[Linux] 도메인 SOA RR 분석

Linux/Linux 실습

[Linux] 도메인 SOA RR 분석

GGkeeper 2021. 11. 13. 03:06

실습> 네이버, 다음 SOA RR 분석하기

1. 네이버 SOA RR
# dig naver.com soa

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> naver.com soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28042
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;naver.com. IN SOA

;; ANSWER SECTION:
naver.com. 300 IN SOA ns1.naver.com. webmaster.naver.com. 2021111202 21600 1800 1209600 180

;; AUTHORITY SECTION:
naver.com. 172800 IN NS ns1.naver.com.
naver.com. 172800 IN NS e-ns.naver.com.
naver.com. 172800 IN NS ns2.naver.com.

;; ADDITIONAL SECTION:
ns2.naver.com. 172800 IN A 125.209.249.6
ns1.naver.com. 172800 IN A 125.209.248.6
e-ns.naver.com. 172800 IN A 175.158.6.250

;; Query time: 127 msec
;; SERVER: 192.168.108.3#53(192.168.108.3)
;; WHEN: 금 11월 12 17:58:40 KST 2021
;; MSG SIZE rcvd: 187

-- naver.com.zone --
$TTL 300
@ IN SOA ns1 webmaster (2021111202 21600 1800 1209600 180)
-- naver.com.zone --

2. 다음 SOA RR

# dig daum.net soa

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> daum.net soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30135
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;daum.net. IN SOA

;; ANSWER SECTION:
daum.net. 1800 IN SOA ns.daum.net. hostmaster.daum.net. 2020091687 2700 900 604800 1800

;; AUTHORITY SECTION:
daum.net. 172800 IN NS ns2.daum.net.
daum.net. 172800 IN NS ns1.daum.net.

;; ADDITIONAL SECTION:
ns2.daum.net. 172800 IN A 113.61.107.5
ns1.daum.net. 172800 IN A 113.61.106.5

;; Query time: 113 msec
;; SERVER: 192.168.108.3#53(192.168.108.3)
;; WHEN: 금 11월 12 18:06:02 KST 2021
;; MSG SIZE rcvd: 155

-- daum.net.zone --
$TTL 1800
@ IN SOA ns hostmaster ( 2020091687 2700 900 604800 1800)
-- daum.net.zone --

실습> TTL 설정하기

-- sbs.com --
$TTL 60
@       IN  SOA ns  root.sbs.com. ( 2021111201 1D 1H 1W  3H)

        IN  NS  ns
     90 IN  A   192.168.108.3
ns  100 IN  A   192.168.108.3
www 110 IN  A   192.168.108.3
-- sbs.com --

# rndc reload
server reload successful

# dig sbs.com soa
;; ANSWER SECTION:
sbs.com. 60 IN SOA ns.sbs.com. root.sbs.com. 2021111201 86400 3600 604800 10800

;; AUTHORITY SECTION:
sbs.com. 60 IN NS ns.sbs.com.

# dig sbs.com
;; ANSWER SECTION:
sbs.com. 90 IN A 192.168.108.3

# dig ns.sbs.com
;; ANSWER SECTION:
ns.sbs.com. 100 IN A 192.168.108.3

# dig www.sbs.com
;; ANSWER SECTION:
www.sbs.com. 110 IN A 192.168.108.3

# nslookup
> set type=soa
> sbs.com
Server: 192.168.108.3
Address: 192.168.108.3#53

sbs.com
origin = ns.sbs.com
mail addr = root.sbs.com
serial = 2021111202
refresh = 86400
retry = 3600
expire = 604800
minimum = 500
> set type=ns
> sbs.com
Server: 192.168.108.3
Address: 192.168.108.3#53

sbs.com nameserver = ns.sbs.com.
> set type=a
> sbs.com
Server: 192.168.108.3
Address: 192.168.108.3#53

