20. 20
手順1 クライアントPCに「melonpan.udx.local」の場所を教えます。
コマンドプロンプトにて、powershell -NoProfile -ExecutionPolicy unrestricted -Command "start notepad C:¥Windows¥System32¥drivers¥etc¥hosts -verb runas"
もしくは、メモ帳を管理者として実行して、「 C:¥Windows¥System32¥drivers¥etc¥hosts 」を開く
手順2 「192.168.210.111」melonpan.udx.local を登録します
メールクライアントで確認(HOSTS登録)
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
192.168.210.26 melonpan.udx.local
手順3 pingで確認します
ping melonpan.udx.local でIPアドレスを確認
24. 24
手順A 参加者全員で、だれがDNSレコードを追加登録するか合意する
手順B DNSサーバ(192.168.210.195)にログインする
手順C ゾーンファイルにDNSレコードを追加する。
手順D bindサービスを再起動する
メール送信1 DNSレコード登録する(1人のみ)
じゃんけん?
[root@Linux8-Mail2 systemd]# ssh 192.168.210.195
The authenticity of host '192.168.210.195 (192.168.210.195)' can't be established.
ECDSA key fingerprint is SHA256:OFLn5EZzlb+QpQMDrCTuMsmVoGqCKpPUSTM6FOFDJG4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.210.195' (ECDSA) to the list of known hosts.
root@192.168.210.195's password:
Last login: Thu Jun 3 11:46:54 2021 from 192.168.210.12
[root@Linux8-DNS ~]#
Me1onpan#
プロンプトが「Linux8-DNS」に変更し事を確認
1 $ORIGIN udx.local.
2 $TTL 86400
3 udx.local. IN SOA ns.udx.local. suzukito.udx.local. (
4
5 2021060201 ;Serial
6 3600 ;Refresh
7 1800 ;Retry
8 604800 ;Expire
9 86400 ;Minimum TTL
10 )
11 udx.local. IN NS ns.udx.local.
12 udx.local. IN MX 10 melonpan.udx.local.
13 udx.local. IN MX 20 anpan.udx.local.
14 udx.local. IN MX 30 currypan.udx.local.
15 udx.local. IN MX 40 croissant.udx.local.
16
17 ns.udx.local. IN A 192.168.210.195
18
19 melonpan.udx.local. IN A 192.168.210.26
20 anpan.udx.local. IN A 192.168.210.23
21 currypan.udx.local. IN A 192.168.210.22
22 croissant.udx.local. IN A 192.168.210.21
/var/named/udx.local.zone
[root@Linux8-DNS ~]#vi /var/named/udx.local.zone
ホスト名の最後に「.」ピリオドを
[root@Linux8-DNS ~]#systemctl restart named
[root@Linux8-DNS ~]#systemctl status named
25. 25
手順1 DNSサーバを指定する
手順2 dig、hosts コマンドをインストールする
手順3 ホスト名でpingが疎通出来るかを確認する
ping NGの場合は、GATEWAYを確認
手順4 dig ホスト名
メール送信2 DNSサーバを指定する(全員)
[root@Linux8-Mail1 ~]# nmcli conn show ens192 | grep ipv4.dns:
ipv4.dns: --
[root@Linux8-Mail1 ~]# nmcli conn mod ens192 +ipv4.dns 192.168.210.195
[root@Linux8-Mail1 ~]# nmcli conn down ens192; nmcli conn up ens192
[root@Linux8-Mail1 ~]# nmcli conn show ens192 | grep ipv4.dns:
ipv4.dns: 192.168.210.195
[root@Linux8-Mail1 ~]#
[root@Linux8-Mail1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens192 | grep DNS
DNS1=192.168.210.195
[root@Linux8-Mail1 ~]#
[root@Linux8-Mail1 ~]# dnf install bind-utils
[root@Linux8-Mail1 ]# dig melonpna.udx.local
; <<>> DiG 9.11.26-RedHat-9.11.26-3.el8 <<>> melonpna.udx.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to
DNS
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55392
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 31aee03dfc528dbcac8fce4760b8553215a7779e0ecb332a (good)
;; QUESTION SECTION:
;melonpna.udx.local. IN A
;; AUTHORITY SECTION:
udx.local. 86400 IN SOA ns.udx.local. suzukito.udx.local.
