반응형
Linux 에서 DNS 서버를 운영하기 위한 서버 설치 과정이다.
[root@openshift-dns ~ ] # yum install bind* -y
~(생략)
Installed:
bind.x86_64 32:9.9.4-74.el7_6.1 bind-chroot.x86_64 32:9.9.4-74.el7_6.1 bind-devel.x86_64 32:9.9.4-74.el7_6.1 bind-dyndb-ldap.x86_64 0:11.1-4.el7 bind-lite-devel.x86_64 32:9.9.4-74.el7_6.1
bind-pkcs11.x86_64 32:9.9.4-74.el7_6.1 bind-pkcs11-devel.x86_64 32:9.9.4-74.el7_6.1 bind-pkcs11-libs.x86_64 32:9.9.4-74.el7_6.1 bind-pkcs11-utils.x86_64 32:9.9.4-74.el7_6.1
bind-sdb.x86_64 32:9.9.4-74.el7_6.1 bind-sdb-chroot.x86_64 32:9.9.4-74.el7_6.1
Dependency Installed:
audit-libs-python.x86_64 0:2.8.4-4.el7 checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-20.el7 libsemanage-python.x86_64 0:2.5-14.el7
policycoreutils-python.x86_64 0:2.5-29.el7_6.1 python-IPy.noarch 0:0.75-6.el7
python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7
postgresql-libs.x86_64 0:9.2.24-1.el7_5
Dependency Updated:
policycoreutils.x86_64 0:2.5-29.el7_6.1
Complete!
config 수정 및 추가
</etc/named.conf> : 이파일을 설정하지 않으면 네트워크 노드 또는 DNS쿼리 하는 client의 요청에 응답하지 않는다.
listen-on port 53 => listen Port설정 (IP를 설정할 경우 해당 IP에 대해서만 listen 허용)
allow-query => 모든 네트워크에서의 요청을 처리
[root@openshift-dns ~ ] # cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; }; ### 127.0.0.1을 any로 변경
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; ### localhost를 any 변경
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";</etc/named.rfc1912.zones>
[root@openshift-dns ~ ] # cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
### 사용하고자 하는 DNS를 설정한다.
zone "test.com" IN {
type master;
file "named.test.com.zone";
## /var/named하위에 "name.test.com.zone"이라는 파일이 존재 해야 한다.
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
named.test.com.zone이라는 파일을 생성할때 기존 name.localhost를 복사하여 생성한다.
[root@openshift-dns ~ ] # cd /var/named/
[root@openshift-dns /var/named ] # ls -al
합계 16
drwxrwx--T 8 root named 177 7월 2 16:52 .
drwxr-xr-x. 20 root root 280 7월 2 16:50 ..
drwxr-x--- 7 root named 61 7월 2 16:52 chroot
drwxr-x--- 7 root named 61 7월 2 16:52 chroot_sdb
drwxrwx--- 2 named named 6 6월 5 04:26 data
drwxrwx--- 2 named named 6 6월 5 04:26 dynamic
drwxrwx--- 2 root named 6 8월 23 2017 dyndb-ldap
-rw-r----- 1 root named 2281 5월 22 2017 named.ca
-rw-r----- 1 root named 152 12월 15 2009 named.empty
-rw-r----- 1 root named 152 6월 21 2007 named.localhost
-rw-r----- 1 root named 168 12월 15 2009 named.loopback
drwxrwx--- 2 named named 6 6월 5 04:26 slaves
[root@openshift-dns /var/named ] # cp -rpRf named.localhost named.test.com.zone
/var/named/named.test.com.zone 파일 수정
[root@openshift-dns /var/named ] # cat named.test.com.zone
$TTL 1D
@ IN SOA @ ns.test.com. ( ## <=== 변경해야 할 부분
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 172.10.2.21 ## <=== 변경해야 할 부분
AAAA ::1 ## 사용하지 않는다면 삭제
IN NS ns.test.com. ## 변경
IN A 172.10.2.21 ## 변경
ns IN A 172.10.2.21 ## 추가
cosmaster01 IN A 172.10.2.21 ## 추가
DNS 설정 확인
다른 서버로 접속하여 확인한다.
[root@cronus ~]# nslookup
> server 172.10.2.9 ## <==== 구축한 DNS의 IP를 입력하여 DNS Query위치를 변경한다.
Default server: 172.10.2.9
Address: 172.10.2.9#53
> cosmaster01.test.com ## 등록한 URL주소가 정상적인지 확인한다.
Server: 172.10.2.9
Address: 172.10.2.9#53
Name: cosmaster01.test.com
Address: 172.10.2.21
nslookup 명령어가 없을 경우 bind-utils 를 yum으로 설치하여 사용하면 된다.
반응형
'운영체제 > Linux' 카테고리의 다른 글
| [Linux - UTIL ] Zabbix 모니터링 tool - Install (0) | 2019.07.05 |
|---|---|
| [Linux - UTIL] zabbix - 사전 작업 (0) | 2019.07.05 |
| [Linux] nginx 설치 (0) | 2019.06.25 |
| [Linux] iperf 설치 - 네트워크 성능 측정 (0) | 2019.04.30 |
| [Linux] SWAP memory 추가 설정 (0) | 2019.04.25 |