페이지 이력

버전 비교

키

이 줄이 추가되었습니다.
이 줄이 삭제되었습니다.
서식이 변경되었습니다.

true

코드 블럭

language	bash
title	호스트네임 변경
linenumbers	true

hostnamectl status
hostnamectl set-hostname dns
hostnamectl status

코드 블럭

language

bash

title

방화벽 중지

collapse

systemctl stop firewalld
systemctl disable firewalld

펼치기

서식 미적용

[root@dnsroot@rac1 ~]# systemctl stop firewalld
[root@dns ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. hostnamectl status
   Static hostname: rac1
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 5554cd8ab5124283be4afd144783a884
           Boot ID: 8075d1f529eb46f88fe2fc7927b8cdb9
    Virtualization: kvm
  Operating System: Oracle Linux Server 7.6
       CPE OS Name: cpe:/o:oracle:linux:7:6:server
            Kernel: Linux 4.14.35-1818.3.3.el7uek.x86_64
      Architecture: x86-64

[root@rac1 ~]# hostnamectl set-hostname dns

[root@rac1 ~]# hostnamectl status
   Static hostname: dns
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 5554cd8ab5124283be4afd144783a884
           Boot ID: 8075d1f529eb46f88fe2fc7927b8cdb9
    Virtualization: kvm
  Operating System: Oracle Linux Server 7.6
       CPE OS Name: cpe:/o:oracle:linux:7:6:server
            Kernel: Linux 4.14.35-1818.3.3.el7uek.x86_64
      Architecture: x86-64

코드 블럭

language	bash
title	방화벽 중지
collapse	true

systemctl stop firewalld
systemctl disable firewalld

펼치기

서식 미적용
[root@dns ~]# systemctl stop firewalld [root@dns ~]# systemctl disable firewalld

코드 블럭

language	bash
title	DNS 서비스 패키지 설치
linenumbers	true

cd <리눅스 설치 디스크 마운트 경로>/Packages
rpm -ivh python-ply-*.noarch.rpm
# rpm -ivh bind-license-*.el7.noarch.rpm
# rpm -Uvh bind-utils-*.x86_64.rpm bind-libs-*.x86_64.rpm
rpm -ivh bind-*.el7.x86_64.rpm
rpm -ivh bind-chroot-*.x86_64.rpm
cd
eject

펼치기

서식 미적용
[root@dns ~]# cd /run/media/root/OL-7.6\ Server.x86_64/Packages [root@dns Packages]# rpm -ivh python-ply-3.4-11.el7.noarch.rpm 경고: python-ply-3.4-11.el7.noarch

코드 블럭

language	bash
title	DNS 서비스 패키지 설치
linenumbers	true

cd <리눅스 설치 디스크 마운트 경로>/Packages
rpm -ivh python-ply-3.4-11.el7.noarch.rpm
rpm -ivh bind-license-9.9.4-72.el7.noarch.rpm
rpm -Uvh bind-utils-9.9.4-72.el7.x86_64.rpm bind-libs-9.9.4-72.el7.x86_64.rpm
rpm -ivh bind-9.9.4-72.el7.x86_64.rpm
rpm -ivh bind-chroot-9.9.4-72.el7.x86_64.rpm
cd
eject

펼치기

서식 미적용

[root@dns ~]# cd /run/media/admin/OL-7.3\ Server.x86_64/Packages

[root@dns Packages]# rpm -ivh python-ply-3.4-11.el7.noarch.rpm
경고: python-ply-3.4-11.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:python-ply-3.4-11.el7            ################################# [100%]

[root@dns Packages]# rpm -ivh bind-license-9.9.4-72.el7.noarch.rpm
경고: bind-license-9.9.4-72.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-license-32:9.9.4-72.el7     ################################# [100%]

[root@dns Packages]# rpm -Uvh bind-utils-9.9.4-72.el7.x86_64.rpm bind-libs-9.9.4-72.el7.x86_64.rpm
경고: bind-utils-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-libs-32:9.9.4-72.el7        ################################# [ 25%]
   2:bind-utils-32:9.9.4-72.el7       ################################# [ 50%]
Cleaning up / removing...
   3:bind-utils-32:9.9.4-61.el7       ################################# [ 75%]
   4:bind-libs-32:9.9.4-61.el7        ################################# [100%]

[root@dns Packages]# rpm -ivh bind-9.9.4-72.el7.x86_64.rpm
경고: bind-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-32:9.9python-ply-3.4-7211.el7             ################################# [100%]

