[Rocky] 09. DNS - DNS 보조 서버(Slave Server) 및 전달자(Forward)를 구성
카테고리: ROCKY
🔔 DNS 보조 서버(Slave Server) 및 전달자(Forward)를 구성
■ DNS 마스터 서버 호스트에서 구성
$ vi /etc/named.conf
....
....
options {
listen-on port 53 { any; };
listen-on-v6 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; internal-network; };
# 영역 파일을 전송할 수 있도록 보조 서버 추가
allow-transfer { localhost; 192.168.100.85; };
....
....
$ vi /var/named/test.srv.wan
$TTL 86400
@ IN SOA ns1.test.srv. root.test.srv. (
# update serial if update zone file
2021072303 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns1.test.srv.
# 보조 서버 추가
IN NS ns2.test.srv.
IN MX 10 dlp.test.srv.
ns1 IN A 192.168.219.101
ns2 IN A 192.168.219.101
www IN A 192.168.219.102
$ systemctl restart named
■ DNS 보조 서버 호스트에서 구성
$ vi /etc/named.conf
zone "srv.world" IN {
type slave;
masters { 192.168.219.101; };
file "slaves/test.srv.wan";
notify no;
};
$ systemctl restart named
$ ls /var/named/slaves
srv.world.wan # zone file transfered
🔔 전달자 DNS Server 구성
전달자는 네임 서버가 직접 해석을 수행 하지 않고 지정된 다른 네임서버의 응답을 받아 클라이언트의 질의를 처리하는 방식
-
cache name server 역할을 수행 함
-
/etc/named.conf에서 환경 설정
-
forward only/first ;
-
forwarders { 전달할 대상 서버; };
-
조건부 전달자 - 특정 도메인에 대해서만 전달자 역할을 수행함
-
/etc/named.rfc1912.zones 파일에서 설정
zone "test.com" IN { type forward; forward only forwarders { 168.126.63.1; }; } -
forward
-
only : 전달자에게만 질의
-
first : 전달자를 우선으로 질의
-
전달자에 쿼리 실패 시 root hint 질의
-
🔔 테스트 구성
■ forward 서버
$ vim /etc/named.conf
...
...
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
...
...
allow-query { any; };
allow-transfer { localhost; };
...
...
};
zone "naver.com" IN {
type forward;
forward only;
forwarders { 192.168.219.102; };
};
zone "219.168.192.in-addr.arpa" IN {
type forward;
forward only;
forwarders { 192.168.219.102; };
};
$ systemctl restart named
■ 마스터 네임 서버
$ vim /etc/named.conf
...
...
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
...
...
allow-query { any; };
allow-transfer { localhost; 192.168.219.103; };
};
$ vim /etc/named.rfc1912.zones
zone "naver.com" IN {
type master;
file "naver.com.lan";
allow-update { none; };
};
zone "219.168.192.in-addr.arpa" IN {
type master;
file "219.168.192.db";
allow-update { none; };
};
$ cat /var/named/naver.com.lan
$TTL 86400
@ IN SOA ns1.naver.com. root.naver.com. (
2022081001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns1.naver.com.
IN NS ns2.naver.com.
IN MX 10 mail
ns1 IN A 192.168.219.102
ns2 IN A 192.168.219.103
www IN A 192.168.219.57
ftp IN A 192.168.219.42
mail IN A 192.168.219.26
drive IN A 192.168.219.45
$ cat /var/named/219.168.192.db
$TTL 86400
@ IN SOA ns1.naevr.com. root.naver.com. (
2022081001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns1.naver.com.
IN NS ns2.naver.com.
103 IN PTR ns1.naver.com.
103 IN PTR ns2.naver.com.
57 IN PTR www.naver.com.
42 IN PTR ftp.naver.com.
26 IN PTR mail.naver.com.
45 IN PTR drive.naver.com.
■ 보조 네임 서버
$ vim /etc/named.rfc1912.zones
zone "naver.com" IN {
type slave;
masters { 192.168.219.102; };
file "slaves/naver.com.lan";
notify no;
};
zone "219.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.219.102; };
file "slaves/219.168.192.db";
notify no;
};
$ systemctl restart named
$ ls /var/named/slaves/
219.168.192.db naver.com.lan
■ 확인
$ nmcli connection modify ens160 ipv4.dns 192.168.219.101
$ nmcli connection down ens160; nmcli connection up ens160
$ dig www.naver.com
; <<>> DiG 9.16.23-RH <<>> www.naver.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1174
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d1fb827e3018ad3501000000643ea9a33104490cbeb3c0dd (good)
;; QUESTION SECTION:
;www.naver.com. IN A
;; ANSWER SECTION:
www.naver.com. 86400 IN A 192.168.219.57
;; Query time: 1328 msec
;; SERVER: 192.168.219.101#53(192.168.219.101)
;; WHEN: Tue Apr 18 23:30:59 KST 2023
;; MSG SIZE rcvd: 86
$ dig -x 192.168.219.45
; <<>> DiG 9.16.23-RH <<>> -x 192.168.219.45
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25596
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e072fd95218553a001000000643ea9b91b06f5286295830e (good)
;; QUESTION SECTION:
;45.219.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
45.219.168.192.in-addr.arpa. 86400 IN PTR drive.naver.com.
;; Query time: 0 msec
;; SERVER: 192.168.219.101#53(192.168.219.101)
;; WHEN: Tue Apr 18 23:31:21 KST 2023
;; MSG SIZE rcvd: 113
댓글 남기기