E D R , A S I H C RSS

BIND9 (rev. 1.4)

FrontPage BIND9

  • BIND 9.3.0 ¼Ò½º¼³Ä¡ on RedHat 7.3
    1. bind 9.3.0 ÃֽŹöÀü source ´Ù¿î·Îµå
    
    # cd /usr/src
    # wget ftp://ftp.isc.org/isc/bind9/9.3.0/bind-9.3.0.tar.gz 
     
    2. ¾ÐÃàÇ®±â
    # tar xvzf bind-9.3.0.tar.gz
     
    3. ±âÁ¸ÀÇ nameserver Á¤Áö 
    # ntsysv (named ¸¦ uncheck)
    # service named stop
     
    4. openssl ¾÷µ¥ÀÌÆ®ÇØÁà¾ßÇÔ ( --with-openssl ¿É¼Ç ³ÖÀ»½Ã) 
    * apt-get ¼³Ä¡ (openssl ¼³Ä¡Àü¿¡ ÇØÁÜ)
    http://ftp.freshrpms.net/pub/freshrpms/redhat/7.3/apt/apt-0.5.5cnc5-fr0.rh73.2.i386.rpm
     
    [root@ns local]# rpm -e gated
    gated ÇÏ°í zebra ÇÏ°í Ãæµ¹³ª±â ¶§¹®¿¡ ¾î´À ÇÑ ÆÐÅ°Áö´Â »èÁ¦ÇØÁà¾ß ÇÑ´Ù. (¸Þ½ÃÁö°¡ ³ª¿ÔÀ»½Ã¸¸ ÇØ´çµÊ)
    [root@ns local]# apt-get install openssl
     
    - ÁÖÀÇ»çÇ× -
    1. ¼³Ä¡Àü¿¡ OpenSSLÀ» ¾÷±×·¡ÀÌµå ½ÃÄÑ ÁØ´Ù. ÇÊÀÚ´Â ·¹µåÇò 7.3¿¡¼­ ¼³Ä¡ÇÏ´Ù OpenSSL¿¡·¯°¡ ³ª¼­ up2date·Î ¾÷±×·¡ÀÌµå ½ÃÄÑ Áá´Ù. ¾Æ·¡¿Í °°Àº ¿¡·¯³ª ³ª¸é¼­ 0.9.6eÀÌ»ó ¹öÀüÀ» ¿ä±¸Çϴµ¥ ±×³É up2date·Î ¾÷±×·¡ÀÌµå ½ÃÄÑ Áá´õ´Ï openssl-0.9.6b-32.7¹öÀüÀ¸·Î ±³Ã¼ µÇ¸é¼­ ÀÌ»ó¾øÀÌ ¼³Ä¡°¡ µÇ¾ú´Ù.
     
    configure: error: you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23
    ftp://rpmfind.net/linux/redhat/updates/7.3/en/os/i386/openssl-0.9.6b-35.7.i386.rpm
     
    5. bind 9.3.0 compile 
    # ./configure --prefix= /usr/local/bind-9.3.0 --enable-threads
    # make
    # make install
     
    6. ½Éº¼¸¯ ¸µÅ© °É¾îÁÖ±â 
    # cd /usr/local
    # ln -s bind-9.3.0/ bind
     
    7. etc, var/run, var/named, var/tmp µð·ºÅ丮 »ý¼º 
    # cd /usr/local/bind
    # mkdir etc
    # mkdir var
    # cd var
    # mkdir run
    # mkdir named
    # mkdir tmp
     
    8. Å° »ý¼º
    # cd /usr/local/bind/sbin
    # ./rndc-confgen > /usr/local/bind/etc/rndc.conf
     
    9. bin ÆÄÀÏ ½Éº¼¸µ ¸µÅ© 
    # cd /usr/sbin
    # mv rndc rndc.bak
    # mv rndc-confgen rndc-confgen.bak
    # ln -s ../local/bind/sbin/rndc rndc
    # ln -s ../local/bind/sbin/rndