E D R , A S I H C RSS

BIND9 (rev. 1.1)

FrontPage BIND9

1. bind 9.3.0 ÃֽŹöÀü source ´Ù¿î·Îµå
# cd /usr/local/
# wget ftp://ftp.isc.org/isc/bind9/9.3.0/bind-9.3.0.tar.gz
 
2. ¾ÐÃàÇ®±â
# tar xvzf bind-9.3.0.tar.gz
 
3. ½Éº¼¸¯ ¸µÅ© °É¾îÁÖ±â
# ln -s bind-9.3.0/ bind
 
4. ±âÁ¸ÀÇ nameserver Á¤Áö
# ntsysv (named ¸¦ uncheck)
# service named stop
 
4.5 openssl ¾÷µ¥ÀÌÆ®ÇØÁà¾ßÇÔ
* apt-get ¼³Ä¡ (openssl ¼³Ä¡Àü¿¡ ÇØÁÜ)
http://ftp.freshrpms.net/pub/freshrpms/redhat/7.3/apt/apt-0.5.5cnc5-fr0.rh73.2.i386.rpm
 
[root@ns local]# rpm -e gated
 
- ÁÖÀÇ»çÇ× -
1. ¼³Ä¡Àü¿¡ OpenSSLÀ» ¾÷±×·¡ÀÌµå ½ÃÄÑ ÁØ´Ù. ÇÊÀÚ´Â ·¹µåÇò 7.3¿¡¼­ ¼³Ä¡ÇÏ´Ù OpenSSL¿¡·¯°¡ ³ª¼­ up2date·Î ¾÷±×·¡ÀÌµå ½ÃÄÑ Áá´Ù. ¾Æ·¡¿Í °°Àº ¿¡·¯³ª ³ª¸é¼­ 0.9.6eÀÌ»ó ¹öÀüÀ» ¿ä±¸Çϴµ¥ ±×³É up2date·Î ¾÷±×·¡ÀÌµå ½ÃÄÑ Áá´õ´Ï openssl-0.9.6b-32.7¹öÀüÀ¸·Î ±³Ã¼ µÇ¸é¼­ ÀÌ»ó¾øÀÌ ¼³Ä¡°¡ µÇ¾ú´Ù.
 
configure: error: you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23
ftp://rpmfind.net/linux/redhat/updates/7.3/en/os/i386/openssl-0.9.6b-35.7.i386.rpm
 
 
5. bind 9.3.0 compile
# ./configure --prefix=/usr/local/bind --sysconfdir=/etc \
--localstatedir=/var --mandir=/usr/share/man \
--with-openssl --with-libtool --disable-ipv6
# make; make install
 
6. Å° »ý¼º
# cd sbin
# ./rndc-confgen > /etc/rndc.conf (±âÁ¸¿¡ ÆÄÀÏÀÌ ÀÖ´Ù¸é ¹é¾÷À» ÇØ µÐ´Ù.)
 
7. cat /etc/rndc.conf Çؼ­ Å° °ª¸¸ rndc.key ·Î ÀúÀåÇÑ´Ù
¿¹)
key "rndc-key" {
        algorithm hmac-md5;
        secret "BZpDWqJsfCINSHNRXd9NOg==";
};
 
8. À¯Àú»ý¼º
# useradd -s /bin/false -d /var/named named
 
9. ÆÛ¹Ì¼Ç Á¶Á¤
[root@localhost]# chmod 640 rndc.key
[root@localhost]# chmod 640 rndc.conf
[root@localhost]# chmod 640 named.conf
[root@localhost]# chown root.named rndc.key
[root@localhost]# chown root.named rndc.conf
[root@localhost]# chown root.named named.conf
[root@localhost]# chmod 700 /var/named
[root@localhost]# chmod 600 /var/named/*
[root@localhost]# chown named.named /var/named
[root@localhost]# mkdir /var/run/named
[root@localhost]# chown named.named /var/run/named
 
10. ½ÇÇà
#/usr/local/bind/sbin/named -c /etc/named.conf
 
11. ±âÁ¸ÀÇ /var/named/ ¿¡ ÀÖ´Â zone ÆÄÀϵéÀ» ¹°°í ¿Ã¶ó°£´Ù
 
12. rndckey °ª ¸ÂÃß±â
- /etc/rndc.conf
[root@ns /]# cat /etc/rndc.key
key "rndc-key" {
        algorithm hmac-md5;
        secret "BZpDWqJsfCINSHNRXd9NOg==";
};

¿©±â °ªÀ» /etc/named.conf ¿¡ ³Ö¾îÁØ´Ù
 
- /etc/named.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "BZpDWqJsfCINSHNRXd9NOg==";
};

±×¸®°í Áß¿äÇÑ°Å
 
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

controls Ç׸ñ¿¡ rndc-key Ç׸ñÀ» ÀÏÄ¡½ÃÄÑ ÁÖ°í
 
zone "kkanari.info" IN {
        type master;
        file "kkanari.info.zone";
        allow-update { key rndc-key; };
};

¿¡´Ù°¡µµ rndc-key °ªÀ» ÀÏÄ¡½ÃÄÑ ÁØ´Ù
 
13. º¯°æÇÒ ³»¿ªÀÌ ÀÖÀ¸¸é 
# /usr/local/bind/bin/rndc/rndc reload  ÇØÁÖ¸é ³¡ (½Éº¼¸¯ ¸µÅ©·Î /usr/sbin ¿¡ ³Ö¾îÁ൵ µÊ)
 
14. ½ÇÇà
# /usr/local/bind/sbin/named & (-c ¿É¼ÇÀ» Á༭ /etc/named.conf ÆÄÀÏÀ§Ä¡¸¦ ÁöÁ¤ÇØ Á൵ µÈ´Ù) 
Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2005-01-13 11:32:49
Processing time 0.0155 sec