1) DNS 진행과정
사진 참조 : https://ijbgo.tistory.com/27
1. www.naver.com 주소를 입력하면 /etc/hosts에 없다면 resolve.conf 에 있는 local DNS서버로 hostname을 검색한다.
2. local DNS서버에 hostname이 없으면 root DNS로 질의함
3. fqdn에 대한 주소가 없고 .com에 대한 주소를 확인후 com DNS 서버 주소를 알려줌
4. local DNS서버에서 com DNS 서버에서 naver.com 주소를 확인후 local 서버로 전달
5. local DNS서버는 다시 naver.com DNS서버로 질의 하고 naver.com DNS 서버는 DNS 레코드를 검색해서 www.naver.com 의 주소를 전달한다.
6. local DNS서버는 받은 주소를 캐싱하고 client에 전달한다.
7. client는 www.navr.com에 매칭되는 ip 주소로 웹 서버에 접속한다. |
2) DNS 서버 구축 과정
1. 패키지 설치
[root@server3 ~]# dnf -y install bind bind-chroot bind-libs bind-utils |
2. 데몬 실행
[root@server3 ~]# systemctl enable named [root@server3 ~]# systemctl start named |
3. resolve 순서 작성
[root@server3 ~]# vi /etc/host.conf order hosts,bind |
4. /etc/namd.conf 설정
[root@server3 ~]# vi /etc/named.conf options { listen-on port 53 { any; }; listen-on-v6 port 53 { none; }; ..... allow-query { any; }; } include "/etc/named.rfc1912.zones"; /* 해당file에서 정방향, 역방향zone을 불러옴*/ include "/etc/named.root.key"; /* dns의 root 영역의 key 값 */
|
5. /etc/named.rfc1912.zone 설정
[root@server3 ~]# vi /etc/named.rfc1912.zones zone "example.com" IN { type master; file "server.zone"; };
zone "10.168.192.in-addr.arpa" IN { /* 역방향 zone 설정*/ type master; file "server.rev"; };
[root@server3 ~]# named-checkconf /etc/named.conf [root@server3 ~]# named-checkconf /etc/named.rfc1912.zones |
6. /var/named/server.zone (DNS 정방향 설정)
[root@server3 ~]# cp /var/named/named.empty /var/named/server.zone [root@server3 ~]# vi /var/named/server.zone $TTL 4 @ IN SOA ns3.example.com. root.example.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1 IN NS ns3 ns3 IN A 192.168.10.220
|
7. /var/named/server.zone 설정 점검 (DNS 정방향 설정)
[root@server3 ~]# named-checkzone example.com /var/named/server.zone zone example.com/IN: loaded serial 0 OK |
8. /var/named/server.rev (DNS 역방향 설정)
[root@server3 ~]# cp /var/named/named.empty /var/named/server.rev [root@server3 ~]# vi /var/named/server.rev $TTL 4 @ IN SOA ns3.example.com. root.example.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1 IN NS ns3.example.com. 220 IN PTR ns3.example.com. 220 IN PTR www.example.com.
|
9. /var/named/server.rev 설정 점검 (DNS 역방향 설정)
[root@server3 ~]# named-checkzone 10.168.192.in-addr-arpa /var/named/server.rev zone 10.168.192.in-addr-arpa/IN: loaded serial 0 OK |
10. zone/rev 소유자 변경
[root@server3 named]# chown root:named server.zone [root@server3 named]# chown root:named server.rev |
10. 데몬 재실행
[root@server3 ~]# systemctl restart named [root@server3 ~]# systemctl status named |
11. test 실행
[root@server3 ~]# vi /etc/resolv.conf nameserver 192.168.10.220 |
10. nslookup 확인
[root@server3 named]# nslookup ns3.example.com Server: 192.168.10.220 Address: 192.168.10.220#53
Name: ns3.example.com Address: 192.168.10.220
[root@server3 named]# nslookup 192.168.10.220 220.10.168.192.in-addr.arpa name = www.example.com. 220.10.168.192.in-addr.arpa name = ns3.example.com. |
3) chroot로 DNS 서버 구성
1. chroot 구성위한 데몬 중지
dns port 53 잡고 있으므로 데몬 중지 시킴 [root@server3 named]# systemctl stop named [root@server3 named]# systemctl disable named |
2. chroot 구성 마운팅
[root@server3 named]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on [root@server3 named]# mount | grep /var/named/chroot |
3. named-chroot 데몬실행
[root@server3 named]# systemctl start named-chroot [root@server3 named]# systemctl enable named-chroot |
4) Web Server DNS 테스트
1. httpd, curl 데몬 설치
[root@server3 named]# dnf -y install httpd curl |
2. http index.html 작성
[root@server3 named]# cd /var/www/html [root@server3 html]# echo " server 3" >> index.html |
3. 웹서버 데몬 실행
[root@server3 html]# systemctl enable httpd [root@server3 html]# systemctl start httpd |
4. 웹서버 DNS 동작 확인
[root@server3 html]# curl www.example.com server 3 |
5) DNS Master/Slave 서버 동작 방식
1. master/slave 서버의 정의는 /etc/named.rfc1912.zone에 있다.
2. master의 domain이 변경시 /etc/named.conf에 정의한 allow-transfer에 의해 변경사항이 slave로 port 53을 타고 전송 된다.
