버전 비교

이전 버전 2

changes.mady.by.user 윤병훈

에 저장

비교대상

새 버전 현재

changes.mady.by.user 윤병훈

에 저장

  • 이 줄이 추가되었습니다.
  • 이 줄이 삭제되었습니다.
  • 서식이 변경되었습니다.

Image Added


Image AddedImage RemovedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage AddedImage Removed


Image Added


Image RemovedImage Added



코드 블럭
languagebash
title호스트네임 변경
linenumberstrue
hostnamectl status
hostnamectl set-hostname dns
hostnamectl status


펼치기
코드 블럭
systemctl stop firewalld
systemctl disable firewalld
systemctl stop avahi-daemon.socket
systemctl disable avahi-daemon.socket
systemctl stop avahi-daemon
systemctl disable avahi-daemon
systemctl stop libvirtd
systemctl disable libvirtd
펼치기
서식 미적용
[root@dns ~]# systemctl stop firewalld
[root@dns ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@dns ~]# systemctl stop avahi-daemon.socket
Job for avahi-daemon.socket canceled.
[root@dns ~]# systemctl disable avahi-daemon.socket
Removed symlink /etc/systemd/system/sockets.target.wants/avahi-daemon.socket.
[root@dns ~]# systemctl stop avahi-daemon
Warning: Stopping avahi-daemon.service, but it can still be activated by:
  avahi-daemon.socket
[root@dns ~]# systemctl disable avahi-daemon
Removed symlink /etc/systemd/system/multi-user.target.wants/avahi-daemon.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.Avahi.service.
[root@dns ~]# systemctl stop libvirtd
[root@dns ~]# systemctl disable libvirtd
Removed symlink /etc/systemd/system/multi-user.target.wants/libvirtd.service.
Removed symlink /etc/systemd/system/sockets.target.wants/virtlogd.socket.
Removed symlink /etc/systemd/system/sockets.target.wants/virtlockd.socket.
코드 블럭
rpm -ivh python-ply-3.4-11.el7.noarch.rpm
rpm -ivh bind-license-9.9.4-72.el7.noarch.rpm
rpm -Uvh bind-utils-9.9.4-72.el7.x86_64.rpm bind-libs-9.9.4-72.el7.x86_64.rpm
rpm -ivh bind-9.9.4-72.el7.x86_64.rpm
rpm -ivh bind-chroot-9.9.4-72.el7.x86_64.rpm
펼치기
서식 미적용
[root@dns Packages]# rpm -ivh python-ply-3.4-11.el7.noarch.rpm
경고: python-ply-3.4-11.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:python-ply-3.4-11.el7            ################################# [100%]

[root@dns Packages]# rpm -ivh bind-license-9.9.4-72.el7.noarch.rpm
경고: bind-license-9.9.4-72.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-license-32:9.9.4-72.el7     ################################# [100%]

[root@dns Packages]# rpm -Uvh bind-utils-9.9.4-72.el7.x86_64.rpm bind-libs-9.9.4-72.el7.x86_64.rpm
경고: bind-utils-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-libs-32:9.9.4-72.el7        ################################# [ 25%]
   2:bind-utils-32:9.9.4-72.el7       ################################# [ 50%]
Cleaning up / removing...
   3:bind-utils-32:9.9.4-61.el7       ################################# [ 75%]
   4:bind-libs-32:9.9.4-61.el7        ################################# [100%]

[root@dns Packages]# rpm -ivh bind-9.9.4-72.el7.x86_64.rpm
경고: bind-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-32:9.9.4-72.el7             ################################# [100%]

[root@dns Packages]# rpm -ivh bind-chroot-9.9.4-72.el7.x86_64.rpm
경고: bind-chroot-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-chroot-32:9.9.4-72.el7      ################################# [100%]


서식 미적용
[root@rac1 ~]# hostnamectl status
   Static hostname: rac1
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 5554cd8ab5124283be4afd144783a884
           Boot ID: 8075d1f529eb46f88fe2fc7927b8cdb9
    Virtualization: kvm
  Operating System: Oracle Linux Server 7.6
       CPE OS Name: cpe:/o:oracle:linux:7:6:server
            Kernel: Linux 4.14.35-1818.3.3.el7uek.x86_64
      Architecture: x86-64

[root@rac1 ~]# hostnamectl set-hostname dns

[root@rac1 ~]# hostnamectl status
   Static hostname: dns
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 5554cd8ab5124283be4afd144783a884
           Boot ID: 8075d1f529eb46f88fe2fc7927b8cdb9
    Virtualization: kvm
  Operating System: Oracle Linux Server 7.6
       CPE OS Name: cpe:/o:oracle:linux:7:6:server
            Kernel: Linux 4.14.35-1818.3.3.el7uek.x86_64
      Architecture: x86-64





코드 블럭
languagebash
title방화벽 중지
collapsetrue
systemctl stop firewalld
systemctl disable firewalld


