[Ubuntu] 10. DNS - 권한 위임 구성
카테고리: UBUNTU
🔔 DNS 권한 위임
상위 도메인에 소속된 하위 도메인에게 해당 도메인의 관리, 서비스 권한을 위임 함(상위 도메인 → 하위 도메인의 NS 레코드 추가, 하위 도메인 → 위임 받은 도메인의 레코드 생성)
-
예시로 www.b2.a2.com. 도메인의 권한 위임
-
.(root) 도메인 : com. 도메인의 NS 레코드 추가
-
com. 도메인 : a2.com. 도메인의 NS 레코드 추가
-
a2.com. 도메인 : b2.a2.com. 도메인의 NS 레코드 추가
-
b2.a2.com. 도메인 : www , host의 A 레코드 추가
-
■ .(root) 네임 서버 구성
■ com. 네임 서버 구성
■ a2.com. 네임 서버 구성
■ b2.a2.com. 네임 서버 구성
🔔 테스트 구성
■ naver.com. DNS 서버 설정
$ cat /etc/bind/named.conf.options
...
...
listen-on-v6 { any; };
allow-query { any; };
dnssec-validation no;
...
...
$ cat /etc/bind/named.conf.default-zones
...
...
# 추가
zone "naver.com" IN {
type master;
file "naver.com.zone";
};
$ mkdir /etc/bind/db
$ cat /etc/bind/db/naver.com.zone
$TTL 86400
@ IN SOA ns.naver.com. root.naver.com. (
2022081001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns.naver.com.
ns IN A 192.168.219.10
www IN A 192.168.219.13
ftp IN A 192.168.219.18
$ head /etc/bind/named.conf.default-zones
zone "." {
type hint;
file "/etc/bind/db.root";
};
$ cat /etc/bind/db.root
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 192.168.219.20
$ systemctl restart named
■ .(root) DNS 서버 설정
$ cat /etc/bind/named.conf.options
...
...
allow-query { any; };
recursion yes;
dnssec-validation no;
...
...
$ cat /etc/bind/named.conf.default-zones
...
...
# 추가
zone "." IN {
type master;
file "root.zone";
};
$ mkdir /etc/bind/db
$ cat /etc/bind/db/root.zone
$TTL 86400
@ IN SOA ns. root. (
2022081001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns.
com IN NS ns.com.
ns IN A 192.168.219.20
ns.com IN A 192.168.219.30
$ systemctl restart named
■ com. DNS 서버 설정
$ cat /etc/bind/named.conf.options
...
...
allow-query { any; };
recursion yes;
dnssec-validation no;
...
...
$ cat /etc/bind/named.conf.default-zones
...
...
# 추가
zone "com" IN {
type master;
file "com.zone";
};
$ mkdir /etc/bind/db
$ cat /etc/bind/db/com.zone
$TTL 86400
@ IN SOA ns.com. root.com. (
2022081001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns.com.
google IN NS ns.google.com.
ns IN A 192.168.219.30
ns.google IN A 192.168.219.40
$ systemctl restart named
■ google.com. DNS 서버 설정
$ cat /etc/bind/named.conf.options
...
...
allow-query { any; };
recursion yes;
dnssec-validation no;
...
...
$ cat /etc/bind/named.conf.default-zones
...
...
# 추가
zone "google.com" IN {
type master;
file "/etc/bind/db/google.com.zone";
};
$ mkdir /etc/bind/db
$ cat /etc/bind/db/google.com.zone
$TTL 86400
@ IN SOA ns.google.com. root.google.com. (
2022081001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns.google.com.
ns IN A 192.168.219.40
www IN A 192.168.219.45
ftp IN A 192.168.219.48
$ systemctl restart named
■ 결과 확인
$ dig www.google.com @192.168.219.10
; <<>> DiG 9.16.23-RH <<>> www.google.com @192.168.219.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50930
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: cc03dfbbc137323a0100000064919b633fe11833acbab245 (good)
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 86034 IN A 192.168.219.45
;; Query time: 0 msec
;; SERVER: 192.168.219.10#53(192.168.219.10)
;; WHEN: Tue Jun 20 21:28:19 KST 2023
;; MSG SIZE rcvd: 87
$ dig www.naver.com @192.168.219.10
; <<>> DiG 9.16.23-RH <<>> www.naver.com @192.168.219.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16660
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f4b7a2172775d75e0100000064919b69e414bdc917159f57 (good)
;; QUESTION SECTION:
;www.naver.com. IN A
;; ANSWER SECTION:
www.naver.com. 86400 IN A 192.168.219.13
;; Query time: 0 msec
;; SERVER: 192.168.219.10#53(192.168.219.10)
;; WHEN: Tue Jun 20 21:28:26 KST 2023
;; MSG SIZE rcvd: 86
댓글 남기기