[CentOS] 내부 DNS 서버 구축

/ Unix/Linux/MacOS / 글쓴이
Print Friendly, PDF & Email 
#!/bin/sh
CURRENT_TIME=`date "+%Y%m%d_%H%M%S"`
CURRENT_DIR=$(pwd)

DOMAIN_NAME="example.com"
NETWORK_PREFIX="192.168.1"
REVERSE_NETWORK="1.168.192"

#####################################################################
# bind 설치
#####################################################################
function install_pkgs() {
  yum -y update
  yum install -y bind bind-utils

  rm -rf /var/cache/yum/*
  rm -f /var/lib/rpm/__*
  rpm --rebuilddb -v -v
  yum clean all
}

#####################################################################
# /etc/named.conf 백업
#####################################################################
function backup_conf() {
  cp -fv /etc/named.conf /etc/named.conf.${CURRENT_TIME}
}

#####################################################################
# /etc/named.conf 편집
#####################################################################
function edit_named_conf() {
  sed -i "s/options {/acl \"trusted\" {\n\t${NETWORK_PREFIX}.0\/24;\n};\n\noptions {/g" /etc/named.conf
  sed -i "s/allow-query     { localhost; };/allow-transfer  { ${NETWORK_PREFIX}.254; };\n\tallow-query     { trusted; };/g" /etc/named.conf
  sed -i "s/listen-on port 53 { 127.0.0.1; };/listen-on port 53 { 127.0.0.1; ${NETWORK_PREFIX}.0\/24; };/g" /etc/named.conf
  echo 'include "/etc/named.conf.local";' >> /etc/named.conf
}

#####################################################################
# /etc/named.conf.local 편집
#####################################################################
function edit_named_conf_local() {
  echo "zone \"${DOMAIN_NAME}\" {" > /etc/named.conf.local
  echo "    type master;" >> /etc/named.conf.local
  echo "    file \"/var/named/zone_${DOMAIN_NAME}\"; # zone file path" >> /etc/named.conf.local
  echo "};" >> /etc/named.conf.local
  echo "" >> /etc/named.conf.local
  echo "zone \"${REVERSE_NETWORK}.in-addr.arpa\" {" >> /etc/named.conf.local
  echo "    type master;" >> /etc/named.conf.local
  echo "    file \"/var/named/zone_${REVERSE_NETWORK}\"; # ${NETWORK_PREFIX}.0/24 subnet" >> /etc/named.conf.local
  echo "};" >> /etc/named.conf.local
}

#####################################################################
# /var/named/zone_${DOMAIN_NAME} 편집
#####################################################################
function edit_zone1() {
  echo "\$TTL    3H" > /var/named/zone_${DOMAIN_NAME}
  echo "@       IN      SOA     ns1.${DOMAIN_NAME}. admin.${DOMAIN_NAME}. (" >> /var/named/zone_${DOMAIN_NAME}
  echo "                        5          ; Serial" >> /var/named/zone_${DOMAIN_NAME}
  echo "                        3H         ; Refresh" >> /var/named/zone_${DOMAIN_NAME}
  echo "                        1H         ; Retry" >> /var/named/zone_${DOMAIN_NAME}
  echo "                        1W         ; Expire" >> /var/named/zone_${DOMAIN_NAME}
  echo "                        3H )       ; Negative Cache TTL" >> /var/named/zone_${DOMAIN_NAME}
  echo ";" >> /var/named/zone_${DOMAIN_NAME}
  echo "                IN      NS      ns1" >> /var/named/zone_${DOMAIN_NAME}
  echo "                IN      A       ${NETWORK_PREFIX}.1" >> /var/named/zone_${DOMAIN_NAME}
  echo "" >> /var/named/zone_${DOMAIN_NAME}
  echo "; name servers - A records" >> /var/named/zone_${DOMAIN_NAME}
  echo "ns1             IN      A       ${NETWORK_PREFIX}.254" >> /var/named/zone_${DOMAIN_NAME}
  echo "" >> /var/named/zone_${DOMAIN_NAME}
  echo "; ${NETWORK_PREFIX}.0/24 - A records" >> /var/named/zone_${DOMAIN_NAME}
  echo "ftp             IN      A       ${NETWORK_PREFIX}.2" >> /var/named/zone_${DOMAIN_NAME}
  echo "imap            IN      A       ${NETWORK_PREFIX}.1" >> /var/named/zone_${DOMAIN_NAME}
  echo "mail            IN      A       ${NETWORK_PREFIX}.1" >> /var/named/zone_${DOMAIN_NAME}
  echo "pop             IN      A       ${NETWORK_PREFIX}.1" >> /var/named/zone_${DOMAIN_NAME}
  echo "smtp            IN      A       ${NETWORK_PREFIX}.1" >> /var/named/zone_${DOMAIN_NAME}
  echo "tech            IN      A       ${NETWORK_PREFIX}.1" >> /var/named/zone_${DOMAIN_NAME}
  echo "www             IN      A       ${NETWORK_PREFIX}.1" >> /var/named/zone_${DOMAIN_NAME}
  echo "local           IN      A       ${NETWORK_PREFIX}.254" >> /var/named/zone_${DOMAIN_NAME}
  echo "nas             IN      A       ${NETWORK_PREFIX}.2" >> /var/named/zone_${DOMAIN_NAME}
  echo "seetrol         IN      A       ${NETWORK_PREFIX}.101" >> /var/named/zone_${DOMAIN_NAME}
}

