어제 설치했고
오늘은 구성을 좀 해보고 있는 중이다.
구성이 완료되면 dns관련 취약점 공격 연습을 해보고 싶다.
[root@centos etc]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 210.220.163.82
nameserver 219.250.36.130
[root@centos etc]# cp /etc/resolv.conf /etc/resolv.conf.org
[root@centos etc]# vi /etc/resolv.conf
[root@centos etc]# systemctl restart named
[root@centos etc]# nslookup localhost.localdomain
;; connection timed out; no servers could be reached
[root@centos etc]# systemctl restart named
[root@centos etc]# nslookup localhost.localdomain
Server: 192.168.35.166
Address: 192.168.35.166#53
Name: localhost.localdomain
Address: 127.0.0.1
Name: localhost.localdomain
Address: ::1
[root@centos etc]# nslookup www.naver.com
Server: 192.168.35.166
Address: 192.168.35.166#53
Non-authoritative answer:
www.naver.com canonical name = www.naver.com.nheos.com.
Name: www.naver.com.nheos.com
Address: 223.130.195.200
Name: www.naver.com.nheos.com
Address: 223.130.195.95
[root@centos etc]# nslookup example.com
Server: 192.168.35.166
Address: 192.168.35.166#53
** server can't find example.com: SERVFAIL
[root@centos etc]# ls *zone*
named.rfc1912.zones named.rfc1912.zones.org
[root@centos etc]# vi example.zone
추가
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
allow-transfer { none; };
};
[root@centos etc]# systemctl restart named
Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.
[root@centos etc]# ls *zone*
example.zone named.rfc1912.zones named.rfc1912.zones.org
[root@centos etc]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 일 2023-07-23 21:35:30 KST; 16s ago
Process: 5600 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 1664 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 5846 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=1/FAILURE)
Main PID: 1666 (code=exited, status=0/SUCCESS)
7월 23 21:35:30 centos bash[5846]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN...rial 0
7월 23 21:35:30 centos bash[5846]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
7월 23 21:35:30 centos bash[5846]: zone 0.in-addr.arpa/IN: loaded serial 0
7월 23 21:35:30 centos bash[5846]: zone example.com/IN: loading from master file example.com.zone failed: file not found
7월 23 21:35:30 centos bash[5846]: zone example.com/IN: not loaded due to errors.
7월 23 21:35:30 centos bash[5846]: _default/example.com/IN: file not found
7월 23 21:35:30 centos systemd[1]: named.service: control process exited, code=exited status=1
7월 23 21:35:30 centos systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
7월 23 21:35:30 centos systemd[1]: Unit named.service entered failed state.
7월 23 21:35:30 centos systemd[1]: named.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
/etc/example.com.zone 로 vi named.rfc1912.zones
[root@centos etc]# vi named.rfc1912.zones
[root@centos etc]# systemctl restart named
[root@centos etc]# nslookup example.com
Server: 192.168.35.166
Address: 192.168.35.166#53
Name: example.com
Address: 192.0.2.1
Name: example.com
Address: 2001:db8:10::1
$ORIGIN example.com. ; designates the start of this zone file in the namespace
$TTL 3600 ; default expiration time (in seconds) of all RRs without their own TTL value
example.com. IN SOA ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 )
example.com. IN NS ns ; ns.example.com is a nameserver for example.com
example.com. IN NS ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com
example.com. IN MX 10 mail.example.com. ; mail.example.com is the mailserver for example.com
@ IN MX 20 mail2.example.com. ; equivalent to above line, "@" represents zone origin
@ IN MX 50 mail3 ; equivalent to above line, but using a relative host name
example.com. IN A 192.0.2.1 ; IPv4 address for example.com
IN AAAA 2001:db8:10::1 ; IPv6 address for example.com
ns IN A 192.0.2.2 ; IPv4 address for ns.example.com
IN AAAA 2001:db8:10::2 ; IPv6 address for ns.example.com
www IN CNAME example.com. ; www.example.com is an alias for example.com
wwwtest IN CNAME www ; wwwtest.example.com is another alias for www.example.com
mail IN A 192.0.2.3 ; IPv4 address for mail.example.com
mail2 IN A 192.0.2.4 ; IPv4 address for mail2.example.com
mail3 IN A 192.0.2.5 ; IPv4 address for mail3.example.com
https://blog.naver.com/nms200299/222767645411
[CentOS 7] DNS 서버 구축 방법 및 실습
중부대학교 정보보호학전공 2학년 교과목인 <서버구축및운영실습>에서 팀 프로젝트 실습 내용을 각색...
blog.naver.com
https://en.wikipedia.org/wiki/Zone_file
Zone file - Wikipedia
From Wikipedia, the free encyclopedia Text file describing a DNS zone A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zo
en.wikipedia.org
'정보보안기사 > linux' 카테고리의 다른 글
| [실습] sendmail (0) | 2023.07.24 |
|---|---|
| [실습] DNS 관련 (0) | 2023.07.24 |
| [실습] 크론탭 (0) | 2023.07.23 |
| [실습] xinetd finger클라 (0) | 2023.07.23 |
| [실습] DNS 서버 설치 (0) | 2023.07.22 |