19. 온프레미스 DNS, MASTER DNS설정법은?

5.3. DNS  MASTER DNS설정법은?

Named.conf 와 named.rfc1912.zones  설정하기

# cd /etc
etc# more named.conf
options {
        directory "/var/named";
        check-names master ignore;
        check-names slave ignore;
        version "No!!!";

        allow-transfer { 127.0.0.1; 211.35.65.68;210.116.123.25;  };

recursion no;
        };

key "rndc-key" {
       algorithm hmac-md5;
       secret "7BNQ";
 };
 
controls {
       inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; };
 };

zone "." IN {
        type hint;
        file "named.ca";
        };

include"/etc/named.rfc1912.zones";

include"/etc/log.conf";

etc# ls n*
named.conf             named.rfc1912.zones    netplug.d/             

nsswitch.conf          named.conf-2016-0914

netplug/               nscd.conf              

etc# more named.rfc1912.zones 

zone"localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "dns-book.com" IN{
        type master;
        file "dns-book.com.zone";
        allow-update { none; };
};

zone "serverchk.com" IN{
        type master;
        file "serverchk.com.zone";
        allow-update { none; };
};

zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone"1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa"IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

TEST

설정 변경후는 Named.conf 점검 유틸named-checkconf 로 사전 점검한다.

#/usr/sbin/named-checkconf  named.conf

#

오류가 없으면  프롬프트(#)만 보여진다.

오류가 있으면 오류 내용을 보여준다.

named# more serverchk.com.zone 

$ttl 100

@               IN SOA  ns1 root (

                                2016090904 ;serial

                                900      ; refresh (15 mins)

                                900        ; retry (15 minutes)

                                604800     ; expire (1 week)

                                180        ; minimum (3 minutes)

                                )

                        NS      ns1.serverchk.com.

                        NS      ns2.serverchk.com.

                        NS      ns3.serverchk.com.

                        A       211.35.65.68

                        MX     10 mail.serverchk.com.

                        A       210.116.123.25

ftp                     A       211.35.65.68

www                   A       210.116.123.25

www2    10             A       210.116.123.25

Game은 10초로 동작한다.

각 호스트별 TTL을 지정할수 있으며,$TTL보다 우선한다.

최근 버전의 CENTOS에서는 보안강화로ZONE파일 경로는 chroot아래로 변경되었다.

/var/named/chroot/var/named에 Zone파일이 존재해야 한다.

etc# tail -f /var/log/messages&

etc#  ps -ef |grep named
named     4374     1  0 10:23?        00:00:00 /usr/sbin/named -u named
root      4381  4322  0 10:24pts/9    00:00:00 grep named

etc# kill -9 4374 &&/usr/sbin/named -u named 

 etc# ps -ef |grep named

다음

https://brunch.co.kr/@topasvga/215

20.DNS  SLAVE설정법은 ?