|
|
|
|
|
|
ۼ : 05-08-26 10:03
1,2 Ӽ Bind 9 ġ ---- solaris 8 |
۾ :
ȸ : 11,824
|
Ӽ IPּҸ ִµּҷ
νִ մϴ.Ӽ α bind Ʈ ϴµ..
Ʈ ġϸ ư in.named Դϴ. in.named
⺻ OS ġ ġ Ǵ Դϴ.ֶ üġ Ͻø
Ʈ ⺻ ġ Ǿ ֽϴ.
ý ýÿ /etc/named.conf ο ˴ϴ.
⼭ ġǾ ִ /etc/named.conf ʰ bind-9
ҽ ƴ϶ Ű ġ ϰڽϴ.
ҽ ڰ make Ѿ Ű
ġ Ҽ ֽϴ.
---ġ ؾ .
/etc/named.conf -> dns ȯ
/var/named/named.cache -> Ʈ Ӽ ִ ͺ̽ (ij)
/var/named/test.zone -> dns ̸ iP ٲִ
/var/named/test.zone.rev -> IP dns ٲִ
/var/named/localhost.zone -> loopback dns
/var/named/rndc.key -> bind Ű
/var/named/named.local -> loopback dns
------------------------------------------------------------------------------------
1.
BIND α www.bind.org www.sunfreeware.com ̿Ͽ α ֽϴ.
bind-9.2.3-sol8-sparc-local.gz
root@usr/tmp>#gunzip bind-9.2.3-sol8-sparc-local.gz
-----gzip Ǿ ִ .
root@usr/tmp>#pkgadd -d bind-9.2.3-sol8-sparc-local
----- ֶ Ű ġ.
ġ Ű /usr/local/ ġ ˴ϴ.
named.conf ų /usr/local/sbin/named
Ű ġ /var/named Ѵ ݴϴ.
-------------------------------------------------------------------------------------
2.
named.conf .....
- named.conf ġ /etc/named.conf մϴ.
root@/etc/>#vi named.conf
options {
directory "/var/named"; ----------> named.conf ȯ漳 ġ
/var/named ؿ
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
dump-file "/bind/etc/named.db"; // ġ ,
Ž
statistics-file "/bind/etc/named.stat";//ó ,
ġ
/*
* forward (only|first) forwarders ɼǰ Բ .
* forwarders {Ӽ IP ; Ӽ2 IP; ...}; --ο
Ǹ ٸ ѱ涧
* only : ٸ Ǹ ϶ ڽŵ ʴ°.
* first : ٸ ڽ ϵ .
*notify (yes|no) -- Ǿ
2 뺸
*notify no
* ⺻ yes
*/
allow-transfer { 192.168.0.212; } ; --------->2 Ӽ ּ
2 Ӽ ʾƵ ȴ.
};
zone "." IN {
type hint;
file "named.cache";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "readysystem.co.kr" IN {
type master; //type slave masters { Ӽ IP;}; ݵ ߰
file "test.zone";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "test.zone.rev";
allow-update { none; };
};
include "/var/named/rndc.key";
:wq!
----------------------------------------------------------------------------------------
3.
dig ------
DIG ANSWER SECTION, ش Ӽ
AUTHORITY SECTION, , ۷緹ڵ ADDITIONAL
SECTION Ͽ ش.
root@/usr/local/sbin/>#dig
; <<>> DiG 9.1.0 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21546
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 454234 IN NS E.ROOT-SERVERS.NET.
. 454234 IN NS F.ROOT-SERVERS.NET.
. 454234 IN NS G.ROOT-SERVERS.NET.
. 454234 IN NS H.ROOT-SERVERS.NET.
. 454234 IN NS I.ROOT-SERVERS.NET.
. 454234 IN NS J.ROOT-SERVERS.NET.
. 454234 IN NS K.ROOT-SERVERS.NET.
. 454234 IN NS L.ROOT-SERVERS.NET.
. 454234 IN NS M.ROOT-SERVERS.NET.
. 454234 IN NS A.ROOT-SERVERS.NET.
. 454234 IN NS B.ROOT-SERVERS.NET.
. 454234 IN NS C.ROOT-SERVERS.NET.
. 454234 IN NS D.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
J.ROOT-SERVERS.NET. 604560 IN A 192.58.128.30
;; Query time: 14 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Tue Aug 23 10:10:58 2005
;; MSG SIZE rcvd: 244
----- dig ------
root@/usr/localsbin/>#dig > /var/named/named.cache
----/var/named/ ؿ named.cache
dig ....
