Ops/Network

Network DNS - resolver on centos 7

mkdir.chandler 2023. 12. 15. 00:00
반응형

Network DNS - resolver on centos 7

 

 

 

 

 

■ Type
- Resolver
    - DNS 서버 자체에서 모든 조회 및 연결을 관리

    - 사내에서 DNS 서버를 가지고 있다면 대부분 이 방식으로 사용
- Forwarder

    - DNS 서버가 다른 Resolver로 forward 역할만 수행
    - 사내망과 Cloud 서비스를 연결할 때 사용하며, 보안을 위해 IPSec 기반으로 연결

 

■  DNS 설치

yum install -y bind

 

 

■ 방화벽 설정

firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload

 

 

■ DNS 허용 범위 설정

vim /etc/named.conf
# 13번째 라인 127.0.0.1;  -->  any;
# 14번째 라인 ::1;  -->  none;
# 21번째 라인 localhost;  -->  any;

 

 

■ 도메인 생성 (정방향)

echo "" >> /etc/named.rfc1912.zones
echo "// forward set by chandler" >> /etc/named.rfc1912.zones
echo "zone \"chandler.example.com\" IN {" >> /etc/named.rfc1912.zones
echo "        type master;" >> /etc/named.rfc1912.zones
echo "        file \"chandler.example.com.zone\";" >> /etc/named.rfc1912.zones
echo "        allow-update { none; };" >> /etc/named.rfc1912.zones
echo "        allow-transfer { none; };" >> /etc/named.rfc1912.zones
echo "};" >> /etc/named.rfc1912.zones
echo "" >> /etc/named.rfc1912.zones

 

 

■ 도메인 생성 (역방향)

echo "" >> /etc/named.rfc1912.zones
echo "// reverse set by chandler" >> /etc/named.rfc1912.zones
echo "zone \"100.0.0.in-addr.arpa\" IN {" >> /etc/named.rfc1912.zones
echo "        type master;" >> /etc/named.rfc1912.zones
echo "        file \"ipname.zone\";" >> /etc/named.rfc1912.zones
echo "        allow-update { none; };" >> /etc/named.rfc1912.zones
echo "        allow-transfer { none; };" >> /etc/named.rfc1912.zones
echo "};" >> /etc/named.rfc1912.zones
echo "" >> /etc/named.rfc1912.zones

 

 

■ 레코드 생성 (정방향)

echo "\$TTL 300" >> /var/named/chandler.example.com.zone
echo "@       IN SOA  chandler.example.com.   root (" >> /var/named/chandler.example.com.zone
echo "                                        0       ; serial" >> /var/named/chandler.example.com.zone
echo "                                        3600    ; refresh" >> /var/named/chandler.example.com.zone
echo "                                        300     ; retry" >> /var/named/chandler.example.com.zone
echo "                                        1W      ; expire" >> /var/named/chandler.example.com.zone
echo "                                        300 )   ; minimum" >> /var/named/chandler.example.com.zone
echo "" >> /var/named/chandler.example.com.zone
echo "; name servers - NS records" >> /var/named/chandler.example.com.zone
echo "        IN NS   ns.chandler.example.com." >> /var/named/chandler.example.com.zone
echo "" >> /var/named/chandler.example.com.zone
echo "; name servers - A records" >> /var/named/chandler.example.com.zone
echo "ns      IN A    10.0.0.100" >> /var/named/chandler.example.com.zone
echo "" >> /var/named/chandler.example.com.zone
echo "; the others - A records" >> /var/named/chandler.example.com.zone
echo "        IN A    10.0.0.100" >> /var/named/chandler.example.com.zone
echo "www     IN A    10.0.0.101" >> /var/named/chandler.example.com.zone
echo "test    IN A    10.0.0.102" >> /var/named/chandler.example.com.zone

 

 

■ 레코드 생성 (역방향)

echo "\$TTL 300" >> /var/named/ipname.zone
echo "@       IN SOA  chandler.example.com.   root (" >> /var/named/ipname.zone
echo "                                        0       ; serial" >> /var/named/ipname.zone
echo "                                        3600    ; refresh" >> /var/named/ipname.zone
echo "                                        300     ; retry" >> /var/named/ipname.zone
echo "                                        1W      ; expire" >> /var/named/ipname.zone
echo "                                        300 )   ; minimum" >> /var/named/ipname.zone
echo "" >> /var/named/ipname.zone
echo "; name servers - NS records" >> /var/named/ipname.zone
echo "        IN NS     ns.chandler.example.com." >> /var/named/ipname.zone
echo "" >> /var/named/ipname.zone
echo "; name servers - PTR records" >> /var/named/ipname.zone
echo "100     IN PTR    ns.chandler.example.com." >> /var/named/ipname.zone
echo "" >> /var/named/ipname.zone
echo "; the others - PTR records" >> /var/named/ipname.zone
echo "100     IN PTR    chandler.example.com." >> /var/named/ipname.zone
echo "101     IN PTR    www.chandler.example.com." >> /var/named/ipname.zone
echo "102     IN PTR    test.chandler.example.com." >> /var/named/ipname.zone

 

 

■ 레코드 파일 권한 설정

chown root:named /var/named/chandler.example.com.zone
chown root:named /var/named/ipname.zone

 

 

■ 레코드 생성 검토

named-checkzone chandler.example.com /var/named/chandler.example.com.zone
named-checkzone 100.0.0.in-addr.arpa /var/named/ipname.zone

 

 

■ 서비스 재시작

systemctl restart named
systemctl enable named

 

 

■ Reference

  내용 URL
  [Linux] CentOS 7 DNS 서버 구축 & 도메인 설정 [Linux] CentOS 7 DNS 서버 구축 & 도메인 설정
  DNS setup with bind on CentOS 7 DNS setup with bind on CentOS 7

 

 

 

by mkdir-chandler

 

 

 

 

 

728x90
반응형
저작자표시