Name: sbs.com
Address: 192.168.108.3
> set type=ns
> sbs.com
Server: 192.168.108.3
Address: 192.168.108.3#53

sbs.com nameserver = ns.sbs.com.
> exit

dig에서 @8.8.8.8 로 외부 DNS 서버를 지정하고 sbs.com을 질의한다.
# dig @8.8.8.8 sbs.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> @8.8.8.8 sbs.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33579
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;sbs.com. IN A

;; ANSWER SECTION:
sbs.com. 7200 IN A 107.22.178.157

;; Query time: 275 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: 금 11월 12 19:24:00 KST 2021
;; MSG SIZE  rcvd: 52

# dig  sbs.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> sbs.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43773
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sbs.com. IN A

;; ANSWER SECTION:
sbs.com. 300 IN A 192.168.108.3

;; AUTHORITY SECTION:
sbs.com. 300 IN NS ns.sbs.com.

;; ADDITIONAL SECTION:
ns.sbs.com. 300 IN A 192.168.108.3

;; Query time: 0 msec
;; SERVER: 192.168.108.3#53(192.168.108.3)
;; WHEN: 금 11월 12 19:24:19 KST 2021
;; MSG SIZE  rcvd: 85

dig에서 +short 을 이용해서 출력의 결과를 짧게 출력한다.
# dig sbs.com soa +short
ns.sbs.com. root.sbs.com. 2021111202 86400 3600 604800 500
# dig sbs.com a +short
192.168.108.3

아래 도메인을 추가한다.
db.sbs.com.     192.168.108.4
cafe.sbs.com.   192.168.108.5

-- sbs.com.zone --
$TTL 300
@       IN  SOA ns  root ( 2021111203 1D 1H 1W  500)
        IN  NS  ns
        IN  A   192.168.108.3
ns      IN  A   192.168.108.3  ; ns.sbs.com.
www     IN  A   192.168.108.3  ; www.sbs.com.
db      IN  A   192.168.108.4  ; db.sbs.com.
cafe    IN  A   192.168.108.5  ; cafe.sbs.com.
-- sbs.com.zone --

# rndc reload
server reload successful

# dig db.sbs.com +short
192.168.108.4
# dig cafe.sbs.com +short
192.168.108.5

2차 네임서버를 추가한다.
ns2.sbs.com.     192.168.108.10

-- sbs.com.zone --
sbs.com.zone
$TTL 300
@       IN  SOA ns  root ( 2021111204 1D 1H 1W  500)
        IN  NS  ns
        IN  NS  ns2
        IN  A   192.168.108.3
ns      IN  A   192.168.108.3  ; ns.sbs.com.
ns2     IN  A   192.168.108.10 ; ns2.sbs.com.
www     IN  A   192.168.108.3  ; www.sbs.com.
db      IN  A   192.168.108.4  ; db.sbs.com.
cafe    IN  A   192.168.108.5  ; cafe.sbs.com.
-- sbs.com.zone --

# rndc reload

# dig sbs.com ns +short
ns.sbs.com.
ns2.sbs.com.
# dig ns.sbs.com +short
192.168.108.3
# dig ns2.sbs.com +short
192.168.108.10
# dig ns2.sbs.com a +short
192.168.108.10
# dig ns.sbs.com a +short
192.168.108.3

# dig sbs.com NS

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> sbs.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9329
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sbs.com. IN NS

;; ANSWER SECTION:
sbs.com. 300 IN NS ns2.sbs.com.
sbs.com. 300 IN NS ns.sbs.com.

;; ADDITIONAL SECTION:
ns.sbs.com. 300 IN A 192.168.108.3
ns2.sbs.com. 300 IN A 192.168.108.10

;; Query time: 0 msec
;; SERVER: 192.168.108.3#53(192.168.108.3)
;; WHEN: 금 11월 12 20:18:24 KST 2021
;; MSG SIZE rcvd: 103

# dig ns2.sbs.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> ns2.sbs.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5070
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns2.sbs.com. IN A

;; ANSWER SECTION:
ns2.sbs.com. 300 IN A 192.168.108.10

;; AUTHORITY SECTION:
sbs.com. 300 IN NS ns.sbs.com.
sbs.com. 300 IN NS ns2.sbs.com.

