BIND : DNS over HTTPS サーバーの設定2023/12/20 |
|
BIND での DNS over HTTPS サーバーの設定です。
|
|
| [1] |
事前に SSL/TLS 証明書を取得しておきます。
|
| [2] | BIND の設定です。 |
|
root@dlp:~ #
openssl dhparam -out /usr/local/etc/namedb/dhparam.pem 3072 root@dlp:~ # cp /usr/local/etc/letsencrypt/live/dlp.srv.world/fullchain.pem /usr/local/etc/namedb/ root@dlp:~ # cp /usr/local/etc/letsencrypt/live/dlp.srv.world/privkey.pem /usr/local/etc/namedb/ root@dlp:~ # chown bind:bind /usr/local/etc/namedb/*.pem
root@dlp:~ #
vi /usr/local/etc/namedb/named.conf // 証明書の設定を追記 tls local-tls { key-file "/usr/local/etc/namedb/privkey.pem"; cert-file "/usr/local/etc/namedb/fullchain.pem"; dhparam-file "/usr/local/etc/namedb/dhparam.pem"; }; http local { endpoints { "/dns-query"; }; }; options { ..... ..... // 以下のように追記/変更 listen-on tls local-tls http local { any; }; listen-on-v6 tls local-tls http local { any; }; };root@dlp:~ # service named restart |
| [3] | HTTPS で名前解決ができるかどうかの動作確認を行います。 |
|
root@dlp:~ # dig +https @127.0.0.1 dlp.srv.world. ; <<>> DiG 9.18.20 <<>> +https @127.0.0.1 dlp.srv.world. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32809 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 6503da58d1b6a58e0100000065826360381b930bb82ce034 (good) ;; QUESTION SECTION: ;dlp.srv.world. IN A ;; ANSWER SECTION: dlp.srv.world. 86400 IN A 10.0.0.30 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#443(127.0.0.1) (HTTPS) ;; WHEN: Wed Dec 20 12:45:36 JST 2023 ;; MSG SIZE rcvd: 86 |
| Sponsored Link |