IT/컨테이너와 Kubernetes
간단하게 사설 DNS서버 구성해보기(feat. docker)
엔지니어 문
2021. 1. 31. 18:46
1. docker-compose 작성
docker-compose
===================================================================
version: '3'
services:
bind:
# restart: always
image: mcchae/dns-server
ports:
- "53:53/udp"
- "53:53/tcp"
- "10000:10000/tcp"
volumes:
- ~/tmp/:/home/
stdin_open: true # docker run -i
tty: true # docker run -t
===================================================================
- 공개된 dns-server 이미지를 통해 컨테이너를 구동한다. (데미안 기반의 bind서버 이미지: mcchae/dns-server)
- 바인딩할 포트를 설정한다.
- 최초 구성시 생성되는 config파일을 백업하기 위해 docker 컨테이너가 구동되는 호스트에 마운트 지점을 설정한다.
2. 기본 컨테이너의 config 파일 복사
- 수정이 필요한 파일들을 호스트와 마운트 된 path로 복사한다.
- /etc/bind/named.conf.options
- /etc/bind/named.conf.local
- /etc/bind/zones.rfc1918
3. custom config 추가
named.conf.options
===============================================
…
allow-query { any; };
forwarders { 8.8.8.8; };
recursion yes;
===============================================
named.conf.local
===============================================
…
include "/etc/bind/zones.rfc1918";
===============================================
zones.rfc1918
===============================================
…
zone "test20210131.org" in {
type master;
file "/etc/bind/test20210131.org.zone";
};
zone "100.0.1.10.in-addr.arpa" {
type master;
file "/etc/bind/db.100.0.1.10";
allow-update { none; };
};
===============================================
test20210131.org.zone
===============================================
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN A 127.0.0.1
@ IN AAAA ::1
www IN A 10.10.10.1
===============================================
db.100.0.1.10 <= [ip역순: dns 서버 IP가 100.1.0.100일때]
===============================================
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS localhost.
===============================================
4. 수정된 config 마운트를 통한 zone 파일 등록 내용 반영
version: '3'
services:
bind:
# restart: always
image: mcchae/dns-server
ports:
- "53:53/udp"
- "53:53/tcp"
- "10000:10000/tcp"
volumes:
- ~/named/conf/named.conf.options:/etc/bind/named.conf.options
- ~/named/conf/named.conf.local:/etc/bind/named.conf.local
- ~/named/conf/zones.rfc1918:/etc/bind/zones.rfc1918
- ~/named/conf/test20210131.org.zone:/etc/bind/test20210131.org.zone
- ~/named/conf/db.100.0.1.10:/etc/bind/db.100.0.1.10
stdin_open: true # docker run -i
tty: true # docker run -t
5. 정상적인 처리가 가능한지 dns 질의 테스트