انجمنهای فارسی اوبونتو
کمک و پشتیبانی => شبکه و سرویس دهندهها => نویسنده: aFard88 در 07 خرداد 1403، 07:48 بظ
-
درود دوستان
بنده یک وب سرور nginx بالا آوردم
روی این سرور دوتا دامنه هستش یکی a.ir یکی b.ir
میخواستم روی a.ir یک چیزی بالا بیارم
اما مشکل اینه که a.ir وصل میشه به b.ir!
با اینکه ربطی به هم ندارند
تازه کامل هم نمیاره!
خودتون وارد هردو بشید تا بفهمید
خیلی جالبه که اصلا هیچ جایی از a.ir هیچ تعریفی نشده
فقط با BIND به سرور وصله
-- تغییر دامنهها توسط ناظر --
-
پیکربندیهات چیه؟
-
برای من که هیچ چیز نمیاره
بعدش چرا آدرس شون اینقدر رند هست
-
دامنهها رو من تغییر دادم که با به اشتراکگذاری تنظیمات، باعث ایجاد مشکلات دیگری نشه.
-
پیکربندیهات چیه؟
هیچ جا هیچ تعریفی از دامنه ی a نکردم!
نکته اینجاست که نمونه ی فدیورس با akkoma روی a بودش
اما من از اول یدونه pleroma نصب کردم روی b و اون نمونه ی akkoma رو حذف کردم
پس واقعا عجیبه!
(میتونه ربطی به openssl داشته باشه؟ چون من یک پکیج از نسخه ی یکم قدیمی openssl نصب کردم درکنار نسخه ی فعلی برای اینکه pleroma نصب بشه )
توزیع هم دبیانه
تنظیمات :
root@srv6575115705:~# cat /etc/nginx/sites-enabled/pleroma.conf
# default nginx site config for Pleroma
#
# Simple installation instructions:
# 1. Install your TLS certificate, possibly using Let's Encrypt.
# 2. Replace 'example.tld' with your instance's domain wherever it appears.
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
upstream phoenix {
server 127.0.0.1:4000 max_fails=5 fail_timeout=60s;
}
server {
server_name afardfediverse.ir;
listen 80;
listen [::]:80;
# Uncomment this if you need to use the 'webroot' method with certbot. Make sure
# that the directory exists and that it is accessible by the webserver. If you followed
# the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
# You may need to load this file with the ssl server block commented out, run certbot
# to get the certificate, and then uncomment it.
#
# location ~ /\.well-known/acme-challenge {
# root /var/lib/letsencrypt/;
# }
location / {
return 301 https://$server_name$request_uri;
}
}
# Enable SSL session caching for improved performance
ssl_session_cache shared:ssl_session_cache:10m;
server {
server_name afardfediverse.ir;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_trusted_certificate /etc/letsencrypt/live/afardfediverse.ir/chain.pem;
ssl_certificate /etc/letsencrypt/live/afardfediverse.ir/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/afardfediverse.ir/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers off;
# In case of an old server with an OpenSSL version of 1.0.2 or below,
# leave only prime256v1 or comment out the following line.
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;
ignore_invalid_headers off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://phoenix;
}
# Uncomment this if you want notice compatibility routes for frontends like Soapbox.
# location ~ ^/@[^/]+/([^/]+)$ {
# proxy_pass http://phoenix/notice/$1;
# }
#
# location ~ ^/@[^/]+/posts/([^/]+)$ {
# proxy_pass http://phoenix/notice/$1;
# }
#
# location ~ ^/[^/]+/status/([^/]+)$ {
# proxy_pass http://phoenix/notice/$1;
# }
location ~ ^/(media|proxy) {
proxy_cache pleroma_media_cache;
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
proxy_cache_valid 200 206 301 304 1h;
proxy_cache_lock on;
proxy_ignore_client_abort on;
proxy_buffering on;
chunked_transfer_encoding on;
proxy_pass http://phoenix;
}
}
root@srv6575115705:~# ls /etc/nginx/sites-available/
default pleroma.conf wordpress
root@srv6575115705:~# ls /etc/nginx/sites-enabled/
pleroma.conf
root@srv6575115705:~#
-
میتونی پویکربندی دومی رو هم بذاری و بگی که روی همون ماشینه یا نه؟
-
میتونی پویکربندی دومی رو هم بذاری و بگی که روی همون ماشینه یا نه؟
کدوم؟ تمام پیکر بندی های nginx اینها هستش :
root@srv6575115705:~# cat /etc/nginx/sites-available/default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
root@srv6575115705:~# cat /etc/nginx/sites-available/
default pleroma.conf wordpress
root@srv6575115705:~# cat /etc/nginx/sites-available/wordpress
server {
listen 80;
root /var/www/html/wordpress;
index index.php index.html index.htm;
server_name iamafard.ir www.iamafard.ir;
location / {
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# Pass PHP requests to PHP_FPM
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
access_log off;
log_not_found off;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# Deny Access to Hidden Files such as .htaccess
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Disallow PHP files In the WordPress uploads directory
location /wp-content/uploads/ {
location ~ \.php$ {
deny all;
}
}
}
root@srv6575115705:~# cat /etc/nginx/
conf.d/ koi-utf modules-available/ proxy_params sites-enabled/ win-utf
fastcgi.conf koi-win modules-enabled/ scgi_params snippets/
fastcgi_params mime.types nginx.conf sites-available/ uwsgi_params
root@srv6575115705:~# cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
-
بررسیهای زیر را انجام دهید.
