memos/Home Server/Network/DNS/CoreDNS.md

Go로 작성된 오픈소스 [[DNS]] Server
경량, 유연성, 단순함이 특징
k8s의 기본 DNS로 사용됨

# 1. Install using docker
## 1.1. Directory structure

```dirtree
- /mnt/md0/infra
    - .env
    - compose.yml
    - /coredns
        - /config
            - Corefile
            - home.server.db
        - /data
```

## 1.2. dotenv file
 /.env
 
```
BASE_PATH=/mnt/md0/infra
```

## 1.3. Docker compose
/compose.yml

```yml

name: infrastructure
services:
  dns:
    image: coredns/coredns:1.11.3
    container_name: dns
    restart: always
    command: -conf /root/Corefile
    ports:
      - 53:53/udp
      - 53:53/tcp
      - 9153:9153/tcp
    volumes:
      - ${BASE_PATH}/coredns/data:/data:rw
      - ${BASE_PATH}/coredns/config:/root:ro
    networks:
      - infra

networks:
  infra:
    driver: bridge
```

## 1.4. 추가로 필요한 사항 - 리눅스
리눅스의 경우 53번 포트가 systemd-resolve 프로세스에 미리 점유되어 있다. 
따라서 해당 프로세스가 53번 포트를 점유하지 않도록 바꿔주어야 DNS Server를 실행할 수 있다.

### 1.4.1. 프로세스 확인

```shell
sudo lsof -i :53
```

```
COMMAND   PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 671 systemd-resolve   14u  IPv4   8659      0t0  UDP _localdnsstub:domain
systemd-r 671 systemd-resolve   15u  IPv4   8660      0t0  TCP _localdnsstub:domain (LISTEN)
systemd-r 671 systemd-resolve   16u  IPv4   8661      0t0  UDP _localdnsproxy:domain
systemd-r 671 systemd-resolve   17u  IPv4   8662      0t0  TCP _localdnsproxy:domain (LISTEN)
```

### 1.4.2. Edit systemd-resolved config

```shell
sudo vim /etc/systemd/resolved.conf
```

before

```
#DNS=
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
#StaleRetentionSec=0
```

after

```
DNS=8.8.8.8
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
#StaleRetentionSec=0
```

### 1.4.3. Create symlink

```shell
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
```

### 1.4.4. Reboot

```shell
sudo reboot
```

# 2. Corefile
CoreDNS 의 설정 파일

```
home.server {
    file /root/home.server.db
    log
}

. {
    forward . tls://8.8.8.8 tls://1.1.1.1 {
        except home.server
    }
    log
    cache
    errors
}
```

# 3. Zone file
[[DNS#DNS Zone file]]

```
$ORIGIN home.server.
$TTL 3600
@ IN SOA ns1.home.server. admin.home.server. (
         2024082401 ; serial
         7200       ; refresh
         3600       ; retry
         1209600    ; expire
         3600       ; minimum
)
@ IN NS ns1.home.server.
@ IN A 192.168.200.10

* IN CNAME @
```
init 2024-08-25 15:21:39 +00:00			`Go로 작성된 오픈소스 [[DNS]] Server`
			`경량, 유연성, 단순함이 특징`
			`k8s의 기본 DNS로 사용됨`

vault backup: 2024-08-26 20:55:58 2024-08-26 11:55:58 +00:00			`# 1. Install using docker`
			`## 1.1. Directory structure`
init 2024-08-25 15:21:39 +00:00
			```dirtree
			`- /mnt/md0/infra`
			`- .env`
			`- compose.yml`
			`- /coredns`
			`- /config`
			`- Corefile`
			`- home.server.db`
			`- /data`
			```

vault backup: 2024-08-26 20:55:58 2024-08-26 11:55:58 +00:00			`## 1.2. dotenv file`
init 2024-08-25 15:21:39 +00:00			`/.env`

			```
			`BASE_PATH=/mnt/md0/infra`
			```

vault backup: 2024-08-26 20:55:58 2024-08-26 11:55:58 +00:00			`## 1.3. Docker compose`
init 2024-08-25 15:21:39 +00:00			`/compose.yml`

