본문 바로가기
Ops/Network

Network DNS - forwarder on centos 7

mkdir.chandler 2023. 12. 16. 00:00
반응형

Network DNS - forwarder on centos 7

 

 

 

 

 

 type
- Resolver

    - DNS 서버 자체에서 모든 조회 및 연결을 관리

    - 사내에서 DNS 서버를 가지고 있다면 대부분 이 방식으로 사용

- Forwarder

    - DNS 서버가 다른 Resolver로 forward 역할만 수행

    - 사내망과 Cloud 서비스를 연결할 때 사용하며, 보안을 위해 IPSec 기반으로 연결

 

 

■  DNS 설치

yum install -y bind

 

 

■ 방화벽 설정

firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload

 

 

■ DNS 허용 범위 설정

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

 

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { none; };
        directory       "/var/named";
        auth-nxdomain no;
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        forward first;
        forwarders { 10.0.0.101; 10.0.0.102; };    

        recursion yes;
        dnssec-enable no;
        dnssec-validation no;

        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

 

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

 

zone "chandler.example.com" IN {
        type forward;
        forward only;
        forwarders { 10.0.0.101; 10.0.0.102; };
};

 

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

 

 

■ 도메인 생성

위의 named.conf에 zone 정보를 같이 입력 (rfc1918.conf 에 따로 입력해도 됨. 선택 사항)

 

 

■ 레코드 생성

forward 설정을 할 경우 레코드 설정을 할 필요 없음

 

■ 서비스 재시작

systemctl restart named
systemctl enable named

 

 

 

by mkdir-chandler

 

 

 

 

 

728x90
반응형
저작자표시

'Ops > Network' 카테고리의 다른 글

Network DNS - 도메인 갱신 주기  (0) 2023.12.17
Network DNS - resolver on centos 7  (0) 2023.12.15
Network Domain - 도메인 가격 비교  (0) 2023.12.14
Aruba (AP Network) - DRT 란  (0) 2023.04.09

'Ops/Network' Related Articles

티스토리툴바