°Ô½Ã¹° 259°Ç
   
[centOS7.4] DNS slave ¼³Á¤ ÀÛ¾÷ [ bind ]
±Û¾´ÀÌ : theko ³¯Â¥ : 2020-06-10 (¼ö) 18:01 Á¶È¸ : 2202
Á¶°Ç

> DNS master ¼­¹ö´Â Centos6, Slave´Â Centos7
Master : 172.30.1.120
Slave : 172.30.1.120, 172.30.1.130


- Slave ¼­¹ö ±¸¼ºÀ» ÇϱâÀ§ÇÏ¿© ¾Æ·¡¿Í °°ÀÌ ÁøÇàÇÕ´Ï´Ù. 

1. Master ¼­¹ö ¼³Á¤

1. master ¼­¹ö ¼³Á¤
[root@dns-m etc]# cd /var/named/chroot/etc/
[root@dns-m etc]# vim named.conf

allow-transfer { 172.30.1.120;172.30.1.130; };  //Çã¿ë IP ipÃß°¡

[root@dns-m etc]# vim external.zones

allow-update { 172.30.1.120;172.30.1.130; };  //Çã¿ë IP ipÃß°¡


// DNS Á¤º¸¸¦ °¡Áö°í ÀÖ´Â zone ÆÄÀÏ¿¡ NS µî·ÏÀ» ÇØÁà¾ß ¾÷µ¥ÀÌÆ®°¡ µÈ´Ù. 
// ÀÌ ³»¿ëÀÌ ºüÁö¸é ¾÷µ¥ÀÌÆ®°¡ Àß ¾ÈµÈ´Ù...

# vi /var/named/chroot/var/named/external/theko/theko.co.kr
        NS      ns2.theko.co.kr.
                        NS      ns3.theko.co.kr.
ns2                     A       172.30.1.120
ns3                     A       172.30.1.130

[root@dns-m etc]# /etc/init.d/named restart

>Master ¼­¹ö¿¡¼­´Â ¿©±â±îÁö¸¸ ¼³Á¤ÇØÁÖ¸é µÈ´Ù.

2. Slave ¼­¹ö ¼³Á¤
> ¹æÈ­º®Àº ¸ðµÎ ³»·Á°¡ ÀÖ¾î¾ß ÇÑ´Ù. selinux, firewalld

# yum install bind  bind-chroot bind-utils

#/usr/libexec/setup-named-chroot.sh /var/named/chroot on
#systemctl stop named
#systemctl disable named
#systemctl start named-chroot
#systemctl enable named-chroot
============================= Âü°í ==================================================
ÀÌ·¸°Ô Çϸé ÀÚµ¿À¸·Î ÆÄÀÏ »ý¼ºÀÌ µÊ(Á¤ÁöµÇ¸é ÆÄÀÏÀÌ ¾ø¾îÁü)
[root@dns-s03 etc]# ll                                           /var/named/chroot/etc/ °æ·ÎÀÓ
drwxr-x--- 2 root named  6 Aug  4  2017 named
drwxr-x--- 3 root named 25 Jun 10 14:10 pki
==>
[root@dns-s03 etc]# ls
localtime  named  named.conf  named.iscdlv.key  named.rfc1912.zones  named.root.key  pki  protocols  rndc.key  services

¿©±âµµ ÆÄÀÏÀÌ »ý¼ºµÊ
[root@dns-s03 named]# pwd
/var/named/chroot/var/named
[root@dns-s03 named]# ls
chroot  data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
====================================================================================
# cd /var/named/chroot/etc/
# vim named.conf
......»ý·«
Masterfile-Format Text;        // centos7 bind9 ´Â zoneÆÄÀÏÀÌ ±âº»ÀûÀ¸·Î raw ÆÄÀÏ·Î ÀÛ¼º
......»ý·«                       // Text ÆÄÀÏ·Î º¸±âÀ§ÇØ ³Ö¾îÁÖ´Â ¿É¼Ç! Çʼö!
view "external"
{
        match-clients           { any; };
        match-destinations      { any; };
        recursion yes;
        include "/etc/named.root.hints";
        include "/etc/external.zones";

};

# cd /var/named/chroot/etc/
# vi external.zones
zone "0.0.127.in-addr.arpa" IN {
        type slave;
        file "external/127.0.0.reverse";
        masters { 172.30.1.110; };      //Master IP ³Ö¾îÁÖ¸é µÈ´Ù. 
};


zone "1.1.1.in-addr.arpa" IN {
        type slave;
        file "external/1.1.1.reverse";
        masters { 172.30.1.110; };
};

zone "2.2.2.in-addr.arpa" IN {
        type slave;
        file "external/2.2.2.reverse";
        masters { 172.30.1.110; };
};

zone "3.3.3.in-addr.arpa" IN {
        type slave;
        file "external/3.3.3.reverse";
        masters { 172.30.1.110; };
};
// theko.co.kr
zone "theko.co.kr" IN {
        type slave;
        file "external/theko/theko.co.kr";
        masters { 172.30.1.110; };
};

// ±âÁ¸ bind 9.3¹öÀü¿¡´Â /usr/share/doc/bind-9.9.4/sample/etc/ µð·ºÅ丮¿¡ ÀÖÁö¸¸
bind 9.8, 9.9 ¿¡´Â ¾ø¾î¼­ ±×³É ¸¸µé¾îÁÜ

# vi  /var/named/chroot/etc/named.root.hints
zone "." IN {
        type hint;
        file "named.ca";
};

# chown root.named /var/named/chroot/etc/named.root.hints

¾÷µ¥ÀÌÆ® µÇ¾î¾ß ÇÒ Zone »óÀ§ µð·ºÅ丮¸¦ »ý¼ºÇØÁà¾ß ÇÑ´Ù. 

#cd  /var/named/chroot/var/named/
# mkdir external
# chown named.named external/
# cd external/
# mkdir theko
# chown named.named theko/



ÀÌÁ¦ ¸ðµÎ ¼³Á¤ ÇßÀ¸´Ï µ¥¸ó Àç±âµ¿

# systemctl start named-chroot


> LOG·Î Á¤»óÀû ¾÷µ¥ÀÌÆ® µÊÀ» È®ÀΠ

Jun 10 17:37:45 dns-s04 named[988]: client 172.30.1.110#36287: view external: received notify for zone 'theko.co.kr'
Jun 10 17:37:45 dns-s04 named[988]: zone theko.co.kr/IN/external: notify from 172.30.1.110#36287: zone is up to date




À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

miwit.com sir.co.kr DNS Powered by DNSEver.com DNS Powered by DNSEver.com