Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

7.3.2. Configuring BIND and DNS

Most of the instructions in this guide reference the domain name that is used to configure the sample OpenShift Enterprise installation. Configure the $domain environment variable to simplify the process with the following command, replacing example.com with the domain name to suit your environment: 
# domain=example.comdomain=example.com
Copy to Clipboard Toggle word wrap
Configure the $keyfile environment variable so that it contains the file name for a new DNSSEC key for your domain, which is created in the subsequent step: 
# keyfile=/var/named/$domain.key
Copy to Clipboard Toggle word wrap
Use the dnssec-keygen tool to generate the new DNSSEC key for the domain. Run the following commands to delete any old keys and generate a new key: 
# rm -vf /var/named/K$domain*
# pushd /var/named
# dnssec-keygen -a HMAC-SHA256 -b 256 -n USER -r /dev/urandom $domain
# KEY="$(grep Key: K$domain*.private | cut -d ' ' -f 2)"
# popd
Copy to Clipboard Toggle word wrap

Note

The $KEY environment variable has been set to hold the newly-generated key. This key is used in a later step.
Enabling Communication Between the Broker and BIND

Ensure that a key exists so that the broker can communicate with BIND. Use the rndc-confgen command to generate the appropriate configuration files for rndc, which is the tool that the broker uses to perform this communication: 

# rndc-confgen -a -r /dev/urandom
Copy to Clipboard Toggle word wrap
Configuring Ownership, Permissions, and SELinux Context

Ensure that the ownership, permissions, and SELinux context are set appropriately for this new key: 

# restorecon -v /etc/rndc.* /etc/named.*
# chown -v root:named /etc/rndc.key
# chmod -v 640 /etc/rndc.key
Copy to Clipboard Toggle word wrap

7.3.2.1. Configuring Sub-Domain Host Name Resolution
링크 복사

Configure BIND to resolve host names under the domain used for your OpenShift Enterprise installation. To achieve this, create a database for the domain. The dns-nsupdate plug-in includes an example database, used in this example as a template.

Procedure 7.4. To Configure Sub-Domain Host Name Resolution:

  1. Delete and create the /var/named/dynamic directory: 
    # rm -rvf /var/named/dynamic
# mkdir -vp /var/named/dynamic
    Copy to Clipboard Toggle word wrap
  2. Create an initial named database in a new file called /var/named/dynamic/$domain.db, replacing domain with your chosen domain. If the shell syntax is unfamiliar, see the BASH documentation at http://www.gnu.org/software/bash/manual/bashref.html#Here-Documents. 
    # cat <<EOF > /var/named/dynamic/${domain}.db
\$ORIGIN .
\$TTL 1	; 1 seconds (for testing only)
${domain}               IN SOA  ns1.${domain}. hostmaster.${domain}. (
                                2011112904 ; serial
                                60         ; refresh (1 minute)
                                15         ; retry (15 seconds)
                                1800       ; expire (30 minutes)
                                10         ; minimum (10 seconds)
                                )
                        NS      ns1.${domain}.
                        MX      10 mail.${domain}.
\$ORIGIN ${domain}.
ns1                     A       127.0.0.1
EOF
    Copy to Clipboard Toggle word wrap

Procedure 7.5. To Install the DNSSEC Key for a Domain:

  1. Create the file /var/named/$domain.key, where domain is your chosen domain: 
    # cat <<EOF > /var/named/$domain.keycat <<EOF > /var/named/$domain.keycat <<EOF > /var/named/$domain.key
key $domain {
  algorithm HMAC-SHA256;
  secret "${KEY}";
};
EOF
    Copy to Clipboard Toggle word wrap
  2. Set the permissions and SELinux context to the correct values: 
    # chgrp named -R /var/named
# chown named -R /var/named/dynamic
# restorecon -rv /var/named
    Copy to Clipboard Toggle word wrap
This configuration also requires a new /etc/named.conf file.

Procedure 7.6. To Configure a New /etc/named.conf File:

  1. Create the required file: 
    # cat <<EOF > /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
  listen-on port 53 { any; };
  directory 	"/var/named";
  dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
  allow-query     { any; };
  recursion no;

  /* Path to ISC DLV key */
  bindkeys-file "/etc/named.iscdlv.key";

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

// use the default rndc key
include "/etc/rndc.key";

controls {
  inet 127.0.0.1 port 953
  allow { 127.0.0.1; } keys { "rndc-key"; };
};

include "/etc/named.rfc1912.zones";

include "$domain.key";

zone "$domain" IN {
  type master;
  file "dynamic/$domain.db";
  allow-update { key $domain ; } ;
};
EOF
    Copy to Clipboard Toggle word wrap
  2. Set the permissions and SELinux context to the correct values: 
    # chown -v root:named /etc/named.conf
# restorecon /etc/named.conf
    Copy to Clipboard Toggle word wrap
맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat