memos/Home Server/Network/DNS/CoreDNS.md
2024-08-26 00:21:39 +09:00

2.8 KiB

Go로 작성된 오픈소스 DNS Server 경량, 유연성, 단순함이 특징 k8s의 기본 DNS로 사용됨

Install using docker

Directory structure

- /mnt/md0/infra
    - .env
    - compose.yml
    - /coredns
        - /config
            - Corefile
            - home.server.db
        - /data

dotenv file

/.env

BASE_PATH=/mnt/md0/infra

Docker compose

/compose.yml


name: infrastructure
services:
  dns:
    image: coredns/coredns:1.11.3
    container_name: dns
    restart: always
    command: -conf /root/Corefile
    ports:
      - 53:53/udp
      - 53:53/tcp
      - 9153:9153/tcp
    volumes:
      - ${BASE_PATH}/coredns/data:/data:rw
      - ${BASE_PATH}/coredns/config:/root:ro
    networks:
      - infra

networks:
  infra:
    driver: bridge

추가로 필요한 사항 - 리눅스

리눅스의 경우 53번 포트가 systemd-resolve 프로세스에 미리 점유되어 있다. 따라서 해당 프로세스가 53번 포트를 점유하지 않도록 바꿔주어야 DNS Server를 실행할 수 있다.

프로세스 확인

sudo lsof -i :53
COMMAND   PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 671 systemd-resolve   14u  IPv4   8659      0t0  UDP _localdnsstub:domain
systemd-r 671 systemd-resolve   15u  IPv4   8660      0t0  TCP _localdnsstub:domain (LISTEN)
systemd-r 671 systemd-resolve   16u  IPv4   8661      0t0  UDP _localdnsproxy:domain
systemd-r 671 systemd-resolve   17u  IPv4   8662      0t0  TCP _localdnsproxy:domain (LISTEN)

Edit systemd-resolved config

sudo vim /etc/systemd/resolved.conf

before

#DNS=
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
#StaleRetentionSec=0

after

DNS=8.8.8.8
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
#StaleRetentionSec=0
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

Reboot

sudo reboot

Corefile

CoreDNS 의 설정 파일

home.server {
    file /root/home.server.db
    log
}

. {
    forward . tls://8.8.8.8 tls://1.1.1.1 {
        except home.server
    }
    log
    cache
    errors
}

Zone file

DNS#DNS Zone file

$ORIGIN home.server.
$TTL 3600
@ IN SOA ns1.home.server. admin.home.server. (
         2024082401 ; serial
         7200       ; refresh
         3600       ; retry
         1209600    ; expire
         3600       ; minimum
)
@ IN NS ns1.home.server.
@ IN A 192.168.200.10

* IN CNAME @