DNS 예은이정리

 

Chapter 3. DNS 서버

 

DNS 서버

• IP-DN

• DN : www.google.com -> DNS server -> IP 알려줌

• www.google.com | google’s IP

• www.naver.com | naver’s IP

• DNS 주소가 너무 많음

• 검색하는데 시간이 너무 오래 걸림

 

DNS 구조

 

• root servers

.com   |    .com’s IP

.org    |    .org’s IP

 

.com | nsname.come | NS | 3500

nsname.com | 101.5.5.3 | A | 3500

 

• TLD(Top Level Domain)

.com

google.com   |   google.com’s IP

amazon.com |   amazon.com’s IP

nsname.com

google.com | dn1.google.com | NS | 3500

dn1.google.com | 8.8.8.8 | A | 3500

amazon.com | dn1.amazon.com | NS | 3220

amazon.com | 9.9.9.9 | A | 3220

 

DNS 종류

 

• authoritative DNS

• IP 주소를 저장, 수정, 삭제 

maps.com  |  maps.google.com ‘s IP

www.google.com  |  www.google.com ‘s IP

mail.google.com  | mail.google.com ‘s IP

 

dn1.google.com

maps.com | 8.8.8.10fire

www.google.com | 8.8.8.15

mail.google.com | 8.8.8.100

 

• cache DNS

• 사용자로부터 DNS 정보조회 요청을 받을 때 authoritative DNS에서 정보 가져와 사용자에게 제공

 

Local DNS 서버를 만들어 놓고 운영

 

• DNS 쿼리를 저장해놓고 host들이 질의하면 대신 답변

• TTL 필드가 존재해서 최신 상태를 유지하게 해줌

 

DNS 레코드

 

• DNS 레코드의 변경사항이 적용될 때까지 걸리는 시간을 결정

• NAME VALUE TYPE TTL

• A record: 호스트 주소(IPv4, IPv6)

www.google.com | 111.111.11.11 | A | 1250

server1.google.com | 111.111.11.15 | A | 1250

mail.google.com | 111.111.11.15 | A | 1250

google.com | 111.111.20.230 | A | 1250

 

• NS record: Name Server

.com | nsname.com | NS | 3500

.net | nsname-net.com | NS | 3500

 

• CNAME record: 별칭

www.google.com | server1.google.com | CNAME | 30

www.google.com | server2.google.com | CNAME | 30

DNS 조회 방법

 

• host

• yum install bind-utils.x86_64

• host google.com

• host -v google.com

• host -t a google.com

• host -t cname google.com

• host -t ns google.com

• host ns4.google.com 8.8.8.8

 

• nslookup

• nslookup google.com 8.8.8.8

 

• dig

• dig @8.8.8.8 google.com

 

DNS 서버 구성

 

• bind

• yum install bind*

• systemctl status named.service

• vi /etc/named.conf

• systemctl start named.service

• setenforce 0

• getenforce 

• firewall-cmd --add-service=dns --permanent

• firewall-cmd --reload

• firewall-cmd --list-all

 

DNS zone 생성

 

server

1. nobreak.co.kr 도메인의 영역 파일을 생성하기 위해 named.empty 파일 복사하여 편집

• sudo cp /var/named/named.empty /var/named/data/nobreak.co.kr.zone

• sudo vi /var/named/data/nobreak.co.kr.zone

2. /etc/named.conf 파일 수정: DNS 서버의 연결정보, BIND를 통해 서비스할 영역 설정 저장

• sudo vi /etc/named.conf

3. 영역 파일 및 설정 파일 확인

• sudo named-checkconf /etc/named.conf

4. named.service 재시작

• sudo chmod -R 754 /var/named

• sudo systemctl restart named.service

• sudo systemctl status named.service

client

• sudo yum install bind-utils.x86_64

• nslookup www.google.com 192.168.122.200

• nslookup www.nobreak.co.kr 192.168.122.200

• curl www.nobreak.co.kr

 

실습

 

nslookup www.20200602.co.kr 192.168.122.200

curl www.20200602.co.kr

 

http 서버

ping www.google.com

sudo yum install httpd

sudo vi /var/www/html/index.html

sudo firewall-cmd --add-service=http --permanent

sudo firewall-cmd --reload

sudo systemctl start httpd

sudo systemctl status httpd

sudo systemctl enable httpd

--------------------------------------------------

DNS 서버

(any none any)

vi /etc/named.conf

    zone "nobreak.co.kr." IN {

            type master;

            file "data/nobreak.co.kr.zone";

    };

 

    zone "20200602.co.kr." IN {

            type master;

            file "data/20200602.co.kr.zone";

    };

 

vi /var/named/data/20200602.co.kr.zone

    $TTL 3H

    @        IN   SOA    ns.20200602.co.kr root.20200602.co.kr. (

                            0    ; serial

                               1D    ; refresh

                            1H    ; retry

                            1W    ; expire

                            3H )    ; minimum

    @        IN    NS    ns.20200602.co.kr.

                  IN    A    192.168.122.150

 

    ns          IN    A    192.168.122.200

   www    IN    A    192.168.122.150

systemctl restart named.service

------------------------------------------

client

curl 192.168.122.150

nmcli connection show eth0-client 

sudo nmcli connection modify eth0-client ipv4.dns 192.168.122.200

sudo nmcli connection down eth0-client

sudo nmcli connection up eth0-client

nslookup 20200602.co.kr 192.168.122.200

curl www.20200602.co.kr

 

=========================================================

 

Chapter 4. DHCP 서버

 

DHCP 서버

 

• ip / subnetmask

• gateway

• dns 주소

• 경쟁 방식

• client -> server(DHCP Discover) : 서버님 IP 주세요

• dest : 255.255.255.255:67

• src : 0.0.0.0:68

• tran ID : 777

• server -> client

• tran ID : 777

• src : 111.111.104.2:67

• des t: 255.255.255.255:68

• client -> server

• broadcast로 IP를 지정받음을 공표

• tran ID : 777

• src : 0.0.0.0:68

• dest : 255.255.255.255:67

• server -> client DHCP ACK

• src : 111.111.104.2:67

• dest : 111.111.104.25:68

• tran ID : 777

• DHCP 연결이 실패하면 169.254.???.???

실습

1. dhcp 서버 ip 할당

network profile 전부 삭제

network profile 새로 추가

IP : 192.168.50.100/24

Gateway : 192.168.50.1

DNS : 8.8.8.8

 

2. client 

network profile 전부 삭제

 

3. server 에 dhcp 패키지 설치 

yum install dhcp 

vi /etc/dhcp/dhcpd.conf

(참고:  /usr/share/doc/dhcp*/dhcpd.conf.example)

 

subnet 192.168.50.0 netmask 255.255.255.0 {

  range 192.168.50.101 192.168.50.110;

  option routers 192.168.50.1;

  option broadcast-address 192.168.50.255;

  option domain-name-servers 8.8.8.8;

  default-lease-time 600;

  max-lease-time 7200;

}

 

4. dhcp 실행

firewall-cmd --permanent --add-service=dhcp

firewall-cmd --reload 

systemctl enable dhcpd

systemctl start dhcpd

systemctl status dhcpd

tail -f /var/lib/dhcpd/dhcpd.leases 로 모니터링

 

5. client 에서 profile 생성후 확인