3. slave에서 master 서버가 변경한 데이터는 /etc/named.rfc1912.zone에 정의된 경로로 /var/named/chroot/var/named/slaves에 변경사항이 저장된다. |
6) DNS Master/Slave 서버 구성
1. [server3] /etc/resolve.conf 설정 추가
[root@server3 named]# cat /etc/resolv.conf nameserver 192.168.10.210 |
2. [server3] /etc/named.conf 설정 추가
dns port 53 잡고 있으므로 데몬 중지 시킴 [root@server3 named]# vi /etc/named.conf ... allow-transfer { 192.168.10.210; }; //slave로 file 전송 옵션 허용 추가 |
3. [server3] /etc/named.rfc1912.zones 설정 추가
[root@server3 named]# vi /etc/named.rfc1912.zones
zone "example.com" IN { type master; file "server.zone"; also-notify { 192.168.10.210; }; //master의 변경 사항을 알려줌 };
zone "10.168.192.in-addr.arpa" IN { type master; file "server.rev"; also-notify { 192.168.10.210; }; //master의 변경 사항을 알려줌 }; |
4. [server3] server.zones 정방향 설정 추가
[root@server3 named]# vi server.zone $TTL 3H @ IN SOA ns3.example.com. root.example.com. ( 10 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1 IN NS ns3 IN NS ns2 //slave 네임서버 ns3 IN A 192.168.10.220 ns2 IN A 192.168.10.210 //slave IP 주소 |
5. [server3] server.rev 역방향 설정 추가
[root@server3 named]# vi server.rev
$TTL 3H @ IN SOA ns3.example.com. root.example.com. ( 10 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1 IN NS ns3.example.com. IN NS ns2.example.com. 220 IN PTR ns3.example.com. 210 IN PTR ns2.example.com.
|
6. [server3] firewall port 53 permit
[root@server3 named]# firewall-cmd --permanent --zone=public --add-service=dns success [root@server3 named]# firewall-cmd --reload success [root@server3 named]# systemctl restart firewalld |
7. [server3] named-chroot 데몬 재시작
[root@server3 named]# systemctl restart named-chroot |
8. [server2] dns 패키지 설치
[root@server2 ~]# yum -y install bind bind-chroot bind-libs bind-utils |
9. [server2] firewall port 53 permit
[root@server2 named]# firewall-cmd --permanent --zone=public --add-service=dns success [root@server2 named]# firewall-cmd --reload success [root@server2 named]# systemctl restart firewalld |
10. [server2] /etc/resolv.conf 변경
[root@server2 ~]# cat /etc/resolv.conf nameserver 192.168.10.220 nameserver 192.168.10.210 |
11. [server2] /etc/named.conf 변경
[root@server2 ~]# vi /etc/named.conf options { listen-on port 53 { any; }; listen-on-v6 port 53 { none; }; .... allow-query { any; }; |
12. [server2] /etc/named.rfc1912.zones 변경
[root@server2 ~]# vi /etc/named.rfc1912.zones zone "example.com" IN { type slave; masters {192.168.10.220; }; file "slaves/server.zone"; };
zone "10.168.192.in-addr.arpa" IN { type slave; masters { 192.168.10.220; }; file "slaves/server.rev"; }; |
13. [server2] chroot 구성 하기
[root@server2 ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on [root@server2 ~]# mount | grep /var/named/chroot |
14. [server2] named-chroot 시작
[root@server2 ~]# systemctl start named-chroot [root@server2 ~]# systemctl enable named-chroot |
15. [server2] slave 파일 확인
[root@server2 ~]# ls -l /var/named/chroot/var/named/slaves/ |
16. [server2] nslookup 테스트
[root@server2 ~]# nslookup ns3.example.com Server: 192.168.10.220 Address: 192.168.10.220#53
Name: ns1.example.com Address: 192.168.10.220
[root@server2 ~]# nslookup ns2.example.com Server: 192.168.10.220 Address: 192.168.10.220#53
Name: ns2.example.com Address: 192.168.10.210
[root@server2 ~]# nslookup 192.168.10.220 220.10.168.192.in-addr.arpa name = ns3.example.com.
[root@server2 ~]# nslookup 192.168.10.210 210.10.168.192.in-addr.arpa name = ns2.example.com. |
17. [server3] network unreachable resolving 증상
[root@server3 named]# systemctl status named-chroot Jan 14 15:37:10 server1.example.com named[9300]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53 Jan 14 15:37:10 server1.example.com named[9300]: network unreachable resolving './NS/IN': 2001:7fe::53#53 Jan 14 15:37:10 server1.example.com named[9300]: network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53 Jan 14 15:37:10 server1.example.com named[9300]: network unreachable resolving './NS/IN': 2001:500:1::53#53
// ipv6를 사용않하기 때문에 ipv4 만 사용하는 옵션 적용 [root@server1 named]# vi /etc/sysconfig/named OPTIONS="-4" [root@server2 ~]# systemctl restart named-chroot |
'linux' 카테고리의 다른 글
ansible 설치 및 ansible로 nginx 설치 (0) | 2021.05.31 |
---|---|
ubuntu 18.04- netplan (network)설정 (0) | 2021.03.18 |
centos 8 - freeIPA (LDAP) 설치 + Kerberos (0) | 2021.01.08 |
centos 8 - galera + mariadb 마이그레이션 (0) | 2021.01.08 |
centos 8 - galera + mariadb 설치 (0) | 2021.01.07 |