; <<>> DiG 9.2.3 <<>>
;; global options: printcmd
;; connection timed out; no servers could be reached
/etc/resolv.conf ȿ nameserver ʾƼ Դϴ.
root@/usr/localsbin/>#vi /etc/resolv.conf
nameserver 168.126.63.1
nameserver 210.104.1.3
wq!
---------------------------------------------------------------------------------
4.
localhost.zone
root@/var/named/>#vi localhost.zone
$TTL 86400;
@ IN SOA readysystem.co.kr. root.readysystem.co.kr. (
940004 ; serial
21600 ; refresh
900 ; retry
604800 ; expire
43200 ) ; minimum
1D IN NS localhost.
1d in PTR localhost.
:wq!
κ $TTL 86400 .8.2.3 $TTL 86400 message file Default TTL ʾƼ ⺻ 86400ʸ Ѵٴ ´. 9.x ʹ ̰ database error Ͽ ƿ ش zone file name ã ʰ ȴ. Ƿ κ 8.2.3 ̶ ϴ . named ϰ ȴ.
Jun 3 11:51:31 aaa named[13358]: dns_master_load: test.zone:1: no TTL specified. THIS ZONE WILL NO LONGER WORK IN FUTURE VERSIONS. Add a TTL.
---------------------------------------------------------------------------------
5.
named.local
root@/var/named/>#vi named.local
$TTL 86400;
@ IN SOA readysystem.co.kr. admin.readysystem.co.kr. (
940004 ; serial
21600 ; refresh
900 ; retry
604800 ; expire
43200 ) ; minimum
IN NS localhost.
1 IN PTR localhost.
:wq!
---------------------------------------------------------------------------------
6.
test.zone
root@/var/named/>#vi test.zone
$TTL 86400
@ IN SOA ns.readysystem.co.kr. admin.readysystem.co.kr. (
2004082722 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
3600 ) ; negative TTL
IN NS ns.readysystem.co.kr.
IN MX 10 mail.readysystem.co.kr.
ns 1D IN A 192.168.0.10
www 1D IN A 192.168.0.10
www1 1D IN A 192.168.0.212
mail IN A 192.168.0.212
ftp 1D IN A 192.168.0.6
---------------------------------------------------------------------------------
7.
test.zone.rev
root@/var/named/>#vi test.zone.rev
$TTL 86400;
@ IN SOA ns.readysystem.co.kr. admin.readysystem.co.kr. (
2004082722 ; Serial
28800 ; Refresh
7200 ; Retry
604800 ; Expire
3600 ) ; Minimum
IN NS ns.readysystem.co.kr.
10 IN PTR ns.readysystem.co.kr.
10 IN PTR www.readysystem.co.kr.
212 IN PTR www1.readysystem.co.kr.
212 IN PTR mail.readysystem.co.kr.
6 IN PTR ftp.readysystem.co.kr.
---------------------------------------------------------------------------------
8.
rndc . BIND Ű ̴.
root@/usr/local/sbin/>#./rndc-confgen > /var/named/rndc.key
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "0wc2IBC7B5aANnNEYflqEQ==";
};
#options {
# default-key "rndc-key";
# default-server 127.0.0.1;
# default-port 953;
#};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "0wc2IBC7B5aANnNEYflqEQ==";
# };
#
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.con
:wq!
rndc.key ⺻ δ /etc/rndc.key Ǿ
⼭ named.conf Ͽ include "/var/named/rndc.key";
ֿ.
---------------------------------------------------------------------------------
9.
Ӽ ϴ /etc/resolve.conf ϸ Ӽ ° մϴ.
/etc/hostsϰ /etc/host.conf 츸 ø ˴ϴ.
root@/etc/>vi resolve.conf
domain readysystem.co.kr
search adc.co.kr
nameserver 192.168.0.10
nameserver 192.168.0.10
nameserver 168.126.63.1
Ӽ ϴ , Էµ Ӽ Ǹ ϰ ˴ϴ.
ù ° ϵ Ӽ NIC̳ KRNIC ϵ 1 Ӽ ns.readysystem.co.kr ϴ ȣƮ IP մϴ.
/etc/hosts
hosts Ӽ ϴ , ο ˸ƽ ֽϴ
root@/etc/>vi hosts
127.0.0.1 localhost
192.168.0.10 ns.readysystem.co.kr loghost
---------------------------------------------------------------------------------
10.
1 Ӽ ....
named
Ű ġ named /usr/local/sbin ʿ ִ.
root@/usr/local/sbin/>#/usr/local/sbin/named -------
root@/usr/local/sbin/>#ps -ef | grep named ----------μ Ȯ
ö
root 566 1 0 08:26:48 ? 0:00 /usr/local/sbin/named
root 1998 1584 0 10:29:56 pts/4 0:00 grep named
ö .
