< DNS 설정 방법 >
> DNS 호스트명 :
> DNS 도메인 : www.whoishg.com
> DNS 서버IP : 118.128.134.115
1.named.caching-nameserver.conf 설정 변경
(/var/named/chroot/etc)
------------------------------------------
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
//listen-on port 53 { 127.0.0.1; };
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
version "No !!"; <==== 외부의 해킹에 대한 버전 정보 숨김설정 (외부에 버전정보 노출시 해당 취약점을 이용하여 네임서버를 해킹, 응답변조,네임서버 다운시킬수 있음)
// Those options should be used carefully because they disable port
// randomization
query-source port 53; //53 port를 외부의 모든ip로부터 허용 설정
// query-source-v6 port 53;
allow-query { any; }; // 주석 제거 //질의를 받아들일 source port설정
//allow-query-cache { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes; //공개용 네임서버 사용시 yes 설정: 상위 DNS로 질의 허용여부 , yes 사용시 보안 취약점 발생
include "/etc/named.rfc1912.zones";
};
2. 소유권 변경
[root@localhost etc]# chown named.named /etc/named.caching-nameserver.conf
3. hosts 설정
---------------------------------------------
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
118.128.134.115 www.whoishg.com
4. 사용할 DNS 서버 주소를 설정 //나중에 설정 예정
# vi /etc/resolv.conf
================================================
search www.whoishg.com //자신의 도메인 이름
nameserver 118.128.134.115// 1차 DNS 부분
nameserver 118.128.134.116// 2차 DNS 부분
nameserver 168.126.63.1 //3차 DNS 부분
=================================================
5. 데몬 설정 확인
[root@localhost etc]# chkconfig --level 2345 named on
[root@localhost etc]# chkconfig --list named
named 0:해제 1:해제 2:활성 3:활성 4:활성 5:활성 6:해제
6.named.rfc1912.zones 설정 추가
(/var/named/chroot/etc)
----------------------------------
zone "whoishg.com" IN {
type master;
file "whoishg.zone";
allow-update {118.128.134.116;}; //--> DNS sla
7.================설정중 에러 발생=========================
정상적으로 적용 되었는지 named-checkconf / zone을 통해 확인
아래 체크를 통해 에러가 있다면 메세지를 통해 잘못 된 부분들은 수정 가능
named-checkconf /etc/named.rfc1912.zones
named-checkconf /etc/named.caching-nameserver.conf
named-checkconf /var/named/chroot/etc/named.rfc1912.zones
named-checkzone whoishg.com /var/named/chroot/var/named/whoishg.zone
/etc/init.d/named restart
-------------------------------------------------------------------
[root@localhost etc]# named-checkconf /etc/named.caching-nameserver.conf
/etc/named.caching-nameserver.conf:45: '}' expected near end of file
[root@localhost etc]# named-checkconf /var/named/chroot/etc/named.rfc1912.zones
/var/named/chroot/etc/named.rfc1912.zones:47: '}' expected near end of file
=====>존 파일 추가후 }; 안해줘서 발생함(해결)
[root@localhost etc]# named-checkconf /var/named/chroot/etc/named.conf
/var/named/chroot/etc/named.conf:57: open: /etc/named.root.hints: file not found
===> [root@localhost etc]# ln -s /var/named/chroot/etc/named.root.hints /etc/named.root.hints //심볼림 링크로 걸어줌
'DNS 서버구축 > 작업일지' 카테고리의 다른 글
| whoishg.zone 파일 생성및 작성 (0) | 2013.04.04 |
|---|