펼치기


서식 미적용
[root@dns ~]# systemctl stop firewalld
[root@dns ~]# systemctl disable firewalld





코드 블럭
languagebash
titleDNS 서비스 패키지 설치
linenumberstrue
cd <리눅스 설치 디스크 마운트 경로>/Packages
rpm -ivh python-ply-*.noarch.rpm
# rpm -ivh bind-license-*.el7.noarch.rpm
# rpm -Uvh bind-utils-*.x86_64.rpm bind-libs-*.x86_64.rpm
rpm -ivh bind-*.el7.x86_64.rpm
rpm -ivh bind-chroot-*.x86_64.rpm
cd
eject


펼치기


서식 미적용
[root@dns ~]# cd /run/media/root/OL-7.6\ Server.x86_64/Packages

[root@dns Packages]# rpm -ivh python-ply-3.4-11.el7.noarch.rpm
경고: python-ply-3.4-11.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:python-ply-3.4-11.el7            ################################# [100%]

[root@dns Packages]# rpm -ivh bind-9.9.4-72.el7.x86_64.rpm
경고: bind-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-32:9.9.4-72.el7             ################################# [100%]

[root@dns Packages]# rpm -ivh bind-chroot-9.9.4-72.el7.x86_64.rpm
경고: bind-chroot-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-chroot-32:9.9.4-72.el7      ################################# [100%]

[root@dns Packages]# cd
[root@dns ~]# eject





코드 블럭
languagebash
titleDNS 서비스 재설정 (named-chroot로 기동)
linenumberstrue
/usr/libexec/setup-named-chroot.sh /var/named/chroot on
systemctl stop named
systemctl disable named
systemctl start named-chroot
systemctl enable named-chroot


펼치기


서식 미적용
[root@dns ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
[root@dns ~]# systemctl stop named
[root@dns ~]# systemctl disable named
[root@dns ~]# systemctl start named-chroot
[root@dns ~]# systemctl enable named-chroot
Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.





코드 블럭
languagebash
titlevi /var/named/chroot/etc/named.conf
//        listen-on port 53 { 127.0.0.1; };
        listen-on port 53 { 127.0.0.1; 10.0.1.150; };

//        allow-query     { localhost; };
        allow-query     { localhost; 10.0.1.0/24; };


펼치기


서식 미적용
[root@dns ~]# cat /var/named/chroot/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { 127.0.0.1; 10.0.1.150; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; 10.0.1.0/24; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";





코드 블럭
languagebash
titlevi /var/named/chroot/etc/named.rfc1912.zones
zone "localdomain." IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "1.0.10.in-addr.arpa." IN {
        type master;
        file "1.0.10.in-addr.arpa";
        allow-update { none; };
};


펼치기


서식 미적용
[root@dns ~]# cat /var/named/chroot/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localdomain." IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "1.0.10.in-addr.arpa." IN {
        type master;
        file "1.0.10.in-addr.arpa";
        allow-update { none; };
};

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};





코드 블럭
languagebash
titlevi /var/named/chroot/var/named/localdomain.zone
$TTL    86400
@               IN SOA  localhost root.localhost (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
코드 블럭
/usr/libexec/setup-named-chroot.sh /var/named/chroot on
systemctl stop named
systemctl disable named
systemctl start named-chroot
systemctl enable named-chroot
펼치기
서식 미적용
[root@dns ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
[root@dns ~]# systemctl stop named
[root@dns ~]# systemctl disable named
Removed symlink /etc/systemd/system/multi-user.target.wants/named.service.
[root@dns ~]# systemctl start named-chroot
[root@dns ~]# systemctl enable named-chroot
Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.
코드 블럭
languagebash
titlevi /var/named/chroot/etc/named.conf
//        listen-on port 53 { 127.0.0.1; };
        listen-on port 53 { 127.0.0.1; 10.0.1.150; };

//        allow-query     { localhost; };
        allow-query     { 10.0.1.0/24; };
코드 블럭
languagebash
titlevi /var/named/chroot/etc/named.rfc1912.zones
zone "localdomain." IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "1.0.10.in-addr.arpa." IN {
        type master;
        file "1.0.10.in-addr.arpa";
        allow-update { none; };
};
코드 블럭
languagebash
titlevi /var/named/chroot/var/named/localdomain.zone
$TTL    86400
@               IN SOA  localhost root.localhost (
 1W              ; expiry
                        42              ; serial (d.1D adams)
            ; minimum
                IN NS           localhost
localhost 3H      IN A       ; refresh
    127.0.0.1
rac-scan        IN A    		10.0.1.191
rac-scan        IN A    		10.0.1.192
rac-scan        IN A 15M             ; retry
       		10.0.1.193




코드 블럭
languagebash
titlevi /var/named/chroot/var/named/1.0.10.in-addr.arpa
$ORIGIN 1.0.10.in-addr.arpa.
$TTL 1H
@   IN  SOA dns.localdomain.    root.dns.localdomain. (      2
                    3H
       1W              ; expiry1H
                    1W
                    1D1H )            ; minimum
                IN NS           localhost
localhost       IN A            127.0.0.1
rac-scan        IN A    		10.0.1.191
rac-scan        
1.0.10.in-addr.arpa.	IN NS   dns.localdomain.
191 					IN PTR  rac-scan.localdomain.
192						IN PTR  rac-scan.localdomain.
193						IN PTR  rac-scan.localdomain.




