naprawq taka che w kesha na ns.digsys.bg da wleze A zapis za www.lirex.bg, kojto shte wijdat wsichki koito pitat nego(t.k. toje authoritative za bg zonata)
[19:02:14] <@ASIC> moje da se kaje che metodikata za da se naprawi towa e trivialna -
[19:02:57] <@ASIC> reshenieto na problema e da ne se meshat na edin ip adres ili w edin daemon keshirasht i authoritative dns serveri
[19:03:45] <@ASIC> koeto skoro wreme shte stane zadyljitelno iziskwane za wsichki serveri obslujwashti TLD domaini kato bg. be. uk. i t.n.
[19:04:58] <@ASIC> ta, ako imate wyzmojnost ne nasochwajte rekursiwni klienti kym keshirash server. towa moje i da ne e problem pri ogranichen ili kontroliran 'kontingent' ot klienti, no pri izwestni domain-i i neogranicheni rekursiwni klienti e
[19:05:38] <@ASIC> ogranichenie ne rekursiwnite zaqwki s bind :
[19:05:43] <@ASIC> options {
[19:06:04] <@ASIC> allow-query { recursive_clients; trusted; };
[19:06:20] <@ASIC> allow-recursion { recusive_clients; trusted; };
[19:06:23] <@ASIC> ..
[19:06:23] <@ASIC> ..
[19:06:26] <@ASIC> };
[19:06:44] <@ASIC> towa e za rekursiwnite zaqwki
[19:06:50] <@ASIC> wyprosi do tuk ?
[19:08:20] <@ASIC> [19:07:33] deny ne e li nujno se sloji za all other ili e po podrazbirane
[19:08:20] <@ASIC> [19:07:44] po podrazbirane e
[19:08:20] <@ASIC> [19:07:54] nqmash kak da go okajesh pri towa
[19:08:20] <@ASIC> [19:08:15] access-list ite w bind ne se obrabotwat posledowatelno.. te sa neshto kato spisyci sys pozwoleni ip adresi
[19:08:31] <@ASIC> [19:08:06] recursive_clients; - acl li e tova ?
[19:08:32] <@ASIC> da
[19:09:21] <@ASIC> <@ASIC> ta, ako imate wyzmojnost ne nasochwajte rekursiwni klienti kym keshirash server.
[19:09:53] <@ASIC> iskal sym da kaja da ne se nasochwash rekursiwni klienti kym server, kojto dyrji i authoritative informaciq
[19:10:06] <@ASIC> [19:09:25] ne e acl ot vytreshnite za bind, v smisyl kato "any", a ti si q definiral?
[19:10:06] <@ASIC> [19:10:02] da
[19:10:10] <@ASIC> ne e ot wgradenite
[19:11:23] <@ASIC> ok, natatyk za software security-to na dns servera
[19:11:37] <@ASIC> moje bind da se instalira w chroot jail
[19:12:26] <@ASIC> osobennostite sa osnowno pri syzdawaneto na chroot jail. primerno ne trqbwa da ima /dev i /proc ne trqbwa da ima nito edno suid ili guid binary wytre
[19:12:49] <@ASIC> dobre e da e otdelna fileowa sistema montirana s nosuid
[19:13:12] <@ASIC> moje bind da ne raboti kato root, za koeto ima syotwetniq patch
[19:14:20] <@ASIC> moje da se polzwa drug dns server primerno djbdns, kojto e napisan sys ideqta da e secure. kojto po podrazbirane se "otkazwa" ot root privilegiite, sleg kato e startiran
[19:15:09] <@ASIC> wsichki prawila, koito wajat za securityto na kojto i da e drug software wajat i tuk
[19:15:31] <@ASIC> ako nqkoj pridobie root dostyp do mashinata, toj pridobiwa i dostyp da promenq kakwoto mu hareswa po dns zonite
[19:15:52] <@ASIC> dobra ideq e samo root da moje da chete konfiguraciqta na dns servera, zone fileowete i logowete.
[19:16:12] <@ASIC> dobra ideq e da se otdelqt bind logowete ot golemiq kjup syslog.
[19:16:31] <@ASIC> dobra ideq e logowete da se transferirat i na otdelna logging mashina.