			```yml

			`name: infrastructure`
			`services:`
			`dns:`
			`image: coredns/coredns:1.11.3`
			`container_name: dns`
			`restart: always`
			`command: -conf /root/Corefile`
			`ports:`
			`- 53:53/udp`
			`- 53:53/tcp`
			`- 9153:9153/tcp`
			`volumes:`
			`- ${BASE_PATH}/coredns/data:/data:rw`
			`- ${BASE_PATH}/coredns/config:/root:ro`
			`networks:`
			`- infra`

			`networks:`
			`infra:`
			`driver: bridge`
			```

vault backup: 2024-08-26 20:55:58 2024-08-26 11:55:58 +00:00			`## 1.4. 추가로 필요한 사항 - 리눅스`
init 2024-08-25 15:21:39 +00:00			`리눅스의 경우 53번 포트가 systemd-resolve 프로세스에 미리 점유되어 있다.`
			`따라서 해당 프로세스가 53번 포트를 점유하지 않도록 바꿔주어야 DNS Server를 실행할 수 있다.`

vault backup: 2024-08-26 20:55:58 2024-08-26 11:55:58 +00:00			`### 1.4.1. 프로세스 확인`
init 2024-08-25 15:21:39 +00:00
			```shell
			`sudo lsof -i :53`
			```

			```
			`COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME`
			`systemd-r 671 systemd-resolve 14u IPv4 8659 0t0 UDP _localdnsstub:domain`
			`systemd-r 671 systemd-resolve 15u IPv4 8660 0t0 TCP _localdnsstub:domain (LISTEN)`
			`systemd-r 671 systemd-resolve 16u IPv4 8661 0t0 UDP _localdnsproxy:domain`
			`systemd-r 671 systemd-resolve 17u IPv4 8662 0t0 TCP _localdnsproxy:domain (LISTEN)`
			```

vault backup: 2024-08-26 20:55:58 2024-08-26 11:55:58 +00:00			`### 1.4.2. Edit systemd-resolved config`
init 2024-08-25 15:21:39 +00:00
			```shell
			`sudo vim /etc/systemd/resolved.conf`
			```

			`before`

			```
			`#DNS=`
			`#FallbackDNS=`
			`#Domains=`
			`#DNSSEC=no`
			`#DNSOverTLS=no`
			`#MulticastDNS=no`
			`#LLMNR=no`
			`#Cache=no-negative`
			`#CacheFromLocalhost=no`
			`#DNSStubListener=yes`
			`#DNSStubListenerExtra=`
			`#ReadEtcHosts=yes`
			`#ResolveUnicastSingleLabel=no`
			`#StaleRetentionSec=0`
			```

			`after`

			```
			`DNS=8.8.8.8`
			`#FallbackDNS=`
			`#Domains=`
			`#DNSSEC=no`
			`#DNSOverTLS=no`
			`#MulticastDNS=no`
			`#LLMNR=no`
			`#Cache=no-negative`
			`#CacheFromLocalhost=no`
			`DNSStubListener=no`
			`#DNSStubListenerExtra=`
			`#ReadEtcHosts=yes`
			`#ResolveUnicastSingleLabel=no`
			`#StaleRetentionSec=0`
			```

vault backup: 2024-08-26 20:55:58 2024-08-26 11:55:58 +00:00			`### 1.4.3. Create symlink`
init 2024-08-25 15:21:39 +00:00
			```shell
			`sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf`
			```

vault backup: 2024-08-26 20:55:58 2024-08-26 11:55:58 +00:00			`### 1.4.4. Reboot`
init 2024-08-25 15:21:39 +00:00
			```shell
			`sudo reboot`
			```

vault backup: 2024-08-26 20:55:58 2024-08-26 11:55:58 +00:00			`# 2. Corefile`
init 2024-08-25 15:21:39 +00:00			`CoreDNS 의 설정 파일`

			```
			`home.server {`
			`file /root/home.server.db`
			`log`
			`}`

			`. {`
			`forward . tls://8.8.8.8 tls://1.1.1.1 {`
			`except home.server`
			`}`
			`log`
			`cache`
			`errors`
			`}`
			```

vault backup: 2024-08-26 20:55:58 2024-08-26 11:55:58 +00:00			`# 3. Zone file`
init 2024-08-25 15:21:39 +00:00			`[[DNS#DNS Zone file]]`

			```
			`$ORIGIN home.server.`
			`$TTL 3600`
			`@ IN SOA ns1.home.server. admin.home.server. (`
			`2024082401 ; serial`
			`7200 ; refresh`
			`3600 ; retry`
			`1209600 ; expire`
			`3600 ; minimum`
			`)`
			`@ IN NS ns1.home.server.`
			`@ IN A 192.168.200.10`

			`* IN CNAME @`
			```