DNS_01_bind를 이용한 개인 DNS server 꾸리기 .

카테고리 없음 2020. 4. 17. 13:41

시스템 구성일지!!

DNS시스템 구성

[root@localhost ~]# yum install -y bind
 
 ....
 extras                                                   | 2.9 kB     00:00
updates                                                  | 2.9 kB     00:00
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.11.4-9.P2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package       Arch            Version                      Repository     Size
================================================================================
Installing:
 bind          x86_64          32:9.11.4-9.P2.el7           base          2.3 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 2.3 M
Installed size: 5.4 M
Downloading packages:
bind-9.11.4-9.P2.el7.x86_64.rpm                            | 2.3 MB   00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 32:bind-9.11.4-9.P2.el7.x86_64                               1/1
  Verifying  : 32:bind-9.11.4-9.P2.el7.x86_64                               1/1

Installed:
  bind.x86_64 32:9.11.4-9.P2.el7

Complete!

아래 두파일을 저장하자.

/etc/named.conf

[root@localhost ~]# cat /etc/named.conf
options {
directory "/var/named";
};

zone "." {
type hint;
file "named.ca";
};

등록되어있는지 않은 경우 named.ca파일(root name server 정보가 들어있다.)에서 찾아라! 라는 의미를 포함하고 있다.

예외처리의 경우 마지막 줄에 추가하면 된다.

type slave 는 동적으로 가지고 와서 사용한다.

type master는 /var/named 경로에 있는 파일에서 정보를 가져온다.

아래 파일은 일반적으로 제공해준다.

/var/named/named.ca

되도록 배포한 것을 사용하는 것이 좋다.

[root@localhost ~]# cat /var/named/named.ca
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Feb 04, 2008
;       related version of root zone:   2008020400
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
;
; formerly NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; formerly C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; formerly TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
;
; formerly NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; formerly NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
;
; formerly NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803f:235
;
; formerly NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
;
; operated by VeriSign, Inc.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
;
; operated by RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129 
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
;
; operated by ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
;
; operated by WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
; End of File

서비스를 실행하자.

[root@localhost ~]# systemctl start named.service

해당 DNS를 사용할 네트워크의 DNS주소를 수정하자.

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="5f3c4132-c502-4422-82b4-200bfb74eee8"
DEVICE="ens33"
ONBOOT="yes"
IPADDR="192.168.20.21"
PREFIX="24"
GATEWAY="192.168.20.1"
DNS1="192.168.20.21"
IPV6_PRIVACY="no"

[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.20.21
search localdomain

네트워크를 재실행하자.

[root@localhost ~]# systemctl restart network

재 부팅시 자동실행이 되도록 진행하자.

[root@localhost ~]# ntsysv

결과 확인하기.

[root@localhost ~]# host naver.com
naver.com has address 125.209.222.141
naver.com has address 210.89.160.88
naver.com has address 125.209.222.142
naver.com has address 210.89.164.90
naver.com mail is handled by 10 mx3.naver.com.
naver.com mail is handled by 10 mx1.naver.com.
naver.com mail is handled by 10 mx2.naver.com.

오호!! 동작됨!!

NameServer의 무결성과 가용성은 보안상에 가장 중요한 이슈!

ABOUT ME

Going deep and broad Going deep and broad

시스템 구성일지!!

DNS시스템 구성

티스토리툴바