目的
イベント開催時にDNSが必要となりました。今回、ネットワークの環境が直前まで安定していなかったので、本番環境が出来た時にすぐにデプロイする必要がありました。そこで、スクリプトを回すだけでDNSが自動的に構築する様なスクリプトを作成しました。
環境
ubuntu21.04
script本体
#!/bin/bash
#DNSに現在参照しているDNSを入力、FORWARDにフォワードさせたいDNSを指定
#logは/var/log/daemon.logに出力
DNS=172.24.2.51
FORWARD=8.8.8.8
apt -y update
apt -y install unbound
touch /etc/unbound/unbound.conf.d/dns.conf
chmod +rw /etc/unbound/unbound.conf.d/dns.conf
#sed -e "s/$DNS/127.0.0.1/g" -i /etc/netplan/00-installer-config.yaml
sudo tee /etc/unbound/unbound.conf.d/dns.conf <<EOF
server:
# Send minimum amount of information to upstream servers to enhance
# privacy. Only sends minimum required labels of the QNAME and sets
# QTYPE to NS when possible.
# See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for
# details.
# qname-minimisation: yes
# allow local address
access-control: 0.0.0.0/0 allow
# listen interface
interface: 0.0.0.0
# hide version
hide-version: yes
hide-identity: yes
use-syslog: yes
log-queries: yes
local-data: "www.tmcit.sho IN A 172.24.20.25"
# local-data: "fuga.example.com. IN A 172.16.0.2"
# local-data: "foo.example.com. IN A 172.16.0.3"
# local-data: "bar.example.com. IN A 172.16.0.4"
#forward-zone:
# name: "example.org."
# forward-addr: 192.168.10.5
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
EOF
service unbund start
TT='#daemon.*'
TP='daemon.*,,,,,'
echo $TT
echo $TP
sed -e "s/$TT/$TP/g" -i /etc/rsyslog.d/50-default.conf
TT=',,,'
TP=' '
sed -e "s/$TT/$TP/g" -i /etc/rsyslog.d/50-default.conf
TT=',,'
TP='-/var/log/daemon.log'
sed -e "s%$TT% $TP %g" -i /etc/rsyslog.d/50-default.conf
service rsyslog restart
systemctl stop systemd-resolved
systemctl disable systemd-resolved
systemctl enable unbound
service unbound restart
systemctl status unbound
解説
アップデート・インストール
apt -y update
apt -y install unbound
設定ファイルの作成・権限
touch /etc/unbound/unbound.conf.d/dns.conf
chmod +rw /etc/unbound/unbound.conf.d/dns.conf
設定ファイルの中身
server:
# Send minimum amount of information to upstream servers to enhance
# privacy. Only sends minimum required labels of the QNAME and sets
# QTYPE to NS when possible.
# See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for
# details.
# qname-minimisation: yes
# allow local address
access-control: 0.0.0.0/0 allow
# listen interface
interface: 0.0.0.0
# hide version
hide-version: yes
hide-identity: yes
use-syslog: yes
log-queries: yes
local-data: "www.tmcit.sho IN A 172.24.20.25"
# local-data: "fuga.example.com. IN A 172.16.0.2"
# local-data: "foo.example.com. IN A 172.16.0.3"
# local-data: "bar.example.com. IN A 172.16.0.4"
#forward-zone:
# name: "example.org."
# forward-addr: 192.168.10.5
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
ログの設定
TT='#daemon.*'
TP='daemon.*,,,,,'
echo $TT
echo $TP
sed -e "s/$TT/$TP/g" -i /etc/rsyslog.d/50-default.conf
TT=',,,'
TP=' '
sed -e "s/$TT/$TP/g" -i /etc/rsyslog.d/50-default.conf
TT=',,'
TP='-/var/log/daemon.log'
sed -e "s%$TT% $TP %g" -i /etc/rsyslog.d/50-default.conf
ログファイルの場所
/var/log/daemon.log
Jul 5 02:06:40 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul 5 02:06:40 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul 5 02:06:41 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul 5 02:06:41 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul 5 02:06:41 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul 5 02:06:41 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul 5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul 5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul 5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul 5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul 5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul 5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. A IN
Jul 5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul 5 02:06:42 ubuntu-16 unbound: [370068:0] info: 172.24.20.34 yahoo.co.jp. AAAA IN
Jul 5 02:06:46 ubuntu-16 unbound: [370068:0] info: 127.0.0.1 node-expoter. AAAA IN
Jul 5 02:06:46 ubuntu-16 unbound: [370068:0] info: 127.0.0.1 node-expoter. AAAA IN
Jul 5 02:06:46 ubuntu-16 unbound: [370068:0] info: 127.0.0.1 node-expoter. A IN
Jul 5 02:06:46 ubuntu-16 unbound: [370068:0] info: 127.0.0.1 node-expoter. A IN