CentOS7でDNSサーバ立てる
OpenshiftのインストールにDNSサーバが必要なので、CentOS7にてDNSサーバ(bind)を立てる方法をメモとして残す
基本的にはserver worldさんの記事通り
https://www.server-world.info/query?os=CentOS_7&p=dns&f=1
一方で、AWSのRoute 53みたく設定が直感的ではないため、重複する部分を変数で流し込めるように書き換えた
前提
右記のサブネットを使用: 10.240.0.0/24
DNSサーバ用マシンのIP: 10.240.0.10
実際の構築用コード
yum -y install bind bind-utils
PRIVATE_CIDR='10.240.0.0/24'
NAMESERVER_HOSTNAME='dnshost'
NAMESERVER_ZONE='internal.local'
cat << EOF > /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
# 問い合わせを許可する範囲 ( 内部ネットワーク等を指定 )
allow-query { localhost; ${PRIVATE_CIDR}; };
# ゾーン情報の転送を許可する範囲 ( セカンダリDNSがいればその場所/範囲 )
allow-transfer { localhost; ${PRIVATE_CIDR}; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
#dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "internal" {
match-clients {
localhost;
${PRIVATE_CIDR};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "${NAMESERVER_ZONE}" IN {
type master;
file "srv.world.lan";
allow-update { none; };
};
zone "0.240.10.in-addr.arpa" IN {
type master;
file "0.240.10.db";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
EOF
mkdir -p /var/named
cat << EOF > /var/named/srv.world.lan
\$TTL 86400
@ IN SOA ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}. root.${NAMESERVER_ZONE}. (
2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}.
IN A 10.240.0.10
${NAMESERVER_HOSTNAME} IN A 10.240.0.10
master IN A 10.240.0.20
worker1 IN A 10.240.0.30
worker2 IN A 10.240.0.40
EOF
cat << EOF > /var/named/0.240.10.db
\$TTL 86400
@ IN SOA ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}. root.${NAMESERVER_ZONE}. (
2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}.
IN PTR ${NAMESERVER_ZONE}.
IN A 255.255.255.0
10 IN PTR ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}.
20 IN PTR master.${NAMESERVER_ZONE}.
30 IN PTR worker1.${NAMESERVER_ZONE}.
40 IN PTR worker2.${NAMESERVER_ZONE}.
EOF
systemctl start named
systemctl enable named
firewall-cmd --add-service=dns --permanent
firewall-cmd --reload
# nmcli device show | grep GENERAL.CONNECTION: でNW_INTERFACEを確認
NW_INTERFACE="eth1"
nmcli connection modify ${NW_INTERFACE} ipv4.dns 10.240.0.10
nmcli connection down ${NW_INTERFACE}; nmcli connection up ${NW_INTERFACE}
yum -y install bind bind-utils
PRIVATE_CIDR='10.240.0.0/24'
NAMESERVER_HOSTNAME='dnshost'
NAMESERVER_ZONE='internal.local'
cat << EOF > /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
# 問い合わせを許可する範囲 ( 内部ネットワーク等を指定 )
allow-query { localhost; ${PRIVATE_CIDR}; };
# ゾーン情報の転送を許可する範囲 ( セカンダリDNSがいればその場所/範囲 )
allow-transfer { localhost; ${PRIVATE_CIDR}; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
#dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "internal" {
match-clients {
localhost;
${PRIVATE_CIDR};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "${NAMESERVER_ZONE}" IN {
type master;
file "srv.world.lan";
allow-update { none; };
};
zone "0.240.10.in-addr.arpa" IN {
type master;
file "0.240.10.db";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
EOF
mkdir -p /var/named
cat << EOF > /var/named/srv.world.lan
\$TTL 86400
@ IN SOA ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}. root.${NAMESERVER_ZONE}. (
2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}.
IN A 10.240.0.10
${NAMESERVER_HOSTNAME} IN A 10.240.0.10
master IN A 10.240.0.20
worker1 IN A 10.240.0.30
worker2 IN A 10.240.0.40
EOF
cat << EOF > /var/named/0.240.10.db
\$TTL 86400
@ IN SOA ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}. root.${NAMESERVER_ZONE}. (
2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}.
IN PTR ${NAMESERVER_ZONE}.
IN A 255.255.255.0
10 IN PTR ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}.
20 IN PTR master.${NAMESERVER_ZONE}.
30 IN PTR worker1.${NAMESERVER_ZONE}.
40 IN PTR worker2.${NAMESERVER_ZONE}.
EOF
systemctl start named
systemctl enable named
firewall-cmd --add-service=dns --permanent
firewall-cmd --reload
# nmcli device show | grep GENERAL.CONNECTION: でNW_INTERFACEを確認
NW_INTERFACE="eth1"
nmcli connection modify ${NW_INTERFACE} ipv4.dns 10.240.0.10
nmcli connection down ${NW_INTERFACE}; nmcli connection up ${NW_INTERFACE}
Author And Source
この問題について(CentOS7でDNSサーバ立てる), 我々は、より多くの情報をここで見つけました https://qiita.com/iaoiui/items/06f456ed741f0144e6f7著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .