모의해킹 침해대응 정보보안 전문가 양성과정 Day16

 

 

 

 

DNS

 

 

 

 

 

 

서비스 설정 가이드 ( Ex : DNS 서비스)

 

(ㄱ) 패키지 설치 (ex : # yum -y install bind)

(ㄴ) 설정 ( ex : # vi /etc/named.conf)

(ㄷ) 서비스 기동 ( ex : # systemctl restart/enable bind)

(ㄹ) 방화벽 등록 ( ex : # firewall-config)

(ㅁ) SELinux 설정 여부 확인

 

어떤 서비스이던 위와 같은 순서대로 확인을 한다.

 

 

 

 

 

■ BIND 9.X on CentOS 7.X

---------------------------------

● Program: bind + bind-chroot

● Daemon & Port & Protocol: named, 53(TCP/UDP)

● Configuration File(s): /etc/named.{named.conf|rfc1912.zones}

● Sub Configuration File(s): /var/named/*

● Service: named.service

---------------------------------

● 추가 정리 부분은 : 기능

---------------------------------

 

 

 

 

 

 

[실습1] linux2XX.example.com DNS 서버 구축

DNS Server

* /etc/named.conf

* /etc/named.rfc1912.zones

* /var/named/example2XX.zone

* /var/named/example2XX.rev

* /var/named/named.ca

 

DNS Client

* /etc/resolv.conf

 

 

 

 

 

 

[실습2] nameserver lookup command

* nslookup CMD

* dig CMD

* host CMD

 

 

 

 

 

[실습3] 도메인 등록

# vi /var/named/example2XX.zone

www IN A 172.16.6.2XX

ftp IN A 172.16.6.2XX

@ IN MX 10 mail

mail IN A 172.16.6.2XX

cafe IN A 172.16.6.2XX

# systemctl restart named

 

# vi /etc/resolv.conf

nameserver 168.126.63.1

# yum install httpd mod_ssl

 

# cp /etc/passwd /var/www/html/index.html

# systemctl restart httpd

# systemctl enable httpd

# systemctl status httpd

 

# firefox http://172.16.6.2XX &

# firefox http://www.linux2XX.example.com &

 

# cd /var/www/html

# vi index.html

 

 

 

 

 

 

[실습4] DNS 웹부하분산

# vi /var/named/example2XX.zone

www IN A 172.16.6.2

www IN A 172.16.6.3

www IN A 172.16.6.4

# systemctl restart named

# nslookup www.linux2XX.example.com

# nslookup www.linux2XX.example.com

# nslookup www.linux2XX.example.com

 

 

 

 

 

 

[실습5] 도메인 위임(Domain Delegation)

(example.com) -- delegation --> (linux2XX.example.com)

co.kr yahoo.co.kr

# vi /var/named/example2XX.zone

linux2XX IN NS ns1.linux2XX

ns1.linux2XX IN A 172.16.6.2XX

# vi /var/named/example2XX.rev

2XX IN PTR ns1.linux2XX.example.com.

# systemctl restart named

# nslookup -q=NS linux2XX.example.com

 

 

 

 

 

 

[실습6] Master/Slave DNS Server

(on Master)

# yum -y install bind

# vi /etc/named.conf

# vi /etc/named.rfc1912.zones

# vi /var/named/example2XX.zone

# vi /var/named/example2XX.rev

# systemctl restart named

# systemctl enable named

 

(on Slave)

# yum -y install bind

# vi /etc/named.conf

# vi /etc/named.rfc1912.zones

# systemctl restart named

# systemctl enable named

 

 

 

 

 

 

[실습7] Master/Slave DNS Server - Zone Transfer(존 파일 업데이트 실습)

* SOA Resource Type

(on Master)

# vi /var/named/example2XX.zone

* 편집(serial number + zone data update)

# systemctl restart named

 

 

 

 

 

 

 

 

WEB

FTP

MAIL

 

NFS

SAMBA

 

rsyslog

SSH

....

DB

Kickstart