cert

1. whoishg.zone 파일 생성및 작성
(/var/named/chroot/var/named)
============DNS Master====================
-----------내 설정------------------------------
$TTL 86400
@  IN SOA ns.whoishg.com. root.whoishg.com. (
     42  ; serial
     3H  ; refresh
     15M  ; retry
     1W  ; expiry
     1D )  ; minimum
         IN NS  ns1.whoishg.com.
  IN A  118.128.134.115
  IN MX 10 mail.whoishg.com.
ns  IN A  118.128.134.115
www  iN A  118.128.134.103
mail  IN A  118.128.134.107
ftp  IN A  118.128.134.110
whoishg.com IN A  118.128.134.103
whoishg.com. IN TXT "v=spf1 ip4:118.128.134.107 -all" 

<== 정상적인  메일 발송을 위해 SPF(DNS zone 파일에TXT) 레코트 설정함.

-----------------------------------------------

2. zone 파일 소유권 변경 및 심볼릭 링크 만들기
# chown named.named whoishg.zone
# ln -s /var/named/chroot/var/named/whoishg.zone /var/named/whoishg.zone

---------------------------------------------

============DNS Slaves 예정==============
$TTL 86400
@  IN SOA ns2.whoishg.com. root.whoishg.com. (
     43  ; serial (d. adams)
     3H  ; refresh
     15M  ; retry
     1W  ; expiry
     1D )  ; minimum
         IN NS  ns1.whoishg.com.
  IN A  118.128.134.116
  IN MX 10 mail.whoishg.com.
ns  IN A  118.128.134.116
www  iN A  118.128.134.103
mail  IN A  118.128.134.107
ftp  IN A  118.128.134.110
whoishg.com IN A  118.128.134.103
mail  IN A  118.128.134.107

< DNS 설정 방법 >
 > DNS 호스트명 :
 > DNS 도메인 : www.whoishg.com
 > DNS 서버IP : 118.128.134.115

1.named.caching-nameserver.conf 설정 변경
  (/var/named/chroot/etc)
------------------------------------------

// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
        //listen-on port 53 { 127.0.0.1; };
        listen-on port 53 { any; };
        //listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        version "No !!";  <==== 외부의 해킹에 대한 버전 정보 숨김설정 (외부에 버전정보 노출시 해당 취약점을 이용하여 네임서버를 해킹, 응답변조,네임서버 다운시킬수 있음)

 // Those options should be used carefully because they disable port
 // randomization
  query-source    port 53; //53 port를 외부의 모든ip로부터 허용 설정
 // query-source-v6 port 53;
 allow-query     { any; }; // 주석 제거 //질의를 받아들일 source port설정
 //allow-query-cache { localhost; };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
 match-clients     { any; };
 match-destinations { any; };
 recursion yes; //공개용 네임서버 사용시 yes 설정: 상위 DNS로 질의 허용여부 , yes 사용시 보안 취약점 발생
 include "/etc/named.rfc1912.zones";
};

2. 소유권 변경
 [root@localhost etc]# chown named.named /etc/named.caching-nameserver.conf

3. hosts 설정
---------------------------------------------
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
118.128.134.115         www.whoishg.com

4. 사용할 DNS 서버 주소를 설정 //나중에 설정 예정
# vi /etc/resolv.conf
================================================
search www.whoishg.com  //자신의 도메인 이름
nameserver 118.128.134.115// 1차 DNS 부분
nameserver 118.128.134.116// 2차 DNS 부분
nameserver 168.126.63.1 //3차 DNS 부분
=================================================
5. 데몬 설정 확인
[root@localhost etc]# chkconfig --level 2345 named on
[root@localhost etc]# chkconfig --list named
named           0:해제  1:해제  2:활성  3:활성  4:활성  5:활성  6:해제

6.named.rfc1912.zones 설정 추가
(/var/named/chroot/etc)
----------------------------------
zone "whoishg.com" IN {
        type master;
        file "whoishg.zone";
        allow-update {118.128.134.116;}; //--> DNS sla

7.================설정중 에러 발생=========================

정상적으로 적용 되었는지 named-checkconf / zone을 통해 확인
아래 체크를 통해 에러가 있다면 메세지를 통해 잘못 된 부분들은 수정 가능

named-checkconf /etc/named.rfc1912.zones
named-checkconf /etc/named.caching-nameserver.conf
named-checkconf /var/named/chroot/etc/named.rfc1912.zones
named-checkzone whoishg.com /var/named/chroot/var/named/whoishg.zone
/etc/init.d/named restart

-------------------------------------------------------------------

[root@localhost etc]# named-checkconf /etc/named.caching-nameserver.conf
/etc/named.caching-nameserver.conf:45: '}' expected near end of file

[root@localhost etc]# named-checkconf /var/named/chroot/etc/named.rfc1912.zones
/var/named/chroot/etc/named.rfc1912.zones:47: '}' expected near end of file
=====>존 파일 추가후 }; 안해줘서 발생함(해결) 

[root@localhost etc]# named-checkconf /var/named/chroot/etc/named.conf
/var/named/chroot/etc/named.conf:57: open: /etc/named.root.hints: file not found
===> [root@localhost etc]# ln -s /var/named/chroot/etc/named.root.hints /etc/named.root.hints //심볼림 링크로 걸어줌