---------------------------------------------------------------------------------
11.
2 Ӽ bind Ű ġ named.conf, named.conf, rndc.key 3 ϸ ȴ. ϵ 2 ö 1 Ӽ ִ ϵ ´.
---------------------------------------------------------------------------------
12.
2 Ӽ named.conf
root@/etc/>#vi named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.cache";
};
zone "localhost" IN {
type slave;
file "localhost.zone";
masters { 192.168.0.10; };
};
zone "0.0.127.in-addr.arpa" IN {
type slave;
file "named.local";
masters { 192.168.0.10; };
};
zone "readysystem.co.kr" {
type slave; ----------> 1 Ӽϰ master
file "slave-test.zone";
masters { 192.168.0.10; }; ----------> 1 Ӽ ּ
};
zone "0.168.192.in-addr.arpa" {
type slave;
file "slave-rev_test.zone.rev";
masters { 192.168.0.10; }; -----------> 1 ּ
};
include "/var/named/rndc.key";
---------------------------------------------------------------------------------
13.
dig ------
DIG ANSWER SECTION, ش Ӽ AUTHORITY SECTION, , ۷緹ڵ ADDITIONAL SECTION Ͽ ش.
root@/usr/local/bin/>#dig
; <<>> DiG 9.1.0 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21546
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 454234 IN NS E.ROOT-SERVERS.NET.
. 454234 IN NS F.ROOT-SERVERS.NET.
. 454234 IN NS G.ROOT-SERVERS.NET.
. 454234 IN NS H.ROOT-SERVERS.NET.
. 454234 IN NS I.ROOT-SERVERS.NET.
. 454234 IN NS J.ROOT-SERVERS.NET.
. 454234 IN NS K.ROOT-SERVERS.NET.
. 454234 IN NS L.ROOT-SERVERS.NET.
. 454234 IN NS M.ROOT-SERVERS.NET.
. 454234 IN NS A.ROOT-SERVERS.NET.
. 454234 IN NS B.ROOT-SERVERS.NET.
. 454234 IN NS C.ROOT-SERVERS.NET.
. 454234 IN NS D.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
J.ROOT-SERVERS.NET. 604560 IN A 192.58.128.30
;; Query time: 14 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Tue Aug 23 10:10:58 2005
;; MSG SIZE rcvd: 244
----- dig ------
root@/usr/local/bin/>#dig > /var/named/named.cache
----/var/named/ ؿ named.cache
---------------------------------------------------------------------------------
14.
rndc . BIND Ű ̴.
root@/usr/local/sbin/>#./rndc-confgen > /var/named/rndc.key
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "0wc2IBC7B5aANnNEYflqEQ==";
};
#options {
# default-key "rndc-key";
# default-server 127.0.0.1;
# default-port 953;
#};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "0wc2IBC7B5aANnNEYflqEQ==";
# };
#
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.con
:wq!
rndc.key ⺻ δ /etc/rndc.key Ǿ ⼭ named.conf Ͽ include "/var/named/rndc.key"; ֿ.
---------------------------------------------------------------------------------
15.
2 Ӽ .
root@bind/usr/local/sbin/>#/usr/local/sbin/named -------
root@bind/usr/local/sbin/>#ps -ef | grep named ----------μ Ȯ
ö
root 566 1 0 08:26:48 ? 0:00 /bind/sbin/named
root 1998 1584 0 10:29:56 pts/4 0:00 grep named
---------------------------------------------------------------------------------
16.
. messages Ȯ. ֶ messages ġ /var/adm ̴.
root@/var/named/>#tail -f /var/adm/messages
, server cant't find ns.readysystem.co.kr : NXDOMAIN ̶ ε
ƴϹǷ, ϵ ٽ 캼 ʿ䰡 ֽϴ.
---------------------------------------------------------------------------------
17. Ű nslookup ɾ /usr/local/bin/nslookup ִ.
root@unknown:/var/named>/usr/local/bin/nslookup
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
> 192.168.1.2
Server: 192.168.1.2
Address: 192.168.1.2#53
2.1.168.192.in-addr.arpa name = ns.readysystem.co.kr.
2.1.168.192.in-addr.arpa name = www.readysystem.co.kr.
> 192.168.1.1
Server: 192.168.1.2
Address: 192.168.1.2#53
1.1.168.192.in-addr.arpa name = ftp.readysystem.co.kr.
> readysystem.co.kr
Server: 192.168.1.2
Address: 192.168.1.2#53
--------------------------------------------------------------------------------
|
|
|
Total
185
|
|
|
|
|
|
|
|