Á¶°Ç
> DNS master ¼¹ö´Â Centos6, Slave´Â Centos7
Master : 172.30.1.120
Slave : 172.30.1.120, 172.30.1.130
- Slave ¼¹ö ±¸¼ºÀ» ÇϱâÀ§ÇÏ¿© ¾Æ·¡¿Í °°ÀÌ ÁøÇàÇÕ´Ï´Ù.
1. Master ¼¹ö ¼³Á¤
1. master ¼¹ö ¼³Á¤
[root@dns-m etc]# cd /var/named/chroot/etc/
[root@dns-m etc]# vim named.conf
allow-transfer { 172.30.1.120;172.30.1.130; }; //Çã¿ë IP ipÃß°¡
[root@dns-m etc]# vim external.zones
allow-update { 172.30.1.120;172.30.1.130; }; //Çã¿ë IP ipÃß°¡
// DNS Á¤º¸¸¦ °¡Áö°í ÀÖ´Â zone ÆÄÀÏ¿¡ NS µî·ÏÀ» ÇØÁà¾ß ¾÷µ¥ÀÌÆ®°¡ µÈ´Ù.
// ÀÌ ³»¿ëÀÌ ºüÁö¸é ¾÷µ¥ÀÌÆ®°¡ Àß ¾ÈµÈ´Ù...
# vi /var/named/chroot/var/named/external/theko/theko.co.kr
NS ns2.theko.co.kr.
NS ns3.theko.co.kr.
ns2 A 172.30.1.120
ns3 A 172.30.1.130
[root@dns-m etc]# /etc/init.d/named restart
>Master ¼¹ö¿¡¼´Â ¿©±â±îÁö¸¸ ¼³Á¤ÇØÁÖ¸é µÈ´Ù.
2. Slave ¼¹ö ¼³Á¤
> ¹æȺ®Àº ¸ðµÎ ³»·Á°¡ ÀÖ¾î¾ß ÇÑ´Ù. selinux, firewalld
# yum install bind bind-chroot bind-utils
#/usr/libexec/setup-named-chroot.sh /var/named/chroot on
#systemctl stop named
#systemctl disable named
#systemctl start named-chroot
#systemctl enable named-chroot
============================= Âü°í ==================================================
ÀÌ·¸°Ô Çϸé ÀÚµ¿À¸·Î ÆÄÀÏ »ý¼ºÀÌ µÊ(Á¤ÁöµÇ¸é ÆÄÀÏÀÌ ¾ø¾îÁü)
[root@dns-s03 etc]# ll /var/named/chroot/etc/ °æ·ÎÀÓ
drwxr-x--- 2 root named 6 Aug 4 2017 named
drwxr-x--- 3 root named 25 Jun 10 14:10 pki
==>
[root@dns-s03 etc]# ls
localtime named named.conf named.iscdlv.key named.rfc1912.zones named.root.key pki protocols rndc.key services
¿©±âµµ ÆÄÀÏÀÌ »ý¼ºµÊ
[root@dns-s03 named]# pwd
/var/named/chroot/var/named
[root@dns-s03 named]# ls
chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
====================================================================================
# cd /var/named/chroot/etc/
# vim named.conf
......»ý·«
Masterfile-Format Text; // centos7 bind9 ´Â zoneÆÄÀÏÀÌ ±âº»ÀûÀ¸·Î raw ÆÄÀÏ·Î ÀÛ¼º
......»ý·« // Text ÆÄÀÏ·Î º¸±âÀ§ÇØ ³Ö¾îÁÖ´Â ¿É¼Ç! Çʼö!
view "external"
{
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.root.hints";
include "/etc/external.zones";
};
# cd /var/named/chroot/etc/
# vi external.zones
zone "0.0.127.in-addr.arpa" IN {
type slave;
file "external/127.0.0.reverse";
masters { 172.30.1.110; }; //Master IP ³Ö¾îÁÖ¸é µÈ´Ù.
};
zone "1.1.1.in-addr.arpa" IN {
type slave;
file "external/1.1.1.reverse";
masters { 172.30.1.110; };
};
zone "2.2.2.in-addr.arpa" IN {
type slave;
file "external/2.2.2.reverse";
masters { 172.30.1.110; };
};
zone "3.3.3.in-addr.arpa" IN {
type slave;
file "external/3.3.3.reverse";
masters { 172.30.1.110; };
};
// theko.co.kr
zone "theko.co.kr" IN {
type slave;
file "external/theko/theko.co.kr";
masters { 172.30.1.110; };
};
// ±âÁ¸ bind 9.3¹öÀü¿¡´Â /usr/share/doc/bind-9.9.4/sample/etc/ µð·ºÅ丮¿¡ ÀÖÁö¸¸
bind 9.8, 9.9 ¿¡´Â ¾ø¾î¼ ±×³É ¸¸µé¾îÁÜ
# vi /var/named/chroot/etc/named.root.hints
zone "." IN {
type hint;
file "named.ca";
};
# chown root.named /var/named/chroot/etc/named.root.hints
¾÷µ¥ÀÌÆ® µÇ¾î¾ß ÇÒ Zone »óÀ§ µð·ºÅ丮¸¦ »ý¼ºÇØÁà¾ß ÇÑ´Ù.
#cd /var/named/chroot/var/named/
# mkdir external
# chown named.named external/
# cd external/
# mkdir theko
# chown named.named theko/
ÀÌÁ¦ ¸ðµÎ ¼³Á¤ ÇßÀ¸´Ï µ¥¸ó Àç±âµ¿
# systemctl start named-chroot
> LOG·Î Á¤»óÀû ¾÷µ¥ÀÌÆ® µÊÀ» È®ÀÎ
Jun 10 17:37:45 dns-s04 named[988]: client 172.30.1.110#36287: view external: received notify for zone 'theko.co.kr'
Jun 10 17:37:45 dns-s04 named[988]: zone theko.co.kr/IN/external: notify from 172.30.1.110#36287: zone is up to date
