사전 환경
ns.sckwon.com(hostname)
networksetting
IP : 192.168.10.10
GW : 192.168.10.1
DNS : 192.168.10.10(package install 후에 변경)
$ nmcli connection add con-name static ifname eth1 type ethernet ipv4.address 192.168.10.10/24 ipv4.gateway 192.168.10.1 ipv4.dns 192.168.10.10ns2.sckwon.com(hostname)
networksetting
IP : 192.168.10.20
GW : 192.168.10.1
DNS : 192.168.10.10 , 192.168.10.20(package install 후에 변경)
$ nmcli connection add con-name static ifname eth1 type ethernet ipv4.address 192.168.10.20/24 ipv4.gateway 192.168.10.1 ipv4.dns 192.168.10.10,192.168.10.20client.sckwon.com(hostname)
networksetting
IP : 192.168.10.100
GW : 192.168.10.1
DNS : 192.168.10.20(package install 후에 변경)
$ nmcli connection add con-name static ifname eth1 type ethernet ipv4.address 192.168.10.100/24 ipv4.gateway 192.168.10.1 ipv4.dns 192.168.10.20ns.sckwon.com(master)
1. package install
dnf install bind -y2. named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { none; };
.
.
allow-query { any; };
.
.
zone "sckwon.com." IN {
type master;
file "data/sckwon.zone";
allow-transfer { 192.168.10.20; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "data/db.10.168.192";
allow-transfer { 192.168.10.20; };
};
3. zone file
정방향
$TTL 1D
@ IN SOA ns.sckwon.com. root (
20240606
; serial
1D ;
refresh
1H ;
retry
1W ;
expire
3H ) ;
minimum
@ IN NS ns.sckwon.com.
ns IN A 192.168.10.10
10 IN PTR ns.sckwon.com.
ns2 IN A 192.168.10.20
20 IN PTR ns2.sckwon.com.역방향
$TTL 1D
@ IN SOA ns.sckwon.com. root (
20240607
; serial
1D ;
refresh
1H ;
retry
1W ;
expire
3H ) ;
minimum
@ IN NS ns.sckwon.com.
10 IN PTR ns.sckwon.com.
20 IN PTR ns2.sckwon.com.
100 IN PTR client.sckwon.com.
4. validation check
4-1. zone check
정방향 파일
$ named-checkzone sckwon.zone /var/named/data/sckwon.zone
zone sckwon.zone/IN: loaded serial 20240606
OK역방향 파일
$ named-checkzone db.10.168.192 /var/named/data/db.10.168.192
zone db.10.168.192/IN: loaded serial 20240607
OK
changes the owner
$ chown :named /var/named/data/sckwon.zone(db10.168.192)4-2 conf check
$ named-checkconf /etc/named.conf 5. etc setting
5-1. firewall-cmd
$ firewall-cmd --add-service=dns --permanent 5-2. named.service
$ systemctl enable --now named.service ns2.sckwon.com (slave)
1. package install
dnf install bind -y2. named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { none; };
.
.
allow-query { any; };
zone "sckwon.com." IN {
type slave;
masters{ 192.168.10.10; };
file "data/sckwon.zone";
allow-transfer { 192.168.10.20; };
};
zone "10.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.10.10; };
file "data/db.192.168.10";
};3. zone file
/etc/named.conf 설정에 따라 master server에서 파일 전송받음
$ ls /var/named/data/
db.10.168.192 named.run sckwon.zone
client-ssh
$ ssh vagrant@ns.sckwon.com
eth0 때문에 접속 안될 경우
$ nmcli device disconnect eth0