[19:17:11] <@ASIC> razbira se "za wsqka kljuchalka si ima syotwetna shtanga" taka che prawete neshtata s mqrka
[19:18:18] <@ASIC> ako mislite che nikoj nqma namerenie da wi hackwa, zashtoto nikoj nqma izgoda ot towa - togawa ne e nujno da prawite kakwoto i da bilo dopylnitelno po security-to.
[19:18:19] <@ASIC> ------------
[19:18:28] <@ASIC> vyprosi
[19:18:29] <@ASIC> --------
[19:18:57] <@ASIC> iskam da dopylnq za dns amplification atakite, koito bqha populqrni po edno wreme.
[19:19:33] <@ASIC> beshe stanalo populqrno da se izpolzwat otworeni za query-ta i/ili rekursiq dns serveri da se izpolzwat za usilwane na trafik podobno na icmp smurf atakite
[19:20:04] <@ASIC> prashta se zaqwka, za koqto se znae che otgowora shte e golqm. sys spoofed source ip adres. otgowora se wryshta pri jertwata na atakata
[19:20:20] <@ASIC> nesto za master-slave security - encrypted traffic, keys?
[19:20:46] <@ASIC> kljuchowe za authentication e towa koeto se praktikuwa naj-chesto
[19:21:24] <@ASIC> sythto moje da se polzwa drug protokol za transfer na zonata i public key kriptografiq (primerno pgp) za autentikirane na zonata.
[19:21:43] <@ASIC> za syhjalenie ne moga da wi dam konkretni konfiguraciooni primeri za towa
[19:22:01] <@ASIC> ima go opisano w bind9 administrator reference manual dokumenta kojto moje da namerite na isc.org
[19:22:25] <@ASIC> obsht vypros: kak da tylkuvam syobshteniqta za Lame servers v log-a na bind?
[19:22:45] <@ASIC> pyrwo obqsnenie na ponqtieto lame server:
[19:23:01] <@ASIC> towa e server kym kojto ima ns zapis za nqkoq zona - primerno example.com
[19:23:12] <@ASIC> no toj ne wryshta authoritative otgowori za neq
[19:23:32] <@ASIC> sys dig towa se poznawa po 'aa' flaga w otgowora
[19:24:12] <@ASIC> shtom ne wryshta authoritative otgowori za neq towa oznachawa che moje da e greshno konfiguriran ili izobshto da ne e konfiguriran za zonata.
[19:24:21] <@ASIC> towa otgowarq li na wyprosa ti ?
[19:25:19] <@ASIC> drugi ?
[19:25:36] <apt-get> off-topic: kak da si zapazia log-a ot tazi likcia w mirc?
[19:25:47] <@ASIC> save buffer
[19:25:59] <@ASIC> ama kyde beshe ne se seshtam
[19:26:02] <Hristo> da, samo che ne moga da shvana zashto shte ima ns zapis kym nego sled kato ne otgovarq na zaqvki za neq
[19:26:18] <@ASIC> zashtoto nqkoj go e konfiguriral greshno primerno
[19:26:31] <@ASIC> ej ti primer
[19:26:33] <Hristo> a, taka da
[19:26:54] <Hristo> oshte edin za logs
[19:26:57] <Hristo> samo da go izvadq
[19:27:01] <@ASIC> host -v -t ns lirex.com a.gtld-servers.net
[19:27:10] <@ASIC> ;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
[19:27:15] <@ASIC> ;; ANSWER SECTION:
[19:27:15] <@ASIC> lirex.com. 172800 IN NS HOME.NTRL.NET.
[19:27:15] <@ASIC> lirex.com. 172800 IN NS AQUILA.NTRL.NET.
[19:27:29] <@ASIC> towa e delegaciqta na lirex.com domain-a
[19:28:18] <Hristo> nishto losho ne vijdam?