[root@dns Packages]# rpm -ivh bind-chroot-9.9.4-72.el7.x86_64.rpm
경고: bind-chroot-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-chroot-32:9.9.4-72.el7             ################################# [100%]

[root@dns Packages]# cd
[root@dns ~]# eject
rpm -ivh bind-chroot-9.9.4-72.el7.x86_64.rpm
경고: bind-chroot-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-chroot-32:9.9.4-72.el7      ################################# [100%]

[root@dns Packages]# cd
[root@dns ~]# eject

코드 블럭

language	bash
title	DNS 서비스 재설정 (named-chroot로 기동)
linenumbers	true

/usr/libexec/setup-named-chroot.sh /var/named/chroot on
systemctl stop named
systemctl disable named
systemctl start named-chroot
systemctl enable named-chroot

펼치기

서식 미적용

[root@dns ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
[root@dns ~]# systemctl stop named
[root@dns ~]# systemctl disable named
[root@dns ~]# systemctl start named-chroot
[root@dns ~]# systemctl enable named-chroot
Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.

코드 블럭

language	bash
title	vi /var/named/chroot/etc/named.conf

//        listen-on port 53 { 127.0.0.1; };
        listen-on port 53 { 127.0.0.1; 10.0.1.150; };

//        allow-query     { localhost; };
        allow-query     { localhost; 10.0.1.0/24; };

펼치기

서식 미적용

[root@dns ~]# cat /var/named/chroot/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { 127.0.0.1; 10.0.1.150; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; 10.0.1.0/24; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

코드 블럭

language	bash
title	vi /var/named/chroot/etc/named.rfc1912.zones

zone "localdomain." IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "1.0.10.in-addr.arpa." IN {
        type master;
        file "1.0.10.in-addr.arpa";
        allow-update { none; };
};

펼치기

서식 미적용

[root@dns ~]# cat /var/named/chroot/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localdomain." IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "1.0.10.in-addr.arpa." IN {
        type master;
        file "1.0.10.in-addr.arpa";
        allow-update { none; };
};

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

코드 블럭

language	bash
title	DNS 서비스 재설정 (named-chroot로 기동)
linenumbers	true

/usr/libexec/setup-named-chroot.sh /var/named/chroot on
systemctl stop named
systemctl disable named
systemctl start named-chroot
systemctl enable named-chroot

펼치기

서식 미적용

[root@dns ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
[root@dns ~]# systemctl stop named
[root@dns ~]# systemctl disable named
Removed symlink /etc/systemd/system/multi-user.target.wants/named.service.
[root@dns ~]# systemctl start named-chroot
[root@dns ~]# systemctl enable named-chroot
Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.

코드 블럭

language	bash
title	vi /var/named/chroot/var/etc/named.confnamed/localdomain.zone

$TTL    86400
@               IN SOA  localhost root.localhost (
             //        listen-on port 53 { 127.0.0.1; };
        listen-on port 53 { 127.0.0.1; 10.0.1.150; };

// 42        allow-query     { localhost; };
 serial (d. adams)
         allow-query         { 10.0.1.0/24; };

코드 블럭

language	bash
title	vi /var/named/chroot/etc/named.rfc1912.zones

zone "localdomain." IN {
        type master;
        file "localdomain.zone";
3H         allow-update { none; };
};

zone "1.0.10.in-addr.arpa." IN { ; refresh
        type master;
        file "1.0.10.in-addr.arpa";
          allow-update { none; };
};

코드 블럭

language	bash
title	vi /var/named/chroot/var/named/localdomain.zone

$TTL    86400
@      15M         IN SOA  localhost root.localhost; (
retry
                                        1W           42   ; expiry
          ; serial (d. adams)
                           1D )            3H; minimum
             ; refresh
  IN NS           localhost
localhost       IN A            127.0.0.1
rac-scan      15M  IN A    		10.0.1.191
rac-scan      ; retry
 IN A    		10.0.1.192
rac-scan        IN A                         1W   		10.0.1.193

코드 블럭

language	bash
title	vi /var/named/chroot/var/named/1.0.10.in-addr.arpa

$ORIGIN 1.0.10.in-addr.arpa.
$TTL 1H
@   IN  SOA dns.localdomain.    root.dns.localdomain. (      2
           ; expiry
        3H
                    1H
            1D )       1W
     ; minimum
                1H )
1.0.10.in-addr.arpa.	IN NS           localhost
localhost       IN A            127.0.0.1
rac-scan        IN A    		10.0.1.191
rac-scan        IN A    		10.0.1.192
rac-scan        IN A    		10.0.1.193dns.localdomain.
191 					IN PTR  rac-scan.localdomain.
192						IN PTR  rac-scan.localdomain.
193						IN PTR  rac-scan.localdomain.

