DNS 설정에 대해 문의 드립니다. cent-os 5.3 bind-9.3.4-10.P1.el5
호스팅 업체에서 도메인을 위임을 받아 개인서버에 DNS를 설치 및 설정을 했습니다만 제대로 작동이 되지를 않네요
개인서버의 현황을 말씀드리면 아아피 공유기를 통해 사설아이피로 할당을 받아 사용중입니다 (현재 웹서버 사용중)
아이피공유기에서 웹서버용 포트(8080 포트) 와 DNS를 위한 포트 포워딩을 설정을 했습니다 tcp 53 udp 53
공유아이피 : 58.239.174.156
서버에 할당된 내부 아이피: 192.168.1.3 입니다
bind관련 설치된 내용을 보여드리겠습니다.
---------------------------------------------------------------------------------------------
bind-sdb-9.3.4-10.P1.el5
bind-libs-9.3.4-10.P1.el5
bind-utils-9.3.4-10.P1.el5
bind-9.3.4-10.P1.el5
bind-chroot-9.3.4-10.P1.el5
bind-devel-9.3.4-10.P1.el5
ypbind-1.19-11.el5
bind-libbind-devel-9.3.4-10.P1.el5
--------------------------------------------------------------------------------------------
bind 설정파일을 보여드리겠습니다.
/var/named/chroot/etc/named.conf
-------------------------------------------------------------------------------------------
options
{
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
# all views must contain the root hints zone:
include "/etc/named.root.hints";
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/etc/named.rfc1912.zones";
};
view "internal"
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;
// all views must contain the root hints zone:
include "/etc/named.root.hints";
// include "named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.
// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :
zone "piki.kr"{
type master;
file "data/piki.kr.zone";
};
zone "my.internal.zone" {
type master;
file "my.internal.zone.db";
};
zone "my.slave.internal.zone" {
type slave;
file "slaves/my.slave.internal.zone.db";
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
// put slave zones in the slaves/ directory so named can update them
};
zone "my.ddns.internal.zone" {
type master;
allow-update { key ddns_key; };
file "slaves/my.ddns.internal.zone.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};
};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
// all views must contain the root hints zone:
include "/etc/named.root.hints";
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
zone "piki.kr" {
type master;
file "data/piki.kr.zone";
};
zone "my.external.zone" {
type master;
file "my.external.zone.db";
};
};
------------------------------------------------------------------------------------------
/var/named/chroot/var/named/data/piki.kr.zone 내용입니다
------------------------------------------------------------------------------------------
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.piki.kr.
IN NS ns2.piki.kr.
IN mx 10 mail
@ IN A 58.239.174.156
ns1 IN A 58.239.174.156
ns2 IN A 58.239.174.156
www IN A 58.239.174.156
mail IN A 58.239.174.156
----------------------------------------------------------------------------------------
/var/named/chroot/var/named/data/174.239.58.rev 내용입니다
----------------------------------------------------------------------------------------
$TTL 86400
@ IN SOA piki.kr. root.piki.kr. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns.piki.kr.
156 IN PTR ns.piki.kr.
156 IN PTR www.piki.kr
----------------------------------------------------------------------------------------
저의 서버 계정에서 dig piki.kr 내용
----------------------------------------------------------------------------------------
; <<>> DiG 9.3.4-P1 <<>> piki.kr
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43836
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;piki.kr. IN A
;; ANSWER SECTION:
piki.kr. 86400 IN A 58.239.174.156
;; AUTHORITY SECTION:
piki.kr. 86400 IN NS ns2.piki.kr.
piki.kr. 86400 IN NS ns1.piki.kr.
;; ADDITIONAL SECTION:
ns1.piki.kr. 86400 IN A 58.239.174.156
ns2.piki.kr. 86400 IN A 58.239.174.156
;; Query time: 3 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Sun Jun 7 12:15:34 2009
;; MSG SIZE rcvd: 109
---------------------------------------------------------------------------------
/var/named/chroot/var/named/data/174.239.58.rev 내용입니다
--------------------------------------------------------------------------------
$TTL 86400
@ IN SOA piki.kr. root.piki.kr. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns.piki.kr.
156 IN PTR ns.piki.kr.
156 IN PTR www.piki.kr
-------------------------------------------------------------------------------
내부에서는 작동을 하지만 외부에서는 작동이 되지 않습니다.
혹시나 하여 53포트 문제인가 싶어서 53포트를 테스트 해봤습니다만 문제는 없습니다.
제가 설정에 있어서 누락되거나 아님 잘못 설정한것이지 살펴봐 주시길 바랍니다.
댓글 달기