2021060201 3600 1800 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.210.195#53(192.168.210.195)
;; WHEN: 木 6月 03 00:06:10 EDT 2021
;; MSG SIZE rcvd: 123
[root@Linux8-Mail1 network-scripts]#
[root@Linux8-Mail1 network-scripts]# ping anpan.udx.local
PING anpan.udx.local (192.168.210.23) 56(84) bytes of data.
64 bytes from 192.168.210.23 (192.168.210.23): icmp_seq=1 ttl=64 time=0.154 ms
64 bytes from 192.168.210.23 (192.168.210.23): icmp_seq=2 ttl=64 time=0.116 ms
64 bytes from 192.168.210.23 (192.168.210.23): icmp_seq=3 ttl=64 time=0.127 ms
64 bytes from 192.168.210.23 (192.168.210.23): icmp_seq=4 ttl=64 time=0.122 ms
64 bytes from 192.168.210.23 (192.168.210.23): icmp_seq=5 ttl=64 time=0.118 ms
27. 27
手順1 /etc/named.conf
参考:DNSサーバ設定
[root@Linux8-DNS ~]# vi /etc/named.conf
1 //
2 // named.conf
3 //
4 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
5 // server as a caching only nameserver (as a localhost DNS resolver only).
6 //
7 // See /usr/share/doc/bind*/sample/ for example named configuration files.
8 //
9 acl udx-local{
10 192.168.210.0/24;
11 };
12
13 options {
14 listen-on port 53 { 192.168.210.195; 127.0.0.1; };
15 listen-on-v6 port 53 { none; };
16 directory "/var/named";
17 version "Linux#8 DNS Server";
18 dump-file "/var/named/data/cache_dump.db";
19 statistics-file "/var/named/data/named_stats.txt";
20 memstatistics-file "/var/named/data/named_mem_stats.txt";
21 secroots-file "/var/named/data/named.secroots";
22 recursing-file "/var/named/data/named.recursing";
23 allow-query { localhost; udx-local;};
24
25 /*
26 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
27 - If you are building a RECURSIVE (caching) DNS server, you need to enable
28 recursion.
29 - If your recursive DNS server has a public IP address, you MUST enable access
30 control to limit queries to your legitimate users. Failing to do so will
31 cause your server to become part of large scale DNS amplification
32 attacks. Implementing BCP38 within your network would greatly
33 reduce such attack surface
34 */
35 recursion yes;
36
37 dnssec-enable yes;
38 dnssec-validation yes;
39
40 managed-keys-directory "/var/named/dynamic";
41
42 pid-file "/run/named/named.pid";
43 session-keyfile "/run/named/session.key";
44
45 /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
46 include "/etc/crypto-policies/back-ends/bind.config";
47 };
48
49 logging {
50 channel default_debug {
51 file "data/named.run";
52 severity dynamic;
53 };
54 };
55
56 zone "." IN {
57 type hint;
58 file "named.ca";
59 };
60
61 include "/etc/named.rfc1912.zones";
62 include "/etc/named.root.key";
63
64 zone "udx.local" IN {
65 type master;
66 file "udx.local.zone";
67 };
68 zone "210.168.192.in-addr.arpa" IN {
69 type master;
70 file "210.168.192.zone";
71 };
1 $ORIGIN udx.local.
2 $TTL 86400
3 udx.local. IN SOA ns.udx.local. suzukito.udx.local. (
4
5 2021060201 ;Serial
6 3600 ;Refresh
7 1800 ;Retry
8 604800 ;Expire
9 86400 ;Minimum TTL
10 )
11 udx.local. IN NS ns.udx.local.
12 udx.local. IN MX 10 melonpan.udx.local.
13 udx.local. IN MX 20 anpan.udx.local.
14 udx.local. IN MX 30 currypan.udx.local.
15 udx.local. IN MX 40 croissant.udx.local.
16
17 ns.udx.local. IN A 192.168.210.195
18
19 melonpan.udx.local. IN A 192.168.210.26
20 anpan.udx.local. IN A 192.168.210.23
21 currypan.udx.local. IN A 192.168.210.22
22 croissant.udx.local. IN A 192.168.210.21
1 $TTL 86400
2 @ IN SOA udx.local. suzukito.udx.local. (
3 2021060201 ;Serial
4 3600 ;Refresh
5 1800 ;Retry
6 604800 ;Expire
7 86400 ;Minumum TTL
8 )
9 IN NS ns.udx.local.
/var/named/udx.local.zone
/var/named/210.168.192.zone