코드 블럭

language	bash
title	zone 파일 권한 설정 및 서비스 재기동
linenumbers	true

chown root:named /var/named/chroot/var/named/localdomain.zone
chown root:named /var/named/chroot/var/named/1.0.10.in-addr.arpa
systemctl restart named-chroot

펼치기

서식 미적용
[root@dns ~]# chown root:named /var/named/chroot/var/named/localdomain.zone [root@dns ~]# chown root:named /var/named/chroot/var/named/1.0.10.in-addr.arpa [root@dns ~]# systemctl restart named-chroot

코드 블럭

language	bash
title	vi /var/named/chroot/var/named/1.0.10.in-addr.arpa	정상 작동 여부 확인
linenumbers	true

nslookup rac-scan.localdomain
nslookup 10.0.1.191
nslookup 10.0.1.192
nslookup 10.0.1.193

expand

펼치기

서식 미적용
[root@dns ~]# nslookup rac-scan.localdomain Server:

$ORIGIN 1.0.10.in-addr.arpa. $TTL 1H @ IN SOA dns.localdomain. root.dns.localdomain. (

127.0.0.1
Address:        127.0.0.1#53

Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.192
Name:

rac-scan.localdomain
Address: 10.0.1.193

[root@dns ~]# nslookup rac-scan.localdomain
Server:         127.0.0.1
Address:

127.0.0.1#53

Name:

rac-scan.localdomain
Address: 10.0.1.192
Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.193

[root@dns ~]# nslookup rac-scan.localdomain
Server:

127.0.0.1
Address:

1H ) 1

127.0.

10.in-addr.arpa. IN NS dns.localdomain. 191 IN PTR

0.1#53

Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain

. 192 IN PTR


Address: 10.0.1.192
Name:   rac-scan.localdomain
Address: 10.0.1.

193 IN PTR rac-scan.localdomain.

코드 블럭

language	bash
title	zone 파일 권한 설정 및 서비스 재기동
linenumbers	true

chown root:named /var/named/chroot/var/named/localdomain.zone chown root:named /var/named/chroot/var/named/

191

[root@dns ~]# nslookup 10.0.1.191
Server:         127.0.0.1
Address:        127.0.0.1#53

191.1.0.10.in-addr.arpa

systemctl

 name

restart

named-chroot

펼치기

서식 미적용

rac-scan.localdomain.

[root@dns ~]# chown root:named /var/named/chroot/var/named/localdomain.zone
[root@dns ~]# chown root:named /var/named/chroot/var/named/nslookup 10.0.1.192
Server:         127.0.0.1
Address:        127.0.0.1#53

192.1.0.10.in-addr.arpa name = rac-scan.localdomain.

[root@dns ~]# systemctl restart named-chroot

코드 블럭

language	bash
title	정상 작동 여부 확인
linenumbers	true

nslookup

rac-scan.localdomain

nslookup 10.0.1.

191 nslookup 10

193
Server:         127.0.0.1

.192 nslookup 10


Address:        127.0.0.1#53

193.1

.193

.0.10.in-addr.arpa name = rac-scan.localdomain.

서식 미적용

[root@rac1 ~]# nslookup rac-scan.localdomain
Server:         10.0.1.150
Address:        10.0.1.150#53

Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.192

[root@rac1 ~]# nslookup rac-scan.localdomain
Server:         10.0.1.150
Address:        10.0.1.150#53

Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.192

[root@rac1 ~]# nslookup rac-scan.localdomain
Server:         10.0.1.150
Address:        10.0.1.150#53

Name:   rac-scan.localdomain
Address: 10.0.1.192
Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.191

[root@rac1 ~]# nslookup 10.0.1.191
Server:         10.0.1.150
Address:        10.0.1.150#53

191.1.0.10.in-addr.arpa name = rac-scan.localdomain.

[root@rac1 ~]# nslookup 10.0.1.192
Server:         10.0.1.150
Address:        10.0.1.150#53

192.1.0.10.in-addr.arpa name = rac-scan.localdomain.

[root@rac1 ~]# nslookup 10.0.1.193
Server:         10.0.1.150
Address:        10.0.1.150#53

193.1.0.10.in-addr.arpa name = rac-scan.localdomain.

Content

공간 도구

버전 비교

이전 버전 3

새 버전 4

키