* BIND 9.3.0 ¼Ò½º¼³Ä¡ on RedHat 7.3 {{{1. bind 9.3.0 ÃֽŹöÀü source ´Ù¿î·Îµå # cd /usr/src # wget ftp://ftp.isc.org/isc/bind9/9.3.0/bind-9.3.0.tar.gz 2. ¾ÐÃàÇ®±â # tar xvzf bind-9.3.0.tar.gz 3. ±âÁ¸ÀÇ nameserver Á¤Áö # ntsysv (named ¸¦ uncheck) # service named stop 4. openssl ¾÷µ¥ÀÌÆ®ÇØÁà¾ßÇÔ ( --with-openssl ¿É¼Ç ³ÖÀ»½Ã) * apt-get ¼³Ä¡ (openssl ¼³Ä¡Àü¿¡ ÇØÁÜ) http://ftp.freshrpms.net/pub/freshrpms/redhat/7.3/apt/apt-0.5.5cnc5-fr0.rh73.2.i386.rpm [root@ns local]# rpm -e gated gated ÇÏ°í zebra ÇÏ°í Ãæµ¹³ª±â ¶§¹®¿¡ ¾î´À ÇÑ ÆÐÅ°Áö´Â »èÁ¦ÇØÁà¾ß ÇÑ´Ù. (¸Þ½ÃÁö°¡ ³ª¿ÔÀ»½Ã¸¸ ÇØ´çµÊ) [root@ns local]# apt-get install openssl - ÁÖÀÇ»çÇ× - 1. ¼³Ä¡Àü¿¡ OpenSSLÀ» ¾÷±×·¡ÀÌµå ½ÃÄÑ ÁØ´Ù. ÇÊÀÚ´Â ·¹µåÇò 7.3¿¡¼­ ¼³Ä¡ÇÏ´Ù OpenSSL¿¡·¯°¡ ³ª¼­ up2date·Î ¾÷±×·¡ÀÌµå ½ÃÄÑ Áá´Ù. ¾Æ·¡¿Í °°Àº ¿¡·¯³ª ³ª¸é¼­ 0.9.6eÀÌ»ó ¹öÀüÀ» ¿ä±¸Çϴµ¥ ±×³É up2date·Î ¾÷±×·¡ÀÌµå ½ÃÄÑ Áá´õ´Ï openssl-0.9.6b-32.7¹öÀüÀ¸·Î ±³Ã¼ µÇ¸é¼­ ÀÌ»ó¾øÀÌ ¼³Ä¡°¡ µÇ¾ú´Ù. configure: error: you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23 ftp://rpmfind.net/linux/redhat/updates/7.3/en/os/i386/openssl-0.9.6b-35.7.i386.rpm 5. bind 9.3.0 compile # ./configure --prefix= /usr/local/bind-9.3.0 --enable-threads # make # make install 6. ½Éº¼¸¯ ¸µÅ© °É¾îÁÖ±â # cd /usr/local # ln -s bind-9.3.0/ bind 7. etc, var/run, var/named µð·ºÅ丮 »ý¼º # cd /usr/local/bind # mkdir etc # mkdir var # cd var # mkdir run # mkdir named 8. Å° »ý¼º # cd /usr/local/bind/sbin # ./rndc-confgen > /usr/local/bind/etc/rndc.conf 9. bin ÆÄÀÏ ½Éº¼¸µ ¸µÅ© # cd /usr/sbin # mv rndc rndc.bak # mv rndc-confgen rndc-confgen.bak # ln -s ../local/bind/sbin/rndc rndc # ln -s ../local/bind/sbin/rndc-confgen rndc-confgen # cd /usr/bin # mv dig dig.bak # mv nslookup nslookup.bak # ln -s ../local/bind/bin/dig dig # ln -s ../local/bind/bin/nslookup nslookup 10. named.conf, kkanari.info.zone »ý¼º # cd /usr/local/bind/etc # cat named.conf options { directory "/var/named"; dump-file "/usr/local/bind/var/tmp/named_dump.db"; statistics-file "/usr/local/bind/var/tmp/named.stats"; version "no version"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; key "rndc-key" { algorithm hmac-md5; secret "xx4m2r4GlTiKIaAVrW5fbg=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "kkanari.info" IN { type master; file "kkanari.info.zone"; allow-update { key rndc-key; }; }; //include "/etc/rndc.key"; # cd /usr/local/bind/var/named # cat kkanari.info.zone $TTL 3600 @ IN SOA ns.kkanari.info. root.kkanari.info. ( 2004121003 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; minimum ) IN NS ns.kkanari.info. IN A 210.111.16.144 IN MX 10 mail ns IN A 210.111.16.144 ns2 IN A 210.111.16.144 mail IN A 210.111.16.144 ftp IN A 210.111.16.144 www IN A 210.111.16.144 home IN A 210.111.16.144 * IN A 210.111.16.144 11. rndc.conf »ý¼º # cd /usr/local/bind/etc # cat rndc.conf # Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "xx4m2r4GlTiKIaAVrW5fbg=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf # Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5; # secret "xx4m2r4GlTiKIaAVrW5fbg=="; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf 12. ½ÇÇà # /usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf& 13. ij½³¼­¹ö µ¿ÀÛÈ®ÀÎ [root@ns bind]# nslookup > server 127.0.0.1 Default server: 127.0.0.1 Address: 127.0.0.1#53 > naver.com Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: naver.com Address: 211.218.150.200 > kr.yahoo.com Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: kr.yahoo.com canonical name = home.vip.krn.yahoo.com. Name: home.vip.krn.yahoo.com Address: 202.43.214.190 * À§¿Í°°ÀÌ Äõ¸®°¡ ¿Â´Ù¸é ÀÌ»ó¾øÀ½ 14. µµ¸ÞÀÎ Äõ¸® µ¿ÀÛÈ®ÀÎ [root@ns bind]# nslookup > server 127.0.0.1 Default server: 127.0.0.1 Address: 127.0.0.1#53 > kkanari.info Server: 127.0.0.1 Address: 127.0.0.1#53 Name: kkanari.info Address: 210.111.16.144 > www.kkanari.info Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.kkanari.info Address: 210.111.16.144 > * À§¿Í°°ÀÌ Äõ¸®°¡ ¿Â´Ù¸é ÀÌ»ó¾øÀ½}}}