IT/컨테이너와 Kubernetes

간단하게 사설 DNS서버 구성해보기(feat. docker)

엔지니어 문 2021. 1. 31. 18:46

1. docker-compose 작성

docker-compose
===================================================================
version: '3'

services:
  bind:
#    restart: always
    image: mcchae/dns-server
    ports:
    - "53:53/udp"
    - "53:53/tcp"
    - "10000:10000/tcp"
    volumes:
    - ~/tmp/:/home/
    stdin_open: true    # docker run -i
    tty: true           # docker run -t
===================================================================

 

- 공개된 dns-server 이미지를 통해 컨테이너를 구동한다. (데미안 기반의 bind서버 이미지: mcchae/dns-server)

- 바인딩할 포트를 설정한다.

- 최초 구성시 생성되는 config파일을 백업하기 위해 docker 컨테이너가 구동되는 호스트에 마운트 지점을 설정한다.

   

2. 기본 컨테이너의 config 파일 복사

- 수정이 필요한 파일들을 호스트와 마운트 된 path로 복사한다.

  • /etc/bind/named.conf.options
  • /etc/bind/named.conf.local
  • /etc/bind/zones.rfc1918

 

3. custom config 추가

named.conf.options
===============================================
…
	allow-query { any; };

	forwarders { 8.8.8.8; };

	recursion yes;
===============================================

named.conf.local
===============================================
…
include "/etc/bind/zones.rfc1918";
===============================================

zones.rfc1918
===============================================
…

zone "test20210131.org" in {

    type master;

    file "/etc/bind/test20210131.org.zone";

};

zone "100.0.1.10.in-addr.arpa" {

    type master;

    file "/etc/bind/db.100.0.1.10";

    allow-update { none; };

};
===============================================

test20210131.org.zone
===============================================
;
; BIND data file for local loopback interface
;

$TTL	604800

@	IN	SOA	localhost. root.localhost. (

			      3		; Serial

			 604800		; Refresh

			  86400		; Retry

			2419200		; Expire

			 604800 )	; Negative Cache TTL

;

@	IN	A	127.0.0.1

@	IN	AAAA	::1

www	IN	A	10.10.10.1
===============================================

db.100.0.1.10  <= [ip역순: dns 서버 IP가 100.1.0.100일때]
===============================================
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;

$TTL	86400

@	IN	SOA	localhost. root.localhost. (

			      1		; Serial

			 604800		; Refresh

			  86400		; Retry

			2419200		; Expire

			  86400 )	; Negative Cache TTL

;

@	IN	NS	localhost.
===============================================

 

4. 수정된 config 마운트를 통한 zone 파일 등록 내용 반영

version: '3'

services:
  bind:
#    restart: always
    image: mcchae/dns-server
    ports:
    - "53:53/udp"
    - "53:53/tcp"
    - "10000:10000/tcp"
    volumes:
    - ~/named/conf/named.conf.options:/etc/bind/named.conf.options
    - ~/named/conf/named.conf.local:/etc/bind/named.conf.local
    - ~/named/conf/zones.rfc1918:/etc/bind/zones.rfc1918
    - ~/named/conf/test20210131.org.zone:/etc/bind/test20210131.org.zone
    - ~/named/conf/db.100.0.1.10:/etc/bind/db.100.0.1.10
    stdin_open: true    # docker run -i
    tty: true           # docker run -t

 

5. 정상적인 처리가 가능한지 dns 질의 테스트

dig를 통해 실제 질의가 정상적으로 처리되는지 확인이 가능하다.