DNS 서버(BIND) 구축 방법
1. BIND 설치
- BIND (Berkeley Internet Name Domain)
# 설치
yum -y install bind bind-chroot bind-utils
2. 기본 설정 파일 수정 (/etc/named.conf)
# named.conf 수정
sudo vi /etc/named.conf
options {
listen-on port 53 { any; }; # fixed
listen-on-v6 port 53 { none; }; # or default (::1;)
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; # fixed
recursion yes;
dnssec-validation auto;
auth-nxdomain no; # fixed
};
요청한 도메인이 존재하지 않을 때 반환하는 DNS 코드 - no: RFC 표준 준수 (권장)
3. zone 파일 생성
# /var/named/example.com.zone 생성
sudo vi /var/named/example.com.zone
$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
2023011001 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
@ IN NS ns1.example.com.
@ IN A 192.168.1.10
ns1 IN A 192.168.1.10
www IN A 192.168.1.20
4. zone 설정을 named.conf에 추가
# /etc/named.conf에 추가
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};
5. 권한 및 소유권 설정
sudo chown root:named /var/named/example.com.zone
sudo chmod 640 /var/named/example.com.zone
6. 서비스 시작 및 자동 시작 설정
# 문법 체크
sudo named-checkconf
sudo named-checkzone example.com /var/named/example.com.zone
# - zone example.com/IN: loaded serial 2023011001
# - OK
# 서비스 시작
sudo systemctl start named
sudo systemctl enable named
# - reated symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
sudo systemctl status named
7. 방화벽 설정
# firewalld 사용시
sudo firewall-cmd --permanent --add-port=53/tcp
sudo firewall-cmd --permanent --add-port=53/udp
sudo firewall-cmd --reload
# iptables 사용시
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
8. 테스트
# 로컬 테스트
dig @localhost example.com
# 특정 레코드 조회
dig www.example.com @localhost
# 결과
$ dig @localhost example.com
; <<>> DiG 9.18.33 <<>> @localhost example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45673
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a2fd5717dacbb8b201000000680b4c743807764a3f2cf3a6 (good)
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 86400 IN A 192.168.1.10
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(localhost) (UDP)
;; WHEN: Fri Apr 25 08:48:52 UTC 2025
;; MSG SIZE rcvd: 84
$ dig @localhost www.example.com
; <<>> DiG 9.18.33 <<>>
http://www.example.com
@localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38254
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e731811333abbe1101000000680b4ca5b60e5eccc01d1049 (good)
;; QUESTION SECTION:
;
http://www.example.com.
IN A
;; ANSWER SECTION:
http://www.example.com.
86400 IN A 192.168.1.20
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(localhost) (UDP)
;; WHEN: Fri Apr 25 08:49:41 UTC 2025
;; MSG SIZE rcvd: 88
'Networking > AWS' 카테고리의 다른 글
[AWS] 사설 인증서 생성 및 등록 (0) | 2025.04.16 |
---|---|
[AWS] Create an IPAM pool with accounts in an organization (0) | 2025.04.10 |
[AWS] VPC - IP Address Manager (0) | 2025.03.11 |
[AWS] ANS-C01#01. Route 53 Resolvers - Setting up VPN (1/3) (0) | 2025.02.21 |
[AWS] Route53 Domain hosted zones name server updates (0) | 2025.02.19 |