درست بودن پیکربندی nginx
sudo nginx -T
روی چه درگاهی خدمت دارید.
ss -tulpen
با ابزاری مثل curl و آدرس localhost یا 127.0.0.1 روی درگاه مورد نظر دسترسی به سرویس وب روی هر دو دامنه را بررسی کنید.
نشانی اول باز میشه ssl هم فعال هست. مشکلی نداره.
درسته دامنهٔ دوم به اولی تغییر مسیر پیدا میکنه.
باید ببیند از سمت nginx هست یا نه؟
در گام اول هرگونهٔ سرویس دهندهای را روی دامنهٔ دوم غیر فعال کنید سپس نتیجه را بررسی کنید.
-
بله فایل های کانفیگ nginx درسته
دامنه ی دوم iamafard.ir هستش
جالب اینجاست که این دامنه فقط با سرویس BIND به سرور وصله ولی هیچ سرویسی ازش استفاده نمیکنه!
این فایل کانفیگ پلروما هستش که تمام اطلاعاتی که پرسدید توی این فایل کانفیگ و فایل های دیگه هستش
اگر وارد iamfard.ir بشید تقریبا میخواد همون afardfediverse.ir رو بالا بیاره با این تفاوت که کامل باز نمیشه
کانفیگ پلروما :
root@srv6575115705:~# cat /etc/pleroma/config.exs
# Pleroma instance configuration
# NOTE: This file should not be committed to a repo or otherwise made public
# without removing sensitive information.
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "afardfediverse.ir", scheme: "https", port: 443],
http: [ip: {127, 0, 0, 1}, port: 4000],
secret_key_base: "ddexX8yTWZxkUgLst0LPTMDDinwNC6/2dslXYVjpojqKw5aZE3eMenwCkMZtPtsa",
live_view: [signing_salt: "Z6bUHXFu"],
signing_salt: "0c9ZYXxD"
config :pleroma, :instance,
name: "aFard`s Fediverse",
email: "iamafard88@gmail.com",
notify_email: "iamafard88@gmail.com",
limit: 5000,
registrations_open: true
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
#base_url: "https://cache.pleroma.social"
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
username: "pleroma",
password: "Zs7MTJRd2LFKPog99MCBUI4O3gnIHMQvOSV61QPdZPKzFp0ZcgVo0CClvvZKwETb",
database: "pleroma",
hostname: "localhost"
# Configure web push notifications
config :web_push_encryption, :vapid_details,
subject: "mailto:iamafard88@gmail.com",
public_key: "BJA2VdblNX7OW_kprh9C1M47m50s8ps_urCtJGFH6TvkYGQrfaL76KQjrPtfIEf7keYcHlR--FqFhE_vHKNPEBQ",
private_key: "H8g71d_iewZTDUZCPDwbv6ikvSefj2m5jivb0BG6MRQ"
config :pleroma, :database, rum_enabled: false
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
# Enable Strict-Transport-Security once SSL is working:
# config :pleroma, :http_security,
# sts: true
# Configure S3 support if desired.
# The public S3 endpoint (base_url) is different depending on region and provider,
# consult your S3 provider's documentation for details on what to use.
#
# config :pleroma, Pleroma.Upload,
# uploader: Pleroma.Uploaders.S3,
# base_url: "https://s3.amazonaws.com"
#
# config :pleroma, Pleroma.Uploaders.S3,
# bucket: "some-bucket",
# bucket_namespace: "my-namespace",
# truncated_namespace: nil,
# streaming_enabled: true
#
# Configure S3 credentials:
# config :ex_aws, :s3,
# access_key_id: "xxxxxxxxxxxxx",
# secret_access_key: "yyyyyyyyyyyy",
# region: "us-east-1",
# scheme: "https://"
#
# For using third-party S3 clones like wasabi, also do:
# config :ex_aws, :s3,
# host: "s3.wasabisys.com"
config :joken, default_signer: "SHU9hd96oV1RkTn5PY94rif5smDuDH9RDdNWnDq4aBnZmZQCPDs/7GsSkOSkKOwv"
config :pleroma, configurable_from_database: true
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.Exiftool.StripLocation, Pleroma.Upload.Filter.Exiftool.ReadDescription, Pleroma.Upload.Filter.AnonymizeFilename]
root@srv6575115705:~#
بروزرسانی :
همین الان که دارم مینویسم
پلروما رو خاموش کردم
مشکل اینجاست که در این صورت ارور 502 bad gateway NGINX میگیرم!
