BIND DNS over HTTPS サーバーの設定方法
環境
Ubuntu 23.04
BIND
SSL/TLS 証明書取得済み
操作方法
1.BINDをインストールします
# openssl dhparam -out /etc/bind/dhparam.pem 3072
# cp /etc/letsencrypt/live/dlp.arkgame.com/{fullchain.pem,privkey.pem} /etc/bind/
# chown bind:bind /etc/bind/{fullchain.pem,privkey.pem,dhparam.pem}
# openssl dhparam -out /etc/bind/dhparam.pem 3072
# cp /etc/letsencrypt/live/dlp.arkgame.com/{fullchain.pem,privkey.pem} /etc/bind/
# chown bind:bind /etc/bind/{fullchain.pem,privkey.pem,dhparam.pem}
# openssl dhparam -out /etc/bind/dhparam.pem 3072
# cp /etc/letsencrypt/live/dlp.arkgame.com/{fullchain.pem,privkey.pem} /etc/bind/
# chown bind:bind /etc/bind/{fullchain.pem,privkey.pem,dhparam.pem}
2.証明書の設定を追記する
# vi /etc/bind/named.conf.options
以下のコードを記載します
tls local-tls {
key-file "/etc/bind/privkey.pem";
cert-file "/etc/bind/fullchain.pem";
dhparam-file "/etc/bind/dhparam.pem";
};
http local {
endpoints { "/dns-query"; };
};
tls local-tls {
key-file "/etc/bind/privkey.pem";
cert-file "/etc/bind/fullchain.pem";
dhparam-file "/etc/bind/dhparam.pem";
};
http local {
endpoints { "/dns-query"; };
};
tls local-tls {
key-file "/etc/bind/privkey.pem";
cert-file "/etc/bind/fullchain.pem";
dhparam-file "/etc/bind/dhparam.pem";
};
http local {
endpoints { "/dns-query"; };
};
以下のように追記/変更
listen-on tls local-tls http local { any; };
listen-on-v6 tls local-tls http local { any; };
listen-on tls local-tls http local { any; };
listen-on-v6 tls local-tls http local { any; };
listen-on tls local-tls http local { any; };
listen-on-v6 tls local-tls http local { any; };
3. namedを再起動します
# systemctl restart named
6.httpsで名前解決ができるかどうかの動作確認を行います。
# dig +https @127.0.0.1 dlp.arkgame.com.
# dig +https @127.0.0.1 dlp.arkgame.com.
# dig +https @127.0.0.1 dlp.arkgame.com.