ubuntu 14.04 DNS Server 설치
네임서버운영을 위한 방화벽 오픈 TCP/UDP 53번 포트을 OPEN해야합니다.
1.hosts 수정
root@ns:/etc/bind/zones# cat /etc/hosts 127.0.0.1 localhost 192.168.0.200 ns.mynotes.kr ns # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters
2.resolv.conf 수정
root@ns:/etc/bind/zones# cat /etc/resolvconf/resolv.conf.d/head # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 192.168.0.200 search mynotes.kr resolvconf -u
3.bind9 설치 및 네임서버 설정화일을 위한 디렉토리 생성
apt-get update apt-get install bind9 bind9utils bind9-doc mkdir -p /etc/bind/zones
4.네임서버 설정화일을 위한 관련 화일 COPY
cp /etc/bind/named.conf.local /etc/bind/zones/named.conf.local cp /etc/bind/named.conf.local /etc/bind/zones/named.conf.mynotes.kr cp /etc/bind/db.local /etc/bind/zones/db.mynotes.kr cp /etc/bind/cat db.0 /etc/bind/zones/db.0.168.192
5.bind9의 설정 파일
OPTIONS 매개 변수를 포함 하는 -4 i p v 4만 동작 하도록 설정 root@ns:/etc/bind/zones# cat /etc/default/bind9 PTIONS="-u bind -4" include "/etc/bind/zones/named.conf.mynotes.kr"; 하단에 추가 root@ns:/etc/bind/zones# cat /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/etc/bind/zones/named.conf.mynotes.kr";
6.bind9의 options 환경설정
root@ns:/etc/bind# cat named.conf.options
options {
directory "/var/cache/bind";
version "unknown";
allow-transfer { none; };
recursion no;
listen-on { 192.168.0.200; };
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-enable yes;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
};
logging {
category default { default_syslog; default_debug; };
category unmatched { default_syslog; default_debug; };
category lame-servers { default_syslog; default_debug; };
category network { default_syslog; default_debug; };
category notify { default_syslog; default_debug; };
};
7./etc/bind/zones/named.conf.mynotes.kr 수정
zone "mynotes.kr" {
type master;
file "/etc/bind/zones/db.mynotes.kr";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.0.168.192";
};
8./etc/bind/zones/db.mynotes.kr 수정
; ; BIND data file for local loopback interface ; $TTL 10M @ IN SOA mynotes.kr. root.mynotes.kr. ( 2015010901 ; Serial 1D ; Refresh 1H ; Retry 1W ; Expire 3H ) ; Negative Cache TTL ; Name Server @ IN NS ns.mynotes.kr. ns IN A 192.168.0.200 ; name server ;MX recode ; Alias www IN A 192.168.0.100 ; web server @ IN A 192.168.0.100 ; web server
9./etc/bind/zones/db.0.168.192 수정
; ; BIND reverse data file for broadcast zone ; $TTL 10M @ IN SOA mynotes.kr. root.mynotes.kr. ( 2016010900 ; Serial 1D ; Refresh 1H ; Retry 1W ; Expire 3H ) ; Negative Cache TTL ; name servers - NS records @ IN NS ns.mynotes.kr. ; PTR Records 200 IN PTR ns.mynotes.kr. ; 192.168.0.100 IN PTR www.mynotes.kr. ;
10.bing9 재시작
service bind9 restart
11.log 확인
tail -f /var/log/syslog Jan 11 10:55:24 ns named[1775]: zone 0.in-addr.arpa/IN: loaded serial 1 Jan 11 10:55:24 ns named[1775]: zone 0.168.192.in-addr.arpa/IN: loaded serial 2016010900 Jan 11 10:55:24 ns named[1775]: zone 127.in-addr.arpa/IN: loaded serial 1 Jan 11 10:55:24 ns named[1775]: zone 255.in-addr.arpa/IN: loaded serial 1 Jan 11 10:55:24 ns named[1775]: zone localhost/IN: loaded serial 2 Jan 11 10:55:24 ns named[1775]: zone mynotes.kr/IN: loaded serial 2015010901 Jan 11 10:55:24 ns named[1775]: all zones loaded Jan 11 10:55:24 ns named[1775]: running Jan 11 10:55:24 ns named[1775]: zone 0.168.192.in-addr.arpa/IN: sending notifies (serial 2016010900) Jan 11 10:55:24 ns named[1775]: zone mynotes.kr/IN: sending notifies (serial 2015010901)
12.nslookup 확인
nslookup mynotes.kr ;; Got recursion not available from 192.168.0.200, trying next server Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: mynotes.kr Address: 192.168.0.200
13.DNS 확인 사이트
http://dnsviz.net/