CentOS7でDNSサーバ立てる

OpenshiftのインストールにDNSサーバが必要なので、CentOS7にてDNSサーバ(bind)を立てる方法をメモとして残す

基本的にはserver worldさんの記事通り
https://www.server-world.info/query?os=CentOS_7&p=dns&f=1

一方で、AWSのRoute 53みたく設定が直感的ではないため、重複する部分を変数で流し込めるように書き換えた

前提

右記のサブネットを使用: 10.240.0.0/24
DNSサーバ用マシンのIP: 10.240.0.10

実際の構築用コード

yum -y install bind bind-utils
PRIVATE_CIDR='10.240.0.0/24'
NAMESERVER_HOSTNAME='dnshost'
NAMESERVER_ZONE='internal.local'
cat << EOF >  /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { any; };
        listen-on-v6 { none; };
        directory           "/var/named";
        dump-file           "/var/named/data/cache_dump.db";
        statistics-file     "/var/named/data/named_stats.txt";
        memstatistics-file  "/var/named/data/named_mem_stats.txt";
        # 問い合わせを許可する範囲 ( 内部ネットワーク等を指定 )
        allow-query         { localhost; ${PRIVATE_CIDR}; };
        # ゾーン情報の転送を許可する範囲 ( セカンダリDNSがいればその場所/範囲 )
        allow-transfer      { localhost; ${PRIVATE_CIDR}; };

        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        #dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

view "internal" {
        match-clients {
                localhost;
                ${PRIVATE_CIDR};
        };
        zone "." IN {
                type hint;
                file "named.ca";
        };
        zone "${NAMESERVER_ZONE}" IN {
                type master;
                file "srv.world.lan";
                allow-update { none; };
        };
        zone "0.240.10.in-addr.arpa" IN {
                type master;
                file "0.240.10.db";
                allow-update { none; };
        };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
EOF

mkdir -p /var/named
cat << EOF >  /var/named/srv.world.lan
\$TTL 86400
@   IN  SOA     ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}. root.${NAMESERVER_ZONE}. (
        2014071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
        IN  NS      ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}.
        IN  A       10.240.0.10

${NAMESERVER_HOSTNAME}     IN  A       10.240.0.10
master         IN  A       10.240.0.20
worker1         IN  A       10.240.0.30
worker2         IN  A       10.240.0.40
EOF

cat << EOF > /var/named/0.240.10.db
\$TTL 86400
@   IN  SOA     ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}. root.${NAMESERVER_ZONE}. (
        2014071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
        IN  NS      ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}.

        IN  PTR     ${NAMESERVER_ZONE}.
        IN  A       255.255.255.0

10      IN  PTR     ${NAMESERVER_HOSTNAME}.${NAMESERVER_ZONE}.
20      IN  PTR     master.${NAMESERVER_ZONE}.
30      IN  PTR     worker1.${NAMESERVER_ZONE}.
40      IN  PTR     worker2.${NAMESERVER_ZONE}.
EOF


systemctl start named 
systemctl enable named 
firewall-cmd --add-service=dns --permanent 
firewall-cmd --reload 

# nmcli device show | grep GENERAL.CONNECTION: でNW_INTERFACEを確認
NW_INTERFACE="eth1"
nmcli connection modify ${NW_INTERFACE} ipv4.dns 10.240.0.10 
nmcli connection down ${NW_INTERFACE}; nmcli connection up ${NW_INTERFACE}