LoginSignup
0
0
@engishoma

DNS(unbound)を自動的に構築するスクリプトの作成

Last updated at Posted at 2023-06-26

目的

イベント開催時にDNSが必要となりました。今回、ネットワークの環境が直前まで安定していなかったので、本番環境が出来た時にすぐにデプロイする必要がありました。そこで、スクリプトを回すだけでDNSが自動的に構築する様なスクリプトを作成しました。

環境

ubuntu21.04

script本体

#!/bin/bash
#DNSに現在参照しているDNSを入力、FORWARDにフォワードさせたいDNSを指定
#logは/var/log/daemon.logに出力
DNS=172.24.2.51
FORWARD=8.8.8.8

apt -y update
apt -y install unbound


touch /etc/unbound/unbound.conf.d/dns.conf
chmod +rw /etc/unbound/unbound.conf.d/dns.conf

#sed -e "s/$DNS/127.0.0.1/g" -i /etc/netplan/00-installer-config.yaml

sudo tee /etc/unbound/unbound.conf.d/dns.conf <<EOF
server:
    # Send minimum amount of information to upstream servers to enhance
    # privacy. Only sends minimum required labels of the QNAME and sets
    # QTYPE to NS when possible.

    # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for
    # details.

    # qname-minimisation: yes

    # allow local address
    access-control: 0.0.0.0/0 allow

    # listen interface
    interface: 0.0.0.0

    # hide version
    hide-version: yes
    hide-identity: yes

    use-syslog: yes
    log-queries: yes

    local-data: "www.tmcit.sho    IN A 172.24.20.25"
#    local-data: "fuga.example.com.    IN A 172.16.0.2"
#    local-data: "foo.example.com.     IN A 172.16.0.3"
#    local-data: "bar.example.com.     IN A 172.16.0.4"


#forward-zone:
#        name: "example.org."
#        forward-addr: 192.168.10.5

forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4


EOF


service unbund start

TT='#daemon.*'
TP='daemon.*,,,,,'

echo $TT
echo $TP

sed -e "s/$TT/$TP/g" -i /etc/rsyslog.d/50-default.conf


TT=',,,'
TP=' '
sed -e "s/$TT/$TP/g" -i /etc/rsyslog.d/50-default.conf

TT=',,'
TP='-/var/log/daemon.log'
sed -e "s%$TT% $TP %g" -i /etc/rsyslog.d/50-default.conf


service rsyslog restart

systemctl stop systemd-resolved
systemctl disable systemd-resolved
systemctl enable unbound
service unbound restart
systemctl status unbound

解説

アップデート・インストール

apt -y update
apt -y install unbound

設定ファイルの作成・権限

touch /etc/unbound/unbound.conf.d/dns.conf
chmod +rw /etc/unbound/unbound.conf.d/dns.conf

設定ファイルの中身

server:
    # Send minimum amount of information to upstream servers to enhance
    # privacy. Only sends minimum required labels of the QNAME and sets
    # QTYPE to NS when possible.

    # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for
    # details.

    # qname-minimisation: yes

    # allow local address
    access-control: 0.0.0.0/0 allow

    # listen interface
    interface: 0.0.0.0

    # hide version
    hide-version: yes
    hide-identity: yes

    use-syslog: yes
    log-queries: yes

    local-data: "www.tmcit.sho    IN A 172.24.20.25"
#    local-data: "fuga.example.com.    IN A 172.16.0.2"
#    local-data: "foo.example.com.     IN A 172.16.0.3"
#    local-data: "bar.example.com.     IN A 172.16.0.4"


#forward-zone:
#        name: "example.org."
#        forward-addr: 192.168.10.5

forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4

ログの設定

TT='#daemon.*'
TP='daemon.*,,,,,'

echo $TT
echo $TP

sed -e "s/$TT/$TP/g" -i /etc/rsyslog.d/50-default.conf


TT=',,,'
TP=' '
sed -e "s/$TT/$TP/g" -i /etc/rsyslog.d/50-default.conf

TT=',,'
TP='-/var/log/daemon.log'
sed -e "s%$TT% $TP %g" -i /etc/rsyslog.d/50-default.conf

ログファイルの場所

/var/log/daemon.log

Jul  5 02:06:40 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul  5 02:06:40 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul  5 02:06:41 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul  5 02:06:41 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul  5 02:06:41 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul  5 02:06:41 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul  5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul  5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul  5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul  5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul  5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul  5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul  5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul  5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul  5 02:06:46 ubuntu-16 unbound: [370068:0] info: 127.0.0.1 node-expoter. AAAA IN
Jul  5 02:06:46 ubuntu-16 unbound: [370068:0] info: 127.0.0.1 node-expoter. AAAA IN
Jul  5 02:06:46 ubuntu-16 unbound: [370068:0] info: 127.0.0.1 node-expoter. A IN
Jul  5 02:06:46 ubuntu-16 unbound: [370068:0] info: 127.0.0.1 node-expoter. A IN
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0