[ Linux ] DNS 서버 설치

1. CentOS7

 

[ DNS Server ]

yum -y remove bind

rm -f /etc/named.conf*

rm -f /var/named/keys/*

# DNS 서버 설치
yum -y install bind bind-chroot

# http 서버 설치
yum -y install httpd

# 나의 아이피 확인
DNS_SERVER_IP=$(ifconfig | grep -A 2 ens | grep "inet " | awk '{ print $2 }')

# Sub DNS 아이피 설정
echo Input Your Sub DNS IP : 
SUB_DNS_SERVER_IP=192.168.108.80 # read SUB_DNS_SERVER_IP

# 도메인 이름 설정
echo Input Your Domain NAME : 
DOMAIN_NAME=hmwoo.com # read DOMAIN_NAME

# DNS 서버 설정
sed -i "s/^\s*listen-on port 53.*/\tlisten-on port 53 { any; };/g" /etc/named.conf

sed -i "s/^\s*listen-on-v6 port 53.*/\tlisten-on-v6 port 53 { none; };/g" /etc/named.conf

sed -i "s/^\s*allow-query.*/\tallow-query\t{ any; };/g" /etc/named.conf

# zone 추가
cat <<ZONE_ADD >> /etc/named.conf

zone "${DOMAIN_NAME}" IN {
$(printf '\t')type master;
$(printf '\t')file "${DOMAIN_NAME%%.*}.zone";
$(printf '\t')allow-update {none;};
$(printf '\t')allow-transfer{$SUB_DNS_SERVER_IP;};
};
ZONE_ADD

# dns 서버 설정 검사
named-checkconf

# zone 파일 추가
cat <<ZONE_FILE_ADD > /var/named/${DOMAIN_NAME%%.*}.zone
\$TTL$(printf '\t')3H
@$(printf '\t')SOA$(printf '\t')@$(printf '\t')root.$(printf '\t')(20201111 1D 1H 1W 1H)
$(printf '\t')IN$(printf '\t')NS$(printf '\t')@
$(printf '\t')IN$(printf '\t')NS$(printf '\t')ns2.
$(printf '\t')IN$(printf '\t')A$(printf '\t')$DNS_SERVER_IP

ns      IN      A       $DNS_SERVER_IP
ns2     IN      A       $SUB_DNS_SERVER_IP

www$(printf '\t')IN$(printf '\t')A$(printf '\t')$DNS_SERVER_IP
ftp$(printf '\t')IN$(printf '\t')A$(printf '\t')$SUB_DNS_SERVER_IP
ZONE_FILE_ADD

# 1차 확인 ( 암호와 안된 파일 전달받음 )
# zone file check
named-checkzone ${DOMAIN_NAME} ${DOMAIN_NAME%%.*}.zone

# 암호화 정보 통신을 위한 공개키 및 비밀키 보관 폴더 생성
mkdir /var/named/keys

cd /var/named/keys

dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE ${DOMAIN_NAME}.
dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK ${DOMAIN_NAME}.

echo >> /var/named/${DOMAIN_NAME%%.*}.zone
(ls /var/named/keys/*.key | awk '{print $1}' | while read result; do echo \$INCLUDE $result; done) >> /var/named/${DOMAIN_NAME%%.*}.zone

dnssec-signzone -S -K /var/named/keys/ -3 96e920 -o ${DOMAIN_NAME}. /var/named/${DOMAIN_NAME%%.*}.zone

sed -i "s/\"${DOMAIN_NAME%%.*}.zone\"/\"${DOMAIN_NAME%%.*}.zone.signed\"/g" /etc/named.conf

firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp

firewall-cmd --reload

firewall-cmd --list-ports

systemctl restart named

# http 서버 시작
systemctl restart httpd

 

[ Sub DNS Server ]

yum -y remove bind

rm -f /etc/named.conf*

echo Input Your DNS IP : 
DNS_SERVER_IP=192.168.108.67 # read DNS_SERVER_IP

echo Input Your Domain NAME : 
DOMAIN_NAME=hmwoo.com # read DOMAIN_NAME

yum -y install bind bind-utils bind_libs bind-chroot

# ftp 설치
yum -y install vsftpd

# DNS 서버 설정
sed -i "s/^\s*listen-on port 53.*/\tlisten-on port 53 { any; };/g" /etc/named.conf

sed -i "s/^\s*listen-on-v6 port 53.*/\tlisten-on-v6 port 53 { none; };/g" /etc/named.conf

sed -i "s/^\s*allow-query.*/\tallow-query\t{ any; };/g" /etc/named.conf

cat <<ZONE_ADD >> /etc/named.conf

# 암호안된 파일도 전달받는것 확인해보기
zone "${DOMAIN_NAME}" IN {
$(printf '\t')type slave;
$(printf '\t')file "slaves/${DOMAIN_NAME%%.*}.zone.signed";
$(printf '\t')masters{$DNS_SERVER_IP;};
$(printf '\t')masterfile-format text;
};
ZONE_ADD

sed -i "s/\"${DOMAIN_NAME%%.*}.zone\"/\"${DOMAIN_NAME%%.*}.zone.signed\"/g" /etc/named.conf

sed -i "s/^write_enable.*//g" /etc/vsftpd/vsftpd.conf
sed -i "s/^anon_upload_enable.*//g" /etc/vsftpd/vsftpd.conf
sed -i "s/^anon_root.*//g" /etc/vsftpd/vsftpd.conf
sed -i "s/^pasv_enable.*//g" /etc/vsftpd/vsftpd.conf
sed -i "s/^pasv_min_port.*//g" /etc/vsftpd/vsftpd.conf
sed -i "s/^pasv_max_port.*//g" /etc/vsftpd/vsftpd.conf

sed -i "/^$/d" /etc/vsftpd/vsftpd.conf

cat <<FTP_SERVER_SETTING >> /etc/vsftpd/vsftpd.conf
write_enable=YES
anon_upload_enable=YES
anon_root=/app/repo/ftp
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30009
FTP_SERVER_SETTING

# ftpusers 설정 파일에 등록된 유저는
# 패스워드 확인 후 거부
sed -i "s/^root.*//g" /etc/vsftpd/ftpusers

# user_list 설정 파일에 등록된 유저는
# 무조건 거부
sed -i "s/^root.*//g" /etc/vsftpd/user_list

firewall-cmd --permanent --add-port=21/tcp --add-port=30000-30009/tcp --add-port=53/tcp --add-port=53/udp

firewall-cmd --reload

firewall-cmd --list-ports

# selinux 사용 안함 설정
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

setenforce 0

# dns 서버 시작
systemctl restart named

# ftp 서버 시작
systemctl restart vsftpd

 

[ Client ]

echo Input Your Sub DNS IP : 
SUB_DNS_SERVER_IP=192.168.108.80 # read SUB_DNS_SERVER_IP

echo Input Your Domain NAME : 
DOMAIN_NAME=hmwoo.com # read DOMAIN_NAME

echo nameserver $SUB_DNS_SERVER_IP > /etc/resolv.conf

# dns 서버가 잡히는것 확인
nslookup www.$DOMAIN_NAME

# sub dns 서버가 잡히는것 확인
nslookup ftp.$DOMAIN_NAME

# 접속 확인(브라우저 주소창에 입력과 같은 명령어)
firefox http://www.$DOMAIN_NAME/ &

firefox ftp://ftp.$DOMAIN_NAME/ &

 

2. Ubuntu20

 

[ DNS Server ]

# apt lock 파일 삭제
rm /var/lib/apt/lists/lock
rm /var/cache/apt/archives/lock
rm /var/lib/dpkg/lock*

# 기존 DNS 서버 중지 및 사용 안함 설정
systemctl stop systemd-resolved
systemctl disable systemd-resolved

# 나의 아이피 확인
DNS_SERVER_IP=$(ip route | grep ens | grep kernel | awk '{print $9}')

# Sub DNS 아이피 설정
echo Input Your Sub DNS IP : 
SUB_DNS_SERVER_IP=192.168.108.140 # read SUB_DNS_SERVER_IP

# 도메인 이름 설정
echo Input Your Domain NAME : 
DOMAIN_NAME=hmwoo.com # read DOMAIN_NAME

apt-get -y install bind9 bind9utils

apt-get -y install apache2

cat <<DNS_CONF_SET > /etc/bind/named.conf.options
options {
$(printf '\t')directory "/var/cache/bind";

$(printf '\t')listen-on port 53 { any; };
$(printf '\t')listen-on-v6 port 53 { none; };
$(printf '\t')allow-query { any; };

$(printf '\t')dnssec-validation auto;

$(printf '\t')listen-on-v6 { any; };
};
DNS_CONF_SET

# zone 추가
cat <<ZONE_ADD >> /etc/bind/named.conf

zone "${DOMAIN_NAME}" IN {
$(printf '\t')type master;
$(printf '\t')file "/etc/bind/${DOMAIN_NAME%%.*}.zone";
$(printf '\t')allow-update {none;};
$(printf '\t')allow-transfer{$SUB_DNS_SERVER_IP;};
};
ZONE_ADD

named-checkconf

# zone 파일 추가
cat <<ZONE_FILE_ADD > /etc/bind/${DOMAIN_NAME%%.*}.zone
\$TTL$(printf '\t')3H
@$(printf '\t')SOA$(printf '\t')@$(printf '\t')root.$(printf '\t')(20201111 1D 1H 1W 1H)
$(printf '\t')IN$(printf '\t')NS$(printf '\t')@
$(printf '\t')IN$(printf '\t')NS$(printf '\t')ns2.
$(printf '\t')IN$(printf '\t')A$(printf '\t')$DNS_SERVER_IP

ns      IN      A       $DNS_SERVER_IP
ns2     IN      A       $SUB_DNS_SERVER_IP

www$(printf '\t')IN$(printf '\t')A$(printf '\t')$DNS_SERVER_IP
ftp$(printf '\t')IN$(printf '\t')A$(printf '\t')$SUB_DNS_SERVER_IP
ZONE_FILE_ADD

named-checkzone ${DOMAIN_NAME} /etc/bind/${DOMAIN_NAME%%.*}.zone

mkdir /etc/bind/keys

cd /etc/bind/keys

dnssec-keygen -a NSEC3RSASHA1 -b 1024 -n ZONE ${DOMAIN_NAME}.
dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE -f KSK ${DOMAIN_NAME}.

