°Ô½Ã¹° 260°Ç
   
[Redhat7] DNS master slave ±¸¼º ÀÛ¾÷ -03 [ bind / named / dns ]
±Û¾´ÀÌ : theko ³¯Â¥ : 2020-01-16 (¸ñ) 19:11 Á¶È¸ : 1684

ACL(Access Control List)

ACLÀº ³×ÀÓ ¼­¹ö·ÎÀÇ Á¢±ÙÀ» Á¦¾îÇϱâ À§ÇØ »ç¿ëÇÏ´Â BindÀÇ ±â´ÉÀÌ´Ù.

³×Æ®¿öÅ© ´ë¿ªÀ̳ª È£½ºÆ®µéÀ» ¸íĪÀ¸·Î ÁöÁ¤ÇÏ¿© »ç¿ë

-> ÇØ´ç Ŭ¶óÀ̾ðÆ®ÀÇ ¿äû¸¸ Çã¿ë


named.conf ÆÄÀÏ¿¡ ¸ðµç ¼³Á¤À» ´Ù ³ÖÀ¸¸é ³Ê¹« ±æ¾îÁ®¼­ named.rfc1912.zones¿¡µµ ¼³Á¤À» ³ª´©¾î ³Ö°í named.conf¿¡ Æ÷ÇÔ(include) ½ÃÄ×´Ù. (½Ã½ºÅÛÀÌ ÇϳªÀÇ ÆÄÀÏ·Î ÀνÄ) 



acl slave¿¡ ÁöÁ¤µÈ ¼­¹ö(100.100.100.120)¿¡°Ô¸¸ µµ¸ÞÀÎ Á¤º¸°¡ ´ã±ä ÆÄÀÏ Àü¼ÛÀ» Çã¿ë

 

acl "blacklist" { 100.100.100.130; };

³×ÀÓ ¼­¹ö·ÎÀÇ ºÒ¹ýÀû Á¢±ÙÀ» ½ÃµµÇÏ´Â ³×Æ®¿öÅ©/IP ÁÖ¼Ò¸¦ ·Î±×¿¡¼­ ¹ß°ßÇß´Ù¸é blacklist¸¦ »ý¼ºÇÏ¿© ÇØ´ç Á¤º¸¸¦ ÁöÁ¤Çؼ­ Â÷´ÜÇÒ ¼ö ÀÖ´Ù.

 

acl "spoofnetwork" { 0.0.0.0/8; 10.0.0.0/8; 224.0.0.0/8; 192.168.0.0/16; };

Ŭ¶óÀ̾ðÆ®ÀÇ IP°¡ ´ëÇ¥ »ç¼³ IP ´ë¿ªÀÎ °æ¿ì ACLÀ» ¸¸µé¾î¼­ ÀÎÁõµÇÁö ¾ÊÀº IP¿¡ ´ëÇؼ­´Â »çÀü¿¡ Â÷´ÜÀ» ÇÒ ¼ö ÀÖ´Ù.

 

blackhole { blacklist; spoofnetwork; };

blackhole ¿É¼Ç°ú ÇÔ²² »ç¿ëÇϸé ÇØ´ç acl ¸ñ·Ï¿¡ ÁöÁ¤µÈ Ŭ¶óÀ̾ðÆ®·ÎºÎÅÍ ¿À´Â ¸ðµç ¿äûÀ» ¹«½ÃÇÑ´Ù.


À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

miwit.com sir.co.kr DNS Powered by DNSEver.com DNS Powered by DNSEver.com