서버별로 모든 서버에 대해서 /etc/host설정을 해야 한다...
그래서 dns서버를 구축하고 각 노드들은 nscd를 설치해서 dns호출을 cache하도록 한다.
안그러면 dns서버에 과부하가 갈 수 있다고 한다.
참조: http://egloos.zum.com/dukuduku/v/7085276
. 서비스 설치
|
# yum -y install bind bind-libs
bind-utils bind-chroot --disablerepo=* --enablerepo=local-repo
|
. named.conf 설정
|
# vi /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable
recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to
enable
recursion.
- If your recursive DNS server has a public IP address, you MUST
enable access
control to limit queries to your legitimate users. Failing to do so
will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38
within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
# systemctl
start named
# systemctl
enable named
Created symlink from
/etc/systemd/system/multi-user.target.wants/named.service to
/usr/lib/systemd/system/named.service.
|
. dns 도메인 zone 등록
|
# vi /etc/named.rfc1912.zone
아래 내용 추가
# 정방향
zone "bikylinclust" IN {
type master;
file "bikylinclust.zone";
allow-update { none; };
};
# 역방향
zone "9.203.10.in-addr.arpa" IN {
type master;
file "bikylinclust.rev";
allow-update { none; };
};
|
. 정방향 zone파일 생성
# vi /var/named/bikylinclust.zone
$TTL 3H
@ IN SOA ns.bikylinclust. root (
160509 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.bikylinclust.
IN A 10.203.9.208
ns IN A 10.203.9.208
www IN A 10.203.9.208
bidevkylinm1 IN A 10.203.9.209
bidevkylinm2 IN A 10.203.9.210
bidevkylinm3 IN A 10.203.9.211
bidevkylind1 IN A 10.203.9.216
bidevkylind2 IN A 10.203.9.217
bidevkylind3 IN A 10.203.9.218
# chown root.named /var/named/bikylinclust.zone
|
# vi /var/named/bikylinclust.rev
$TTL 3H
@ IN SOA ns.bikylinclust. root.bikylinclust. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.bikylinclust.
208 IN PTR ns.bikylinclust.
208 IN PTR www.bikylinclust.
209 IN PTR bidevkylinm1.bikylinclust.
210 IN PTR bidevkylinm2.bikylinclust.
211 IN PTR bidevkylinm3.bikylinclust.
216 IN PTR bidevkylind1.bikylinclust.
217 IN PTR bidevkylind2.bikylinclust.
218 IN PTR bidevkylind3.bikylinclust.
# chown root.named /var/named/bikylinclust.rev
|
. 설정 정합성 체크 및 서비스 재시작
|
# named-checkconf -z /etc/named.conf
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
zone bikylinclust/IN: loaded serial 160509
zone 10.203.9.in-addr.arpa/IN: loaded serial 0
# named-checkzone ns.bikylinclust /var/named/bikylinclust.zone
zone ns.bikylinclust/IN: loaded serial 160509
OK
# named-checkzone www.bikylinclust /var/named/bikylinclust.zone
zone www.bikylinclust/IN: loaded serial 160509
OK
# named-checkzone bidevkylind1.bikylinclust /var/named/bikylinclust.zone
zone bidevkylind1.bikylinclust/IN: loaded serial 160509
OK
# systemctl restart named
|
. nslookup 정방향 역방향 조회
# nslookup bidevkylinm1
Server: 10.203.9.208
Address: 10.203.9.208#53
Name: bidevkylinm1.bikylinclust
Address: 10.203.9.209
# nslookup 10.203.9.209
Server: 10.203.9.208
Address: 10.203.9.208#53
209.9.203.10.in-addr.arpa name = bidevkylinm1.bikylinclust.
|
댓글 없음:
댓글 쓰기