;; ADDITIONAL SECTION:
ns.sbs.com. 300 IN A 192.168.108.3

;; Query time: 0 msec
;; SERVER: 192.168.108.3#53(192.168.108.3)
;; WHEN: 금 11월 12 20:19:41 KST 2021
;; MSG SIZE rcvd: 103

실습> 조건에 맞는 네임서버를 설정하시오.

-- 조건 --
1. 도메인 : ebs.com
2. 2차 도메인 정보 :
1차 네임서버 : ns1.ebs.com 192.168.108.102
2차 네임서버 : ns2.ebs.com 192.168.108.103
웹서버 : www.ebs.com  192.168.108.104
웹서버 : www.ebs.com  192.168.108.105
파일 서버 : data.ebs.com 192.168.108.107
DB 서버  : db.ebs.com 192.168.108.108
DNS 관리자 : webadmin@ebs.com
TTL 값 : 300초 (5M)
3. 설정 후 dig으로 확인한다.
-- 조건 --

1. 도메인 등록
# vi /etc/named.rfc1912.zones
  :
  :(생략)
zone "ebs.com" IN {
   type master;
   file "ebs.com.zone";
   allow-update { none; };
};

2. 포워드 존파일 생성
# cd /var/named
# vi ebs.com.zone
$TTL 300
@       IN SOA  ns1  webadmin (2021111201 6H 3H 2W 500)
        IN NS   ns1              ; ns1.ebs.com.
        IN NS   ns2              ; ns2.ebs.com.
        IN A    192.168.108.3    ; ebs.com.
ns1     IN A    192.168.108.102  ; ns1.ebs.com.
ns2     IN A    192.168.108.103  ; ns2.ebs.com.
www     IN A    192.168.108.104  ; www.ebs.com.
www     IN A    192.168.108.105  ; www.ebs.com.
data    IN A    192.168.108.107  ; data.ebs.com.
db      IN A    192.168.108.108  ; db.ebs.com.

3. 권한 변경
# chmod o= ebs.com.zone
# chgrp named ebs.com.zone

4. 설정 파일 체크
# named-checkconf /etc/named.rfc1912.zones
# named-checkzone ebs.com ebs.com.zone
zone ebs.com/IN: loaded serial 2021111201
OK

5. 네임서버 재시작
# systemctl reload named

6. DNS 정보 확인
# dig ebs.com soa +short
ns1.ebs.com. webadmin.ebs.com. 2021111201 21600 10800 1209600 500

# dig ebs.com ns +short
ns1.ebs.com.
ns2.ebs.com.

# dig ns1.ebs.com +short
192.168.108.102

# dig ns2.ebs.com +short
192.168.108.103

# dig www.ebs.com +short
192.168.108.105
192.168.108.104

# dig data.ebs.com +short
192.168.108.107

# dig db.ebs.com +short
192.168.108.108

'Linux > Linux 실습' 카테고리의 다른 글

[Linux] 2차 네임 서버 구축 후 테스트 (0)	2021.11.19
[Linux] 2차 네임서버 구축 (0)	2021.11.18
[Linux] 도메인 정리 (0)	2021.11.13
[Linux] 도메인 + 가상 호스트 설정 (0)	2021.11.12
[Linux] DNS 서버 구축 (0)	2021.11.12

현재글[Linux] 도메인 SOA RR 분석

정보 보안 분야

Linux, 서버, php, 가상 호스트, Network, iptables, 리눅스, 파이썬, Netcat, 1계층, 설치, http, html, for 문, 물리계층, 반복문, Python, physical, 도메인, ubuntu,

Today :
Yesterday :

정보 보안 분야