[19:28:25] <@ASIC> ako home.ntrl.net ne syshtestwuwa kato ime ili nqma dns server na nego, ili ne otgowarq izobshto, ili nqma konfigurirane zonata lirex.com, to tova e lame delegation na lirex.com domain-a
[19:28:39] <Hristo> aham
[19:29:11] <@ASIC> pasteni edno log entry za primer, plz
[19:29:57] <Hristo> Lame server on 'NS2.primenetwork.net' (in 'primenetwork.net'?): [216.158.128.26].53 'NS2.primenetwork.net': learnt (A=212.5.128.30,NS=212.5.128.30)
[19:30:22] <Hristo> posldnite 2 sa mobikom-skite
[19:31:25] <@ASIC> marla:/etc/bind# host -v primenetwork.net ns2.primenetwork.net
[19:31:30] <@ASIC> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7665
[19:31:30] <@ASIC> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
[19:31:34] <@ASIC> nqma aa
[19:31:43] <@ASIC> t.e toq server ne e authoritative za taq zona
[19:32:08] <@ASIC> marla:/etc/bind# host -v lirex.com home.ntrl.net
[19:32:12] <@ASIC> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32563
[19:32:12] <@ASIC> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 9, ADDITIONAL: 9
[19:32:15] <@ASIC> ima aa :)
[19:32:22] <Hristo> da, s nslookup vryshta Non-authoritative answer
[19:32:26] <Hristo> syshto de
[19:32:28] <Hristo> :)
[19:32:30] <@ASIC> syshtoto e
[19:32:50] <Hristo> za oshte neshto ot log-a
[19:33:27] <Hristo> MAXQUERIES exceeded, possible data loop in resolving (pgq.yahoo.com)
[19:34:15] <@ASIC> oznachawa che si podal rekursiwna zaqwka za pgq.yahoo.com
[19:34:35] <@ASIC> i tq e predizwikala twyrde golqm broj zaqwki ot bind servera kym drugi serveri
[19:35:33] <@ASIC> ne se seshtam w momenta kak moje da se poluchi cikyl ot zaqwki
[19:35:52] <Hristo> to i az tova se chudq - po kakva prichina tova
[19:36:43] <@ASIC> http://www.acmebw.com/askmrdns/archive.php?category=83&question=496
[19:39:06] <Hristo> shte go pogledna
[19:41:16] <Hristo> posleden vypros imam
[19:41:38] <Hristo> tova go vadq ot iptraf i se chudq kyde tochno nqkoi si e ostavil rycete
[19:41:40] <Hristo> adv.abv.bg.145.153.194.in-addr.arp:www
[19:41:52] <Hristo> tova kato trygna da si otvarqm mail-a
[19:42:38] <@ASIC> momchetata ot abv sa zabrawili da slojat tochka na kraq na PTR zappisa za 194.153.145.neshto
[19:43:12] <Hristo> i predpolagam tova e prichinata za zavisvaneto pri otvarqne na poshtata?
[19:43:32] <Hristo> defakto tova nqma resolvvane
[19:43:32] <@ASIC> marla:/etc/bind# host -v 194.153.145.68
[19:43:38] <@ASIC> ;; ANSWER SECTION:
[19:43:38] <@ASIC> 68.145.153.194.in-addr.arpa. 86400 IN PTR adv.abv.bg.145.153.194.in-addr.arpa.
[19:43:43] <@ASIC> edwa li towa e prichinata
[19:43:59] <@ASIC> reverse dns-a za da mojesh da browseash web stranici e po-skoro pojelatelen
[19:44:22] <@ASIC> [19:43:59] ima li ne recursivni zaqwki?
[19:44:22] <@ASIC> [19:44:16] da
[19:44:30] <@ASIC> ima authoritative zaqwki
[19:44:45] <@ASIC> mojete da prawite takiwa s host -r
[19:45:03] <MUFA> t.e. towa e ne recursivna zaqwka
[19:45:05] <@ASIC> syshto ako ne se forwardwat query-ta kym drug dns kesh se prashtat ne-rekurswni zaqwki
[19:45:18] <@ASIC> MUFA, da
[19:46:12] <Hristo> <@ASIC> reverse dns-a za da mojesh da browseash web stranici e po-skoro pojelatelen - a v sluchaite kogato govorim za secure sesii ne e li zadyljitelen?
[19:46:28] <@ASIC> mislq che ne e
[19:46:36] <@ASIC> ne wijdam wryzka
[19:47:07] <@ASIC> web browsera ti nqma nujda ot prowerka na reverse dns-a za da moje da udostoweri avtentichnostta na otsreshtniq server
[19:47:18] <@ASIC> pyk i dns-a kakto spomenah ne e secure protokol
[19:47:40] <@ASIC> dnssec e, no wse oshte ne e masowo deploynat
[19:48:05] <MUFA> znachi ako pitam moq dns server i toi mi otgowori bez da pita natatuk e ne recursivna
[19:48:24] <daLizard_> hello
[19:49:16] <@ASIC> nqma da ima recursive answer flag w otgowora, no nqma da ima i authoritive answer
[19:50:17] <@ASIC> daLizard_, zdrasti
[19:50:19] <apt-get> seminara prikluchi li?
