FrontPage › BIND9
1. bind 9.3.0 ÃֽŹöÀü source ´Ù¿î·Îµå
# cd /usr/local/
# wget ftp://ftp.isc.org/isc/bind9/9.3.0/bind-9.3.0.tar.gz
2. ¾ÐÃàÇ®±â
# tar xvzf bind-9.3.0.tar.gz
3. ½Éº¼¸¯ ¸µÅ© °É¾îÁÖ±â
# ln -s bind-9.3.0/ bind
4. ±âÁ¸ÀÇ nameserver Á¤Áö
# ntsysv (named ¸¦ uncheck)
# service named stop
4.5 openssl ¾÷µ¥ÀÌÆ®ÇØÁà¾ßÇÔ
* apt-get ¼³Ä¡ (openssl ¼³Ä¡Àü¿¡ ÇØÁÜ)
http://ftp.freshrpms.net/pub/freshrpms/redhat/7.3/apt/apt-0.5.5cnc5-fr0.rh73.2.i386.rpm
[root@ns local]# rpm -e gated
- ÁÖÀÇ»çÇ× -
1. ¼³Ä¡Àü¿¡ OpenSSLÀ» ¾÷±×·¡ÀÌµå ½ÃÄÑ ÁØ´Ù. ÇÊÀÚ´Â ·¹µåÇò 7.3¿¡¼ ¼³Ä¡ÇÏ´Ù OpenSSL¿¡·¯°¡ ³ª¼ up2date·Î ¾÷±×·¡ÀÌµå ½ÃÄÑ Áá´Ù. ¾Æ·¡¿Í °°Àº ¿¡·¯³ª ³ª¸é¼ 0.9.6eÀÌ»ó ¹öÀüÀ» ¿ä±¸Çϴµ¥ ±×³É up2date·Î ¾÷±×·¡ÀÌµå ½ÃÄÑ Áá´õ´Ï openssl-0.9.6b-32.7¹öÀüÀ¸·Î ±³Ã¼ µÇ¸é¼ ÀÌ»ó¾øÀÌ ¼³Ä¡°¡ µÇ¾ú´Ù.
configure: error: you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23
ftp://rpmfind.net/linux/redhat/updates/7.3/en/os/i386/openssl-0.9.6b-35.7.i386.rpm
5. bind 9.3.0 compile
# ./configure --prefix=/usr/local/bind --sysconfdir=/etc \
--localstatedir=/var --mandir=/usr/share/man \
--with-openssl --with-libtool --disable-ipv6
# make; make install
6. Å° »ý¼º
# cd sbin
# ./rndc-confgen > /etc/rndc.conf (±âÁ¸¿¡ ÆÄÀÏÀÌ ÀÖ´Ù¸é ¹é¾÷À» ÇØ µÐ´Ù.)
7. cat /etc/rndc.conf Çؼ Å° °ª¸¸ rndc.key ·Î ÀúÀåÇÑ´Ù
¿¹)
key "rndc-key" {
algorithm hmac-md5;
secret "BZpDWqJsfCINSHNRXd9NOg==";
};
8. À¯Àú»ý¼º
# useradd -s /bin/false -d /var/named named
9. ÆÛ¹Ì¼Ç Á¶Á¤
[root@localhost]# chmod 640 rndc.key
[root@localhost]# chmod 640 rndc.conf
[root@localhost]# chmod 640 named.conf
[root@localhost]# chown root.named rndc.key
[root@localhost]# chown root.named rndc.conf
[root@localhost]# chown root.named named.conf
[root@localhost]# chmod 700 /var/named
[root@localhost]# chmod 600 /var/named/*
[root@localhost]# chown named.named /var/named
[root@localhost]# mkdir /var/run/named
[root@localhost]# chown named.named /var/run/named
10. ½ÇÇà
#/usr/local/bind/sbin/named -c /etc/named.conf
11. ±âÁ¸ÀÇ /var/named/ ¿¡ ÀÖ´Â zone ÆÄÀϵéÀ» ¹°°í ¿Ã¶ó°£´Ù
12. rndckey °ª ¸ÂÃß±â
- /etc/rndc.conf
[root@ns /]# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "BZpDWqJsfCINSHNRXd9NOg==";
};
¿©±â °ªÀ» /etc/named.conf ¿¡ ³Ö¾îÁØ´Ù
- /etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "BZpDWqJsfCINSHNRXd9NOg==";
};
±×¸®°í Áß¿äÇÑ°Å
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
controls Ç׸ñ¿¡ rndc-key Ç׸ñÀ» ÀÏÄ¡½ÃÄÑ ÁÖ°í
zone "kkanari.info" IN {
type master;
file "kkanari.info.zone";
allow-update { key rndc-key; };
};
¿¡´Ù°¡µµ rndc-key °ªÀ» ÀÏÄ¡½ÃÄÑ ÁØ´Ù
13. º¯°æÇÒ ³»¿ªÀÌ ÀÖÀ¸¸é
# /usr/local/bind/bin/rndc/rndc reload ÇØÁÖ¸é ³¡ (½Éº¼¸¯ ¸µÅ©·Î /usr/sbin ¿¡ ³Ö¾îÁ൵ µÊ)
14. ½ÇÇà
# /usr/local/bind/sbin/named & (-c ¿É¼ÇÀ» Á༠/etc/named.conf ÆÄÀÏÀ§Ä¡¸¦ ÁöÁ¤ÇØ Á൵ µÈ´Ù)
