ۼ : 05-12-07 14:47
۾ :
ȸ : 8,200
|
Ӽ IPּҸ ִµּҷ νִ մϴ.Ӽ α bind Ʈ մϴ. linux ġ ϴٺ Ӽ ġ κ ִµ ġ Ǿ ִ bind ص ǰ ġǾ ִ bind ʰ bind-9 ҽ ġ ϰڽϴ. ϴ rpm İ ҽ ִµ rpm ڵ ġ Ǵ ݸ鿡 ҽ ڰ ġ ġ ؼ Ʈ ġ ؾ մϴ.
---------------------------------------------------------------------------------
[ ]
ҽ ġ ϱ ؼ gcc , make ġ Ǿ ־ մϴ. ̷͵ ʾ 쿡 ġ ߿ ų ġ ʽϴ. ġ ø̼ ⺻ ġ ϴ° ߿ ٸ ҽ Ʈ ġ Ҷ ġҼ ֽϴ. ⺻ Ʈ Ǿ ־ մϴ.
---------------------------------------------------------------------------------
[ bind ġ Ȯ ġ ʿ Ű Ȯ]
[root@linux data]# rpm -qa | grep bind
bind-utils-9.2.2-21
redhat-config-bind-2.0.0-14
bind-9.2.2-21
ypbind-1.12-1
[root@linux data]#
⼭ bind ϰ bind 9.3.1 ġ ڽϴ.
bind ġ ʿ Ű libtool , openssl ġ Ǿ ־ մϴ.
[root@linux data]# rpm -qa | grep libtool
libtool-libs-1.4.3-6
libtool-1.4.3-6
[root@linux data]# rpm -qa | grep openssl
openssl-0.9.7a-22.1
openssl-devel-0.9.7a-22.1
[root@linux data]#
---------------------------------------------------------------------------------
[bind download]
http://www.isc.org/index.pl?/sw/bind/ ⼭ ֽ ֽϴ.
---------------------------------------------------------------------------------
[bind ġ]
[root@linux data]# gunzip bind-9.3.1.tar.gz ---- gzip Ǯ
[root@linux data]#tar xvf bind-9.3.1.tar ---- tar Ǯ
[root@linux data]#cd bind-9.3.1
[root@linux bind-9.3.1]# ./configure --prefix=/usr/local/bind --with-openssl --with-libtool ----
--with-libtool : ̺귯 带 ϴ ɼ
--with-openssl : DNSSEC , openssl ġǾ ־
--prefix=/usr/local/bind : /usr/local ġ /bind α ġ.
[root@linux bind-9.3.1]#make
[root@linux bind-9.3.1]#make install
---------------------------------------------------------------------------------
⼭ ּҸ www.linux.co.kr ϰ Ǵ 192.168.0.212 ϰڽϴ.
[named.conf ]
named.conf ġ /usr/local/bind/etc/named.conf Դϴ.ġ ϴ Ű named.conf ġ ٸϴ.⺻ ġ Ǿ ִ bind /etc/named.conf ֽϴ.
[root@linux /etc]#vi named.conf
## named.custom - custom configuration for bind
#
# Any changes not currently supported by redhat-config-bind should be put
# in this file.
#
options {
## named.custom - custom configuration for bind
#
# Any changes not currently supported by redhat-config-bind should be put
# in this file.
#
options {
directory "/var/named/";
};
controls {
inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; };
};
zone "." {
type hint;
file "named.cache";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "linux.co.kr" IN {
type master;
file "linux.zone";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "linux.rev";
allow-update { none; };
};
include "/var/named/rndc.key";
:wq!
---------------------------------------------------------------------------------
[rndc Ű ]
rndc . BIND Ű Դϴ.
rndc-confgen ɾ ġ /usr/local/bind/sbin ʿ ֽϴ.
[root@linux /]# cd /usr/local/bind/
[root@linux bind]# cd sbin
[root@linux sbin]# ls
dnssec-keygen dnssec-signzone lwresd named named-checkconf named-checkzone rndc rndc-confgen
[root@linux sbin]# ./rndc-confgen /var/named/rndc.key
rndc Ű ....
[root@linux sbin]#vi /var/named/rndc.key
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "NIl/NQFtQ5nnMoqifxJzyQ==";
};
#options {
# default-key "rndc-key";
# default-server 127.0.0.1;
# default-port 953;
#};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "NIl/NQFtQ5nnMoqifxJzyQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
wq!
ִ ɼ κ ּ ó ϰ մϴ.
---------------------------------------------------------------------------------
[dig Ű ]
DIG ANSWER SECTION, ش Ӽ AUTHORITY SECTION, , ۷緹ڵ ADDITIONAL SECTION Ͽ ش.
dig ɾ ġ /usr/local/bind/sbin ʿ ֽϴ.
[root@linux sbin]# dig
; <<>> DiG 9.1.0 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21546
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 454234 IN NS E.ROOT-SERVERS.NET.
. 454234 IN NS F.ROOT-SERVERS.NET.
. 454234 IN NS G.ROOT-SERVERS.NET.
. 454234 IN NS H.ROOT-SERVERS.NET.
. 454234 IN NS I.ROOT-SERVERS.NET.
. 454234 IN NS J.ROOT-SERVERS.NET.
. 454234 IN NS K.ROOT-SERVERS.NET.
. 454234 IN NS L.ROOT-SERVERS.NET.
. 454234 IN NS M.ROOT-SERVERS.NET.
. 454234 IN NS A.ROOT-SERVERS.NET.
. 454234 IN NS B.ROOT-SERVERS.NET.
. 454234 IN NS C.ROOT-SERVERS.NET.
