리눅스 named 구축 (DNS)

DNS
iptables에서 TCP,UDP 53번 포트를 열어주어야 정상적으로 가능하다.
[root@localhost named]# vi /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -p udp -m state –state NEW -m udp –dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 53 -j ACCEPT

필요 페키지
[root@localhost local]# yum -y install bind
-> bind 설치
[root@localhost local]# yum -y install bind-utils
-> bind 를 사용할 utils 설치
[root@localhost local]# yum -y install bind-chroot
-> root를 바꿀 수 있는 패키지 설치
[root@localhost local]# yum -y install caching-nameserver
-> chroot 설정파일 패키지 설치

[root@localhost named]# ll
합계 40
drwxr-x— 5 root named 4096 9¿ù 3 13:02 ./
drwxr-xr-x 23 root root 4096 8¿ù 28 08:46 ../
drwxr-x— 5 root named 4096 7¿ù 31 13:17 chroot/
drwxrwx— 2 named named 4096 7¿ù 31 13:17 data/
lrwxrwxrwx 1 root named 44 9¿ù 3 13:02 localdomain.zone -> /var/named/chro ot/var/named/localdomain.zone
lrwxrwxrwx 1 root named 42 9¿ù 3 13:02 localhost.zone -> /var/named/chroot /var/named/localhost.zone
lrwxrwxrwx 1 root named 43 9¿ù 3 13:02 named.broadcast -> /var/named/chroo t/var/named/named.broadcast
lrwxrwxrwx 1 root named 36 9¿ù 3 13:02 named.ca -> /var/named/chroot/var/n amed/named.ca
lrwxrwxrwx 1 root named 43 9¿ù 3 13:02 named.ip6.local -> /var/named/chroo t/var/named/named.ip6.local
lrwxrwxrwx 1 root named 39 9¿ù 3 13:02 named.local -> /var/named/chroot/va r/named/named.local
lrwxrwxrwx 1 root named 38 9¿ù 3 13:02 named.zero -> /var/named/chroot/var /named/named.zero
drwxrwx— 2 named named 4096 7¿ù 31 13:17 slaves/
설정파일 확인

[root@localhost etc]# ll /etc/named.*
lrwxrwxrwx 1 root named 51 9¿ù 3 13:07 /etc/named.caching-nameserver.conf -> /
lrwxrwxrwx 1 root named 41 9¿ù 3 13:07 /etc/named.rfc1912.zones -> /var/named/
네임서버 설정파일
[root@localhost etc]# vi /etc/resolv.conf

zone파일 설정 확인

[root@localhost named]# cat localhost.zone
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS @
IN A 127.0.0.1
IN AAAA ::1

DNS 구성 파일 존파일을 명시해주어야 한다
===========================================================================
[root@localhost named]# vi /etc/named.caching-nameserver.conf

options {
listen-on port 53 { any; }; <<< any;로 수정
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
// Those options should be used carefully because they disable port
// randomization
query-source port 53; <<<<주석제거
query-source-v6 port 53; <<<<주석제거
allow-query { any; }; <<< any;
allow-query-cache { any; }; <<< any;
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; }; <<< any;
match-destinations { any; }; <<< any;
recursion no; <<< no로 바꿔줌 보안상
include “/etc/named.rfc1912.zones”;
};
=======================================================================
vi /var/named/chroot/etc/named.rfc1912.zones

zone “localhost” IN {
type master;
file “localhost.zone”;
allow-update { none; };
};
복사후 맨밑에 삽입후 수정
zone “msnote.co.kr” IN {
type master;
file “msnote.co.kr.zone”;
allow-update { none; };
};
=======================================================================
/var/named/chroot/var/named/named.local
복사cp =p /var/named/chroot/var/named/msnote.co.kr
수정
$TTL 86400
@ IN SOA ns.msnote.co.kr. root.msnote.co.kr. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns.msnote.co.kr.t
www IN A 49.***.***.***
ns IN A 49.***.***.***
* IN A 49.***.***.***

========================================================================
저장후
[root@localhost named]# /etc/init.d/named restart

Leave your Comment

Your email address will not be published. Required fields are marked *