[19:50:34] <@ASIC> momcheta i momicheta, zadawajte wyprosi, che me chakat na bira
[19:50:36] <@ASIC> da...
[19:50:41] <@ASIC> nqma da ima poweche "lekcii"
[19:50:42] <daLizard_> asic: az izpusnah seminara .... no pone go imam na log =)
[19:50:49] <daLizard_> znachi ...
[19:50:51] <@ASIC> daLizard_ :)
[19:50:53] <daLizard_> purvi vupros...
[19:51:14] <daLizard_> kak da razbera za dadena mreja koi named server otgovaria ?
[19:51:33] <@ASIC> ili prez dns sistemata
[19:51:42] <apt-get> daLizard_: dig -t ns
[19:51:43] <@ASIC> ili prez whois registritata
[19:51:49] <apt-get> ili nslookup type=ns
[19:52:20] <@ASIC> btw, nslookup e obsolete tool
[19:52:56] <@ASIC> daLizard_, ako iskash konkreten primer, kaji ip adres
[19:53:02] <daLizard_> 62.73.99.33
[19:53:05] <daLizard_> moia ip
[19:53:17] <daLizard_> no za nego niama dns mislia.
[19:53:26] <apt-get> ASIC: ama oste primerite sa s nego w DNS knigite. w bind9 docs kak e?
[19:53:32] <daLizard_> i niamam reverse dns
[19:53:36] <@ASIC> ;; AUTHORITY SECTION:
[19:53:36] <@ASIC> 62.in-addr.arpa. 7200 IN SOA ns.ripe.net. ops-62.ripe.net. 2002091303 43200 7200 1209600 7200
[19:53:51] <MUFA> w bind9 e s dig
[19:54:02] <@ASIC> apt-get, mislq che e opraweno
[19:54:30] <daLizard_> znachi ..
[19:54:32] <daLizard_> 62.73.98.0 - 62.73.99.255
[19:54:36] <@ASIC> daLizard_, towa oznachawa che nqma reverse dns za toq domain 99.73.62.in-addr.arpa.
[19:54:47] <daLizard_> za tazi mreja niama reverse
[19:54:50] <daLizard_> mdam...
[19:54:50] <@ASIC> da
[19:55:01] <@ASIC> ako e registrirane e trivialno da se naprawi
[19:55:18] <daLizard_> a do kogo triabva da se oburne ?
[19:55:20] <@ASIC> bez razgowor s hora - nastrojwash pishesh na robota, toj checkwa i go prawi
[19:55:21] <daLizard_> do ripe ?
[19:55:24] <daLizard_> ili mobikom ?
[19:55:27] <@ASIC> mobikom
[19:55:34] <@ASIC> t.e. LIR-a prez kojto sa wzeti adresite
[19:55:48] <daLizard_> znachi mobikom triabva da opraviat neshtata ?
[19:56:03] <@ASIC> ne samo
[19:56:28] <@ASIC> ako towa sa twoi adresi trqbwa da si oprawish reverse dns-a pri ten i da pomolish nqkoj za backup dns server
[19:56:35] <@ASIC> mobikom bi trqbwalo da ti go dawat free
[19:56:36] <daLizard_> umf ... daite mi niakoi links da cheta niakolko dena i da razbera za kakvo stava na vupros =))
[19:56:50] <@ASIC> na ripe imashe reverse delegation procedure ili FAQ
[19:57:35] <daLizard_> aha
[19:57:42] <Hristo> leka vecher, che spagetite zamryznaha
[19:57:49] <Hristo> ASIC: blagodarq za izcherpatelnoto info
[19:57:50] <daLizard_> Hristo: leka
[19:58:17] <apt-get> e li ptr za x.y.z.2 da bude 2.0.z.y.x.in-addr.arpa normalno?
[19:58:42] <@ASIC> ne
[19:58:45] <@ASIC> bez bulata
[19:59:27] <apt-get> po-tocno 2.z.y.x.in-addr,arpa e cname kum 2.0.z.y.x.in-addr.arpa i ima ptr 2.0.z.y.x.... -> ime na host