코드 블럭
languagebash
titlezone 파일 권한 설정 및 서비스 재기동
linenumberstrue
chown root:named /var/named/chroot/var/named/localdomain.zone
chown root:named /var/named/chroot/var/named/1.0.10.in-addr.arpa
systemctl restart named-chroot


펼치기


서식 미적용
[root@dns ~]# chown root:named /var/named/chroot/var/named/localdomain.zone
[root@dns ~]# chown root:named /var/named/chroot/var/named/1.0.10.in-addr.arpa
[root@dns ~]# systemctl restart named-chroot





코드 블럭
languagebash
title정상 작동 여부 확인
linenumberstrue
nslookup rac-scan.localdomain
nslookup 10.0.1.191
nslookup IN A    		10.0.1.192
rac-scan    nslookup 10.0.1.193


expand
펼치기


서식 미적용
[root@dns ~]# nslookup rac-scan.localdomain
Server:
IN
A
10
127.0.
1.193
코드 블럭
languagebash
titlevi /var/named/chroot/var/named/1.0.10.in-addr.arpa
$ORIGIN 1.0.10.in-addr.arpa. $TTL 1H @ IN SOA dns.localdomain. root.dns.localdomain. ( 2 
0.1
Address:        127.0.0.1#53

Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.192
Name:   rac-scan.localdomain
Address: 10.0.1.193

[root@dns ~]# nslookup rac-scan.localdomain
Server:
3H 
127.0.0.1
Address:        127.0.0.1#53

Name:   rac-scan.localdomain
Address: 10.0.1.192
Name:
1H 
rac-scan.localdomain
Address: 10.0.1.191
Name:   
rac-scan.localdomain
Address: 10.0.1.193

[root@dns ~]# nslookup rac-scan.localdomain
Server:
1W 
127.0.0.1
Address:        127.0.0.1#53

Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.192
Name:
1H ) 1
rac-scan.localdomain
Address: 10.0.
10.in-addr.arpa. IN NS dns.localdomain. 191 IN PTR rac-scan.localdomain. 192 IN PTR rac-scan.localdomain. 193 IN PTR rac-scan.localdomain.
코드 블럭
chown root:named /var/named/chroot/var/named/localdomain.zone chown root:named /var/named/chroot/var/named/
1.191

[root@dns ~]# nslookup 10.0.1.191
Server:         127.0.0.1
Address:        127.0.0.1#53

191.1.0.10.in-addr.arpa
systemctl
 name
restart
=
named-chroot
펼치기
서식 미적용
rac-scan.localdomain.

[root@dns ~]# chown root:named /var/named/chroot/var/named/localdomain.zone
[root@dns ~]# chown root:named /var/named/chroot/var/named/nslookup 10.0.1.192
Server:         127.0.0.1
Address:        127.0.0.1#53

192.1.0.10.in-addr.arpa
[root@dns ~]# systemctl restart named-chroot
코드 블럭
nslookup 
 name = rac-scan.
localdomain 
localdomain.

[root@dns ~]# nslookup 10.0.1.
191 nslookup 10
193
Server:         127.0.0.1
.192 nslookup 10

Address:        127.0.0.1#53

193.1
.193
.0.10.in-addr.arpa name = rac-scan.localdomain.


서식 미적용
[root@rac1 ~]# nslookup rac-scan.localdomain
Server:         10.0.1.150
Address:        10.0.1.150#53

Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.192

[root@rac1 ~]# nslookup rac-scan.localdomain
Server:         10.0.1.150
Address:        10.0.1.150#53

Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.192

[root@rac1 ~]# nslookup rac-scan.localdomain
Server:         10.0.1.150
Address:        10.0.1.150#53

Name:   rac-scan.localdomain
Address: 10.0.1.192
Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.191

[root@rac1 ~]# nslookup 10.0.1.191
Server:         10.0.1.150
Address:        10.0.1.150#53

191.1.0.10.in-addr.arpa name = rac-scan.localdomain.

[root@rac1 ~]# nslookup 10.0.1.192
Server:         10.0.1.150
Address:        10.0.1.150#53

192.1.0.10.in-addr.arpa name = rac-scan.localdomain.

[root@rac1 ~]# nslookup 10.0.1.193
Server:         10.0.1.150
Address:        10.0.1.150#53

193.1.0.10.in-addr.arpa name = rac-scan.localdomain.