반응형
Network DNS - resolver on centos 7
■ Type
- Resolver
- DNS 서버 자체에서 모든 조회 및 연결을 관리
- 사내에서 DNS 서버를 가지고 있다면 대부분 이 방식으로 사용
- Forwarder
- DNS 서버가 다른 Resolver로 forward 역할만 수행
- 사내망과 Cloud 서비스를 연결할 때 사용하며, 보안을 위해 IPSec 기반으로 연결
■ DNS 설치
yum install -y bind
■ 방화벽 설정
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
■ DNS 허용 범위 설정
vim /etc/named.conf
# 13번째 라인 127.0.0.1; --> any;
# 14번째 라인 ::1; --> none;
# 21번째 라인 localhost; --> any;
■ 도메인 생성 (정방향)
echo "" >> /etc/named.rfc1912.zones
echo "// forward set by chandler" >> /etc/named.rfc1912.zones
echo "zone \"chandler.example.com\" IN {" >> /etc/named.rfc1912.zones
echo " type master;" >> /etc/named.rfc1912.zones
echo " file \"chandler.example.com.zone\";" >> /etc/named.rfc1912.zones
echo " allow-update { none; };" >> /etc/named.rfc1912.zones
echo " allow-transfer { none; };" >> /etc/named.rfc1912.zones
echo "};" >> /etc/named.rfc1912.zones
echo "" >> /etc/named.rfc1912.zones
■ 도메인 생성 (역방향)
echo "" >> /etc/named.rfc1912.zones
echo "// reverse set by chandler" >> /etc/named.rfc1912.zones
echo "zone \"100.0.0.in-addr.arpa\" IN {" >> /etc/named.rfc1912.zones
echo " type master;" >> /etc/named.rfc1912.zones
echo " file \"ipname.zone\";" >> /etc/named.rfc1912.zones
echo " allow-update { none; };" >> /etc/named.rfc1912.zones
echo " allow-transfer { none; };" >> /etc/named.rfc1912.zones
echo "};" >> /etc/named.rfc1912.zones
echo "" >> /etc/named.rfc1912.zones
■ 레코드 생성 (정방향)
echo "\$TTL 300" >> /var/named/chandler.example.com.zone
echo "@ IN SOA chandler.example.com. root (" >> /var/named/chandler.example.com.zone
echo " 0 ; serial" >> /var/named/chandler.example.com.zone
echo " 3600 ; refresh" >> /var/named/chandler.example.com.zone
echo " 300 ; retry" >> /var/named/chandler.example.com.zone
echo " 1W ; expire" >> /var/named/chandler.example.com.zone
echo " 300 ) ; minimum" >> /var/named/chandler.example.com.zone
echo "" >> /var/named/chandler.example.com.zone
echo "; name servers - NS records" >> /var/named/chandler.example.com.zone
echo " IN NS ns.chandler.example.com." >> /var/named/chandler.example.com.zone
echo "" >> /var/named/chandler.example.com.zone
echo "; name servers - A records" >> /var/named/chandler.example.com.zone
echo "ns IN A 10.0.0.100" >> /var/named/chandler.example.com.zone
echo "" >> /var/named/chandler.example.com.zone
echo "; the others - A records" >> /var/named/chandler.example.com.zone
echo " IN A 10.0.0.100" >> /var/named/chandler.example.com.zone
echo "www IN A 10.0.0.101" >> /var/named/chandler.example.com.zone
echo "test IN A 10.0.0.102" >> /var/named/chandler.example.com.zone
■ 레코드 생성 (역방향)
echo "\$TTL 300" >> /var/named/ipname.zone
echo "@ IN SOA chandler.example.com. root (" >> /var/named/ipname.zone
echo " 0 ; serial" >> /var/named/ipname.zone
echo " 3600 ; refresh" >> /var/named/ipname.zone
echo " 300 ; retry" >> /var/named/ipname.zone
echo " 1W ; expire" >> /var/named/ipname.zone
echo " 300 ) ; minimum" >> /var/named/ipname.zone
echo "" >> /var/named/ipname.zone
echo "; name servers - NS records" >> /var/named/ipname.zone
echo " IN NS ns.chandler.example.com." >> /var/named/ipname.zone
echo "" >> /var/named/ipname.zone
echo "; name servers - PTR records" >> /var/named/ipname.zone
echo "100 IN PTR ns.chandler.example.com." >> /var/named/ipname.zone
echo "" >> /var/named/ipname.zone
echo "; the others - PTR records" >> /var/named/ipname.zone
echo "100 IN PTR chandler.example.com." >> /var/named/ipname.zone
echo "101 IN PTR www.chandler.example.com." >> /var/named/ipname.zone
echo "102 IN PTR test.chandler.example.com." >> /var/named/ipname.zone
■ 레코드 파일 권한 설정
chown root:named /var/named/chandler.example.com.zone
chown root:named /var/named/ipname.zone
■ 레코드 생성 검토
named-checkzone chandler.example.com /var/named/chandler.example.com.zone
named-checkzone 100.0.0.in-addr.arpa /var/named/ipname.zone
■ 서비스 재시작
systemctl restart named
systemctl enable named
■ Reference
| 내용 | URL | |
| [Linux] CentOS 7 DNS 서버 구축 & 도메인 설정 | [Linux] CentOS 7 DNS 서버 구축 & 도메인 설정 | |
| DNS setup with bind on CentOS 7 | DNS setup with bind on CentOS 7 |
by mkdir-chandler
728x90
반응형
'Ops > Network' 카테고리의 다른 글
| Network DNS - 도메인 갱신 주기 (0) | 2023.12.17 |
|---|---|
| Network DNS - forwarder on centos 7 (0) | 2023.12.16 |
| Network Domain - 도메인 가격 비교 (0) | 2023.12.14 |
| Aruba (AP Network) - DRT 란 (0) | 2023.04.09 |
