호스트네임 변경
hostnamectl status
hostnamectl set-hostname dns
hostnamectl status
[root@rac1 ~]# hostnamectl status
   Static hostname: rac1
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 5554cd8ab5124283be4afd144783a884
           Boot ID: 8075d1f529eb46f88fe2fc7927b8cdb9
    Virtualization: kvm
  Operating System: Oracle Linux Server 7.6
       CPE OS Name: cpe:/o:oracle:linux:7:6:server
            Kernel: Linux 4.14.35-1818.3.3.el7uek.x86_64
      Architecture: x86-64

[root@rac1 ~]# hostnamectl set-hostname dns

[root@rac1 ~]# hostnamectl status
   Static hostname: dns
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 5554cd8ab5124283be4afd144783a884
           Boot ID: 8075d1f529eb46f88fe2fc7927b8cdb9
    Virtualization: kvm
  Operating System: Oracle Linux Server 7.6
       CPE OS Name: cpe:/o:oracle:linux:7:6:server
            Kernel: Linux 4.14.35-1818.3.3.el7uek.x86_64
      Architecture: x86-64


방화벽 중지
systemctl stop firewalld
systemctl disable firewalld
[root@dns ~]# systemctl stop firewalld
[root@dns ~]# systemctl disable firewalld


DNS 서비스 패키지 설치
cd <리눅스 설치 디스크 마운트 경로>/Packages
rpm -ivh python-ply-*.noarch.rpm
# rpm -ivh bind-license-*.el7.noarch.rpm
# rpm -Uvh bind-utils-*.x86_64.rpm bind-libs-*.x86_64.rpm
rpm -ivh bind-*.el7.x86_64.rpm
rpm -ivh bind-chroot-*.x86_64.rpm
cd
eject
[root@dns ~]# cd /run/media/root/OL-7.6\ Server.x86_64/Packages

[root@dns Packages]# rpm -ivh python-ply-3.4-11.el7.noarch.rpm
경고: python-ply-3.4-11.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:python-ply-3.4-11.el7            ################################# [100%]

[root@dns Packages]# rpm -ivh bind-9.9.4-72.el7.x86_64.rpm
경고: bind-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-32:9.9.4-72.el7             ################################# [100%]

[root@dns Packages]# rpm -ivh bind-chroot-9.9.4-72.el7.x86_64.rpm
경고: bind-chroot-9.9.4-72.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
준비 중...                         ################################# [100%]
Updating / installing...
   1:bind-chroot-32:9.9.4-72.el7      ################################# [100%]

[root@dns Packages]# cd
[root@dns ~]# eject


DNS 서비스 재설정 (named-chroot로 기동)
/usr/libexec/setup-named-chroot.sh /var/named/chroot on
systemctl stop named
systemctl disable named
systemctl start named-chroot
systemctl enable named-chroot
[root@dns ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
[root@dns ~]# systemctl stop named
[root@dns ~]# systemctl disable named
[root@dns ~]# systemctl start named-chroot
[root@dns ~]# systemctl enable named-chroot
Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.


vi /var/named/chroot/etc/named.conf
//        listen-on port 53 { 127.0.0.1; };
        listen-on port 53 { 127.0.0.1; 10.0.1.150; };

//        allow-query     { localhost; };
        allow-query     { localhost; 10.0.1.0/24; };
[root@dns ~]# cat /var/named/chroot/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { 127.0.0.1; 10.0.1.150; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; 10.0.1.0/24; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


vi /var/named/chroot/etc/named.rfc1912.zones
zone "localdomain." IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "1.0.10.in-addr.arpa." IN {
        type master;
        file "1.0.10.in-addr.arpa";
        allow-update { none; };
};
[root@dns ~]# cat /var/named/chroot/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localdomain." IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "1.0.10.in-addr.arpa." IN {
        type master;
        file "1.0.10.in-addr.arpa";
        allow-update { none; };
};

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};


vi /var/named/chroot/var/named/localdomain.zone
$TTL    86400
@               IN SOA  localhost root.localhost (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           localhost
localhost       IN A            127.0.0.1
rac-scan        IN A    		10.0.1.191
rac-scan        IN A    		10.0.1.192
rac-scan        IN A    		10.0.1.193


vi /var/named/chroot/var/named/1.0.10.in-addr.arpa
$ORIGIN 1.0.10.in-addr.arpa.
$TTL 1H
@   IN  SOA dns.localdomain.    root.dns.localdomain. (      2
                    3H
                    1H
                    1W
                    1H )
1.0.10.in-addr.arpa.	IN NS   dns.localdomain.
191 					IN PTR  rac-scan.localdomain.
192						IN PTR  rac-scan.localdomain.
193						IN PTR  rac-scan.localdomain.


zone 파일 권한 설정 및 서비스 재기동
chown root:named /var/named/chroot/var/named/localdomain.zone
chown root:named /var/named/chroot/var/named/1.0.10.in-addr.arpa
systemctl restart named-chroot


[root@dns ~]# chown root:named /var/named/chroot/var/named/localdomain.zone
[root@dns ~]# chown root:named /var/named/chroot/var/named/1.0.10.in-addr.arpa
[root@dns ~]# systemctl restart named-chroot


정상 작동 여부 확인
nslookup rac-scan.localdomain
nslookup 10.0.1.191
nslookup 10.0.1.192
nslookup 10.0.1.193
[root@dns ~]# nslookup rac-scan.localdomain
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.192
Name:   rac-scan.localdomain
Address: 10.0.1.193

[root@dns ~]# nslookup rac-scan.localdomain
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   rac-scan.localdomain
Address: 10.0.1.192
Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.193

[root@dns ~]# nslookup rac-scan.localdomain
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.192
Name:   rac-scan.localdomain
Address: 10.0.1.191

[root@dns ~]# nslookup 10.0.1.191
Server:         127.0.0.1
Address:        127.0.0.1#53

191.1.0.10.in-addr.arpa name = rac-scan.localdomain.

[root@dns ~]# nslookup 10.0.1.192
Server:         127.0.0.1
Address:        127.0.0.1#53

192.1.0.10.in-addr.arpa name = rac-scan.localdomain.

[root@dns ~]# nslookup 10.0.1.193
Server:         127.0.0.1
Address:        127.0.0.1#53

193.1.0.10.in-addr.arpa name = rac-scan.localdomain.
[root@rac1 ~]# nslookup rac-scan.localdomain
Server:         10.0.1.150
Address:        10.0.1.150#53

Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.192

[root@rac1 ~]# nslookup rac-scan.localdomain
Server:         10.0.1.150
Address:        10.0.1.150#53

Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.191
Name:   rac-scan.localdomain
Address: 10.0.1.192

[root@rac1 ~]# nslookup rac-scan.localdomain
Server:         10.0.1.150
Address:        10.0.1.150#53

Name:   rac-scan.localdomain
Address: 10.0.1.192
Name:   rac-scan.localdomain
Address: 10.0.1.193
Name:   rac-scan.localdomain
Address: 10.0.1.191

[root@rac1 ~]# nslookup 10.0.1.191
Server:         10.0.1.150
Address:        10.0.1.150#53

191.1.0.10.in-addr.arpa name = rac-scan.localdomain.

[root@rac1 ~]# nslookup 10.0.1.192
Server:         10.0.1.150
Address:        10.0.1.150#53

192.1.0.10.in-addr.arpa name = rac-scan.localdomain.

[root@rac1 ~]# nslookup 10.0.1.193
Server:         10.0.1.150
Address:        10.0.1.150#53

193.1.0.10.in-addr.arpa name = rac-scan.localdomain.


  • 레이블 없음