FrontPage › BIND9
1. bind 9.3.0 ÃֽŹöÀü source ´Ù¿î·Îµå # cd /usr/local/ # wget ftp://ftp.isc.org/isc/bind9/9.3.0/bind-9.3.0.tar.gz 2. ¾ÐÃàÇ®±â # tar xvzf bind-9.3.0.tar.gz 3. ½Éº¼¸¯ ¸µÅ© °É¾îÁÖ±â # ln -s bind-9.3.0/ bind 4. ±âÁ¸ÀÇ nameserver Á¤Áö # ntsysv (named ¸¦ uncheck) # service named stop 4.5 openssl ¾÷µ¥ÀÌÆ®ÇØÁà¾ßÇÔ * apt-get ¼³Ä¡ (openssl ¼³Ä¡Àü¿¡ ÇØÁÜ) http://ftp.freshrpms.net/pub/freshrpms/redhat/7.3/apt/apt-0.5.5cnc5-fr0.rh73.2.i386.rpm [root@ns local]# rpm -e gated - ÁÖÀÇ»çÇ× - 1. ¼³Ä¡Àü¿¡ OpenSSLÀ» ¾÷±×·¡ÀÌµå ½ÃÄÑ ÁØ´Ù. ÇÊÀÚ´Â ·¹µåÇò 7.3¿¡¼ ¼³Ä¡ÇÏ´Ù OpenSSL¿¡·¯°¡ ³ª¼ up2date·Î ¾÷±×·¡ÀÌµå ½ÃÄÑ Áá´Ù. ¾Æ·¡¿Í °°Àº ¿¡·¯³ª ³ª¸é¼ 0.9.6eÀÌ»ó ¹öÀüÀ» ¿ä±¸Çϴµ¥ ±×³É up2date·Î ¾÷±×·¡ÀÌµå ½ÃÄÑ Áá´õ´Ï openssl-0.9.6b-32.7¹öÀüÀ¸·Î ±³Ã¼ µÇ¸é¼ ÀÌ»ó¾øÀÌ ¼³Ä¡°¡ µÇ¾ú´Ù. configure: error: you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23 ftp://rpmfind.net/linux/redhat/updates/7.3/en/os/i386/openssl-0.9.6b-35.7.i386.rpm 5. bind 9.3.0 compile # ./configure --prefix=/usr/local/bind --sysconfdir=/etc \ --localstatedir=/var --mandir=/usr/share/man \ --with-openssl --with-libtool --disable-ipv6 # make; make install 6. Å° »ý¼º # cd sbin # ./rndc-confgen > /etc/rndc.conf (±âÁ¸¿¡ ÆÄÀÏÀÌ ÀÖ´Ù¸é ¹é¾÷À» ÇØ µÐ´Ù.) 7. cat /etc/rndc.conf Çؼ Å° °ª¸¸ rndc.key ·Î ÀúÀåÇÑ´Ù ¿¹) key "rndc-key" { algorithm hmac-md5; secret "BZpDWqJsfCINSHNRXd9NOg=="; }; 8. À¯Àú»ý¼º # useradd -s /bin/false -d /var/named named 9. ÆÛ¹Ì¼Ç Á¶Á¤ [root@localhost]# chmod 640 rndc.key [root@localhost]# chmod 640 rndc.conf [root@localhost]# chmod 640 named.conf [root@localhost]# chown root.named rndc.key [root@localhost]# chown root.named rndc.conf [root@localhost]# chown root.named named.conf [root@localhost]# chmod 700 /var/named [root@localhost]# chmod 600 /var/named/* [root@localhost]# chown named.named /var/named [root@localhost]# mkdir /var/run/named [root@localhost]# chown named.named /var/run/named 10. ½ÇÇà #/usr/local/bind/sbin/named -c /etc/named.conf 11. ±âÁ¸ÀÇ /var/named/ ¿¡ ÀÖ´Â zone ÆÄÀϵéÀ» ¹°°í ¿Ã¶ó°£´Ù 12. rndckey °ª ¸ÂÃß±â - /etc/rndc.conf [root@ns /]# cat /etc/rndc.key key "rndc-key" { algorithm hmac-md5; secret "BZpDWqJsfCINSHNRXd9NOg=="; }; ¿©±â °ªÀ» /etc/named.conf ¿¡ ³Ö¾îÁØ´Ù - /etc/named.conf key "rndc-key" { algorithm hmac-md5; secret "BZpDWqJsfCINSHNRXd9NOg=="; }; ±×¸®°í Áß¿äÇÑ°Å controls { inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; }; controls Ç׸ñ¿¡ rndc-key Ç׸ñÀ» ÀÏÄ¡½ÃÄÑ ÁÖ°í zone "kkanari.info" IN { type master; file "kkanari.info.zone"; allow-update { key rndc-key; }; }; ¿¡´Ù°¡µµ rndc-key °ªÀ» ÀÏÄ¡½ÃÄÑ ÁØ´Ù 13. º¯°æÇÒ ³»¿ªÀÌ ÀÖÀ¸¸é # /usr/local/bind/bin/rndc/rndc reload ÇØÁÖ¸é ³¡ (½Éº¼¸¯ ¸µÅ©·Î /usr/sbin ¿¡ ³Ö¾îÁ൵ µÊ) 14. ½ÇÇà # /usr/local/bind/sbin/named & (-c ¿É¼ÇÀ» Á༠/etc/named.conf ÆÄÀÏÀ§Ä¡¸¦ ÁöÁ¤ÇØ Á൵ µÈ´Ù)