پس یه ربطی به nginx داره ....
ولی در هیچ کانفیگی تعریف نشده!
حتی من یکبار nginx رو پاک کردم و تمام کانفیگ هاش هم از اول برگردوندم
-
بهتره سوالتون رو واضح بپرسید مشکل دقیقا کجاست.
دامنهٔ دوم باید به کجا وصل بشه.
چیزی که فهمیدم اینه
شما یک ماشین دارید که روی آن برنامهٔ pleroma را نصب کردید. این برنامه روی درگاه 4000 خدمت میدهد.
یک دامنه دارید به نام A که دامنهٔ اصلی است.
وب سرور nginx را طوری تنظیم کردید که روی درگاه 80 یا 443 سرویس دهد.
و ترافیک ورودی را با ماژول Reverse proxy به سمت درگاه 4000 روی همان ماشین تغییر مسیر دهد.
به این ترتیب اگر درخواستی به سمت دامنهٔ برسد برنامهٔ pleroma پاسخ آن را میدهد.
از آنجایی که با سرویس BIND دامنهٔ دوم را طوری تنظیم کردید که نام دامنه به آدرس IP همین ماشین برگردد با صدا زدن نشانی دامنهٔ دوم به همین سرویس pleroma میرسید.
حالا کاربرد دامنهٔ دوم از نظر شما باید چه باشد؟
-
هممم
ممنون از شما! حالا داریم جلو میریم!
دلیل همین اتفاق رو میخواستم بدونم
خوب الان کاری که من میخوام بکنم اینه که اون فایل وردپرسی که اون بالا دیدید رو
(این توش :)
root@srv6575115705:~# cat /etc/nginx/sites-available/wordpress
server {
listen 80;
root /var/www/html/wordpress;
index index.php index.html index.htm;
server_name iamafard.ir www.iamafard.ir;
location / {
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# Pass PHP requests to PHP_FPM
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
access_log off;
log_not_found off;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# Deny Access to Hidden Files such as .htaccess
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Disallow PHP files In the WordPress uploads directory
location /wp-content/uploads/ {
location ~ \.php$ {
deny all;
}
}
}
root@srv6575115705:~# ln -sf /etc/nginx/
conf.d/ fastcgi_params koi-win modules-available/ nginx.conf scgi_params sites-enabled/ uwsgi_params
fastcgi.conf koi-utf mime.types modules-enabled/ proxy_params sites-available/ snippets/ win-utf
root@srv6575115705:~# ln -sf /etc/nginx/sites-available/wordpress /etc/nginx/
conf.d/ fastcgi_params koi-win modules-available/ nginx.conf scgi_params sites-enabled/ uwsgi_params
fastcgi.conf koi-utf mime.types modules-enabled/ proxy_params sites-available/ snippets/ win-utf
root@srv6575115705:~# ln -sf /etc/nginx/sites-available/wordpress /etc/nginx/sites-
sites-available/ sites-enabled/
root@srv6575115705:~# ln -sf /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/
root@srv6575115705:~#
الان من لینک کردم
ولی مشکل اینه که وقتی وارد iamafard.ir میشم بعد از شروع دوباره ی سرویس nginx
وارد document rootی که تعریف شده نمیشم و میرم به همون دامنه ای که پلروما روشه!
با داکیومنت روت های دیگه ای هم امتحان کردم همین ماجرا
اگر پلروما خاموش باشه ارور میده
اینم کانفیگ bind :