echo >> /etc/bind/${DOMAIN_NAME%%.*}.zone

(ls /etc/bind/keys/*.key | awk '{print $1}' | while read result; do echo \$INCLUDE $result; done) >> /etc/bind/${DOMAIN_NAME%%.*}.zone

dnssec-signzone -S -K /etc/bind/keys/ -3 96e920 -o ${DOMAIN_NAME}. /etc/bind/${DOMAIN_NAME%%.*}.zone

sed -i "s/${DOMAIN_NAME%%.*}.zone/${DOMAIN_NAME%%.*}.zone.signed/g" /etc/bind/named.conf

systemctl restart bind9

systemctl restart apache2

ufw allow 80/tcp

ufw allow 53/tcp

ufw allow 53/udp

 

[ Sub DNS Server ]

rm /var/lib/apt/lists/lock
rm /var/cache/apt/archives/lock
rm /var/lib/dpkg/lock*

DNS_SERVER_IP=192.168.108.20

echo Input Your Domain NAME : 
DOMAIN_NAME=hmwoo.com # read DOMAIN_NAME

apt-get -y install bind9 bind9utils

apt-get -y install vsftpd

cat <<DNS_CONF_SET > /etc/bind/named.conf.options
options {
$(printf '\t')directory "/var/cache/bind";

$(printf '\t')listen-on port 53 { any; };
$(printf '\t')listen-on-v6 port 53 { none; };
$(printf '\t')allow-query { any; };

$(printf '\t')dnssec-validation auto;

$(printf '\t')listen-on-v6 { any; };
};
DNS_CONF_SET

# zone 추가
cat <<ZONE_ADD >> /etc/bind/named.conf

zone "${DOMAIN_NAME}" IN {
$(printf '\t')type slave;
$(printf '\t')file "/var/cache/bind/${DOMAIN_NAME%%.*}.zone";
$(printf '\t')masters{$DNS_SERVER_IP;};
$(printf '\t')masterfile-format text;
};
ZONE_ADD

sed -i "s/${DOMAIN_NAME%%.*}.zone/${DOMAIN_NAME%%.*}.zone.signed/g" /etc/bind/named.conf

sed -i "s/^write_enable.*//g" /etc/vsftpd.conf
sed -i "s/^anonymous_enable.*//g" /etc/vsftpd.conf
sed -i "s/^anon_upload_enable.*//g" /etc/vsftpd.conf
sed -i "s/^anon_root.*//g" /etc/vsftpd.conf
sed -i "s/^pasv_enable.*//g" /etc/vsftpd.conf
sed -i "s/^pasv_min_port.*//g" /etc/vsftpd.conf
sed -i "s/^pasv_max_port.*//g" /etc/vsftpd.conf
sed -i "s/^userlist_enable.*//g" /etc/vsftpd.conf
sed -i "s/^userlist_file.*//g" /etc/vsftpd.conf
sed -i "s/^userlist_deny.*//g" /etc/vsftpd.conf

sed -i "/^$/d" /etc/vsftpd.conf

cat <<FTP_SERVER_SETTING >> /etc/vsftpd.conf
anonymous_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_root=/app/repo/ftp
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30009
userlist_enable=YES
userlist_file=/etc/user_list
userlist_deny=YES
FTP_SERVER_SETTING

# ftpusers 설정 파일에 등록된 유저는
# 패스워드 확인 후 거부
sed -i "s/^root.*//g" /etc/ftpusers

echo >> /etc/user_list

# user_list 설정 파일에 등록된 유저는
# 무조건 거부
sed -i "s/^root.*//g" /etc/user_list

# dns 서버 시작
systemctl restart bind9

systemctl restart vsftpd

ufw allow 21/tcp

ufw allow 30000:30009/tcp

ufw allow 53/tcp

ufw allow 53/udp

 

[ Client ]

echo Input Your Sub DNS IP : 
SUB_DNS_SERVER_IP=192.168.108.140 # read SUB_DNS_SERVER_IP

echo Input Your Domain NAME : 
DOMAIN_NAME=hmwoo.com # read DOMAIN_NAME

echo nameserver $SUB_DNS_SERVER_IP > /etc/resolv.conf

nslookup ftp.$DOMAIN_NAME
nslookup www.$DOMAIN_NAME

# 접속 확인(브라우저 주소창에 입력)
firefox ftp://ftp.$DOMAIN_NAME/ &
firefox http://www.$DOMAIN_NAME/ &