. 454234 IN NS D.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
J.ROOT-SERVERS.NET. 604560 IN A 192.58.128.30
;; Query time: 14 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Tue Aug 23 10:10:58 2005
;; MSG SIZE rcvd: 244
----- dig ------
[root@linux sbin]# dig > /var/named/named.cache
----/var/named/ ؿ named.cache
dig Ҷ /etc/resolv.conf Ͽ nameserver Ǿ ִ Ȯؾ ʿ䰡 ֽϴ.
resolv.conf
[root@linux sbin]# vi /etc/resolv.conf
nameserver 210.104.1.3
nameserver 168.126.63.1
wq!
ְ ٽѹ ϸ ˴ϴ.
---------------------------------------------------------------------------------
[localhost.zone ]
[root@linux named]# vi localhost.zone
$TTL 86400;
@ IN SOA abc.co.kr. root.abc.co.kr. (
940004 ; serial
21600 ; refresh
900 ; retry
604800 ; expire
43200 ) ; minimum
1D IN NS localhost.
1d in PTR localhost.
:wq!
[named.local ]
[root@linux named]# vi named.local
$TTL 86400;
@ IN SOA linux.co.kr. root.linux.co.kr. (
940004 ; serial
21600 ; refresh
900 ; retry
604800 ; expire
43200 ) ; minimum
IN NS localhost.
1 IN PTR localhost.
wq!
[linux.zone ]
$TTL 86400
@ IN SOA ns.linux.co.kr. root.linux.co.kr. (
2004082722 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
3600 ) ; negative TTL
IN NS ns.linux.co.kr.
IN MX 10 mail.linux.co.kr.
ns 1D IN A 192.168.0.10
www 1D IN A 192.168.0.212
www1 1D IN A 192.168.0.212
mail IN A 192.168.0.212
ftp 1D IN A 192.168.0.6
wq!
[linux.rev ]
$TTL 86400;
@ IN SOA ns.linux.co.kr. root.linux.co.kr. (
2004082722 ; Serial
28800 ; Refresh
7200 ; Retry
604800 ; Expire
3600 ) ; Minimum
IN NS ns.linux.co.kr.
10 IN PTR ns.linux.co.kr.
10 IN PTR www.linux.co.kr.
212 IN PTR www1.linux.co.kr.
212 IN PTR mail.linux.co.kr.
6 IN PTR ftp.linux.co.kr.
wq!
[named.pid ]
ϰ .... .....named.pid ؾ մϴ.
ġ
/usr/local/bind/var/run Դϴ.⼭ var 丮 run 丮 ؾ մϴ.
[root@linux bind]# mkdir var
[root@linux bind]# cd var
[root@linux var]# mkdir run
[root@linux var]# touch named.pid
[root@linux var]# cd ..
[root@linux bind]# cd var
[root@linux var]# ls
run
[root@linux var]# cd run
[root@linux run]# touch named.pid
[ ø]
named ִ /sbin ʿ ֽϴ. ( /usr/local/bind/sbin )
[root@linux sbin]#./named
[root@linux bind]#ps -ef | grep named
root 903 1 0 02:55 ? 00:00:00 ./named
root 963 2341 0 03:15 pts/0 00:00:00 grep named
[root@linux etc]#
named ̳ â ϳ .....ٸ â
[root@linux etc]#tail -f /var/log/messages
ɿ Ǵ ؼ ϴ Դϴ.⼭ ߸ κ ã ָ ˴ϴ.
[root@linux etc]#tail -f /var/log/messages
Jan 16 02:55:14 linux named[903]: starting BIND 9.3.1
Jan 16 02:55:14 linux named[903]: loading configuration from '/usr/local/bind/etc/named.conf'
Jan 16 02:55:14 linux named[903]: no IPv6 interfaces found
Jan 16 02:55:14 linux named[903]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 16 02:55:14 linux named[903]: listening on IPv4 interface eth0, 192.168.0.212#53
Jan 16 02:55:14 linux named[903]: /usr/local/bind/etc/named.conf:12: couldn't find key 'rndckey' for use with command channel 127.0.0.1#953
Jan 16 02:55:14 linux named[903]: command channel listening on 127.0.0.1#953
Jan 16 02:55:14 linux named[903]: zone 0.0.127.in-addr.arpa/IN: loaded serial 940004
Jan 16 02:55:14 linux named[903]: zone 0.168.192.in-addr.arpa/IN: loaded serial 2004082722
Jan 16 02:55:14 linux named[903]: zone linux.co.kr/IN: loaded serial 2004082722
Jan 16 02:55:14 linux named[903]: dns_master_load: localhost.zone:12: unexpected end of line
Jan 16 02:55:14 linux named[903]: dns_master_load: localhost.zone:11: unexpected end of input
Jan 16 02:55:14 linux named[903]: zone localhost/IN: loading master file localhost.zone: unexpected end of input
Jan 16 02:55:14 linux named[903]: running
Jan 16 02:55:14 linux named[903]: zone 0.0.127.in-addr.arpa/IN: sending notifies (serial 940004)
됬 쿡....
---------------------------------------------------------------------------------
linux.co.kr Ͽϴ. Ŭ̾Ʈ ۵ Ǵ Ȯ ϱ ؼ revole.conf , hosts ؼ Ȯ ڽϴ.
[root@linux named]# vi /etc/revole.conf
domain linux.co.kr
search linux.co.kr
nameserver 192.168.0.212
nameserver 210.104.1.3
nameserver 168.126.63.1
wq!
缳Ѱ ̱ linux.co.kr ڱ ڽ Ƕ Ȯ ϱؼ ó nameserver ڱ ڽ Ǹ Ͽϴ.
[root@linux named]#vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
#211.106.67.221 linux
192.168.0.212 ns.linux.co.kr linux
wq!
[test]
---------------------------------------------------------------------------------
|
|