root@srv6575115705:~# cat /etc/bin
bind/ bindresvport.blacklist binfmt.d/
root@srv6575115705:~# cat /etc/bin
bind/ bindresvport.blacklist binfmt.d/
root@srv6575115705:~# cat /etc/bind
bind/ bindresvport.blacklist
root@srv6575115705:~# cat /etc/bind/
bind.keys db.127 db.empty named.conf named.conf.local rndc.key
db.0 db.255 db.local named.conf.default-zones named.conf.options zones.rfc1918
root@srv6575115705:~# cat /etc/bind/bind.keys
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
# The bind.keys file is used to override the built-in DNSSEC trust anchors
# which are included as part of BIND 9. The only trust anchors it contains
# are for the DNS root zone ("."). Trust anchors for any other zones MUST
# be configured elsewhere; if they are configured here, they will not be
# recognized or used by named.
#
# To use the built-in root key, set "dnssec-validation auto;" in the
# named.conf options, or else leave "dnssec-validation" unset. If
# "dnssec-validation" is set to "yes", then the keys in this file are
# ignored; keys will need to be explicitly configured in named.conf for
# validation to work. "auto" is the default setting, unless named is
# built with "configure --disable-auto-validation", in which case the
# default is "yes".
#
# This file is NOT expected to be user-configured.
#
# Servers being set up for the first time can use the contents of this file
# as initializing keys; thereafter, the keys in the managed key database
# will be trusted and maintained automatically.
#
# These keys are current as of Mar 2019. If any key fails to initialize
# correctly, it may have expired. In that event you should replace this
# file with a current version. The latest version of bind.keys can always
# be obtained from ISC at https://www.isc.org/bind-keys.
#
# See https://data.iana.org/root-anchors/root-anchors.xml for current trust
# anchor information for the root zone.
trust-anchors {
# This key (20326) was published in the root zone in 2017.
. initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
R1AkUTV74bU=";
};
root@srv6575115705:~# cat /etc/bind/bind.127
cat: /etc/bind/bind.127: No such file or directory
root@srv6575115705:~# cat /etc/bind/
bind.keys db.127 db.empty named.conf named.conf.local rndc.key
db.0 db.255 db.local named.conf.default-zones named.conf.options zones.rfc1918
root@srv6575115705:~# cat /etc/bind/db.127
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1.0.0 IN PTR localhost.
root@srv6575115705:~# cat /etc/bind/
bind.keys db.127 db.empty named.conf named.conf.local rndc.key
db.0 db.255 db.local named.conf.default-zones named.conf.options zones.rfc1918
root@srv6575115705:~# cat /etc/bind/db.255
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
root@srv6575115705:~# cat /etc/bind/db.0
;
; BIND reverse data file for "this host on this network" zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
root@srv6575115705:~# cat /etc/bind/db.empy
cat: /etc/bind/db.empy: No such file or directory
root@srv6575115705:~# cat /etc/bind/db.empty
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS localhost.
root@srv6575115705:~# cat /etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1
root@srv6575115705:~# cat /etc/bind/named.conf
named.conf named.conf.default-zones named.conf.local named.conf.options
root@srv6575115705:~# cat /etc/bind/named.conf
named.conf named.conf.default-zones named.conf.local named.conf.options
root@srv6575115705:~# cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
root@srv6575115705:~# cat /etc/bind/named.conf
named.conf named.conf.default-zones named.conf.local named.conf.options
root@srv6575115705:~# cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
root@srv6575115705:~# cat /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "iamafard.ir" {
type master;
file "/var/lib/bind/iamafard.ir.hosts";
};
zone "afardfediverse.ir" {
type master;
file "/var/lib/bind/afardfediverse.ir.hosts";
};
root@srv6575115705:~# cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};
root@srv6575115705:~# cat /etc/bin
bind/ bindresvport.blacklist binfmt.d/
root@srv6575115705:~# cat /etc/bind
bind/ bindresvport.blacklist
root@srv6575115705:~# cat /etc/bind/
bind.keys db.127 db.empty named.conf named.conf.local rndc.key
db.0 db.255 db.local named.conf.default-zones named.conf.options zones.rfc1918
root@srv6575115705:~# cat /etc/bind/
bind.keys db.127 db.empty named.conf named.conf.local rndc.key
db.0 db.255 db.local named.conf.default-zones named.conf.options zones.rfc1918
root@srv6575115705:~# cat /var/lib/bind/afardfediverse.ir.hosts
$ttl 3600
afardfediverse.ir. IN SOA srv6575115705. iamafard88.gmail.com. (
2024032804
3600
600
1209600
3600 )
afardfediverse.ir. IN NS srv6575115705.
ns1.afardfediverse.ir. IN A 194.62.43.117
www.afardfediverse.ir. IN A 194.62.43.117
afardfediverse.ir. IN A 194.62.43.117
afardfediverse.ir. IN NS ns1.afardfediverse.ir.
root@srv6575115705:~# cat /var/lib/bind/iamafard.ir.hosts
$ttl 3600
iamafard.ir. IN SOA srv6575115705. iamafard88.gmail.com. (
2024031804
3600
600
1209600
3600 )
iamafard.ir. IN NS srv6575115705.
iamafard.ir. IN A 194.62.43.117
www.iamafard.ir. IN A 194.62.43.117
ns1.iamafard.ir. IN A 194.62.43.117
iamafard.ir. IN NS ns1.iamafard.ir.
root@srv6575115705:~# cat /var/lib/bind/
afardfediverse.ir.hosts iamafard.ir.hosts
root@srv6575115705:~