#####################################################################
# /var/named/zone_${NETWORK_PREFIX} 편집
#####################################################################
function edit_zone2() {
  echo "\$TTL    3H" > /var/named/zone_${REVERSE_NETWORK}
  echo "@       IN      SOA     ${DOMAIN_NAME}. admin.${DOMAIN_NAME}. (" >> /var/named/zone_${REVERSE_NETWORK}
  echo "                        5          ; Serial" >> /var/named/zone_${REVERSE_NETWORK}
  echo "                        3H         ; Refresh" >> /var/named/zone_${REVERSE_NETWORK}
  echo "                        1H         ; Retry" >> /var/named/zone_${REVERSE_NETWORK}
  echo "                        1W         ; Expire" >> /var/named/zone_${REVERSE_NETWORK}
  echo "                        3H )       ; Negative Cache TTL" >> /var/named/zone_${REVERSE_NETWORK}
  echo "; name servers" >> /var/named/zone_${REVERSE_NETWORK}
  echo "                IN      NS      ns1.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "" >> /var/named/zone_${REVERSE_NETWORK}
  echo "; PTR Records" >> /var/named/zone_${REVERSE_NETWORK}
  echo "254             IN      PTR     ns1.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "1               IN      PTR     imap.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "1               IN      PTR     mail.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "1               IN      PTR     nas.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "1               IN      PTR     pop.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "1               IN      PTR     smtp.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "1               IN      PTR     tech.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "1               IN      PTR     www.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "2               IN      PTR     ftp.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "101             IN      PTR     seetrol.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "2               IN      PTR     nas.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
  echo "254             IN      PTR     local.${DOMAIN_NAME}." >> /var/named/zone_${REVERSE_NETWORK}
}

#####################################################################
# 퍼미션 조정
#####################################################################
function set_perm() {
  chown root:named /var/named/*
  chown named:named /var/named/data
  chown named:named /var/named/dynamic
  chown named:named /var/named/slaves

  chmod 640 /var/named/*
  chmod 770 /var/named/data
  chmod 770 /var/named/dynamic
  chmod 770 /var/named/slaves

  chown root:named /etc/named.*
  chmod 640 /etc/named.*
}

#install_pkgs
cp -fv /etc/named.conf.20210126_160000 /etc/named.conf
backup_conf
edit_named_conf
edit_named_conf_local
edit_zone1
edit_zone2
set_perm
named-checkzone esvali.com /var/named/zone_${DOMAIN_NAME}
named-checkzone ${REVERSE_NETWORK}.in-addr.arpa /var/named/zone_${REVERSE_NETWORK}
systemctl restart named
#systemctl enable named
LAN_IF="enp2s0"
LAN_IP="10.10.10.254"
${IPTABLES_CMD} -t nat -A PREROUTING -i ${LAN_IF} ! -s ${LAN_IP} -p tcp --dport 53 -j DNAT --to ${LAN_IP}:53 -m comment --comment "내부 DNS 정책/tcp"
${IPTABLES_CMD} -t nat -A PREROUTING -i ${LAN_IF} ! -s ${LAN_IP} -p udp --dport 53 -j DNAT --to ${LAN_IP}:53 -m comment --comment "내부 DNS 정책/udp"
위로 스크롤