CentOS 6.5 기준으로 작성되었습니다.
공유기 설정 (IPTIME 기준)
공유기 환경 내 구축된 서버이기 때문에 외부와의 통신을 위하여 포트포워딩 설정이 필요합니다.
(DNS는 TCP/UDP 53 Port를 사용)
방화벽 ACL Open
# iptables -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
# service iptables save
# service iptables restart |
DNS 설치
DNS서버 설치 확인
[root@reds-cent ~]# rpm -qa | grep bind
bind-utils-9.8.2-0.23.rc1.el6_5.1.x86_64
bind-sdb-9.8.2-0.23.rc1.el6_5.1.x86_64
bind-chroot-9.8.2-0.23.rc1.el6_5.1.x86_64
bind-devel-9.8.2-0.23.rc1.el6_5.1.x86_64
samba-winbind-clients-3.6.9-169.el6_5.x86_64
samba-winbind-3.6.9-169.el6_5.x86_64
ypbind-1.20.4-30.el6.x86_64
rpcbind-0.2.0-11.el6.x86_64
bind-libs-9.8.2-0.23.rc1.el6_5.1.x86_64
bind-9.8.2-0.23.rc1.el6_5.1.x86_64
bind-dyndb-ldap-2.3-5.el6.x86_64
[root@reds-cent ~]#
|
DNS 설정
named.conf 수정
# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options { // 주석처리
// listen-on port 53 { 127.0.0.1; };
// listen에 대해 any로 Open
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// 주석처리 // allow-query { localhost; };
// 네임서버 쿼리를 허용할 IP 설정 allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
}; include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
|
named.rfc1912.zones 수정
[root@reds-cent ~]# vi /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
// flgram.com 에 대한 도메인 추가 // flgram.com Domain
zone "flgram.com" IN {
type master;
file "flgram.com.zone";
allow-update { none; };
zone "225.121.210.in-addr.arpa" IN {
type master;
file "flgram.com.rev";
allow-update {none; };
};
|
zone 파일 생성 시 named.localhost 파일을 복사해서 사용, 및 소유권 정정
# cp /var/named/named.localhost /var/named/flgram.com.zone
# cp /var/named/named.localhost /var/named/flgram.com.rev # chown root.named /var/named/flgram.com.zone
# chown root.named /var/named/flgram.com.rev
|
flgram.com zone파일 생성
[root@reds-cent ~]# vi /var/named/flgram.com.zone
//flgram.com.zone
$TTL 10M
@ IN SOA ns1.flgram.com. webmaster.flgram.com. (
20140720
1D
1H
1W
3H )
IN NS ns1.flgram.com.
IN MX 10 mail.flgram.com.
IN A 210.121.225.137
ns1 IN A 210.121.225.137
www IN A 210.121.225.137
blog IN A 110.45.229.135
flgram.com. IN TXT "v=spf1 ip4:210.121.225.137 ~all" |
flgram.com rev파일 생성(수정)
[root@reds-cent ~]# vi /var/named/flgram.com.rev
// flgram.com.rev
$TTL 10M
@ IN SOA ns1.flgram.com. webmaster.flgram.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.flgram.com
00 IN PTR ns1.flgram.com
00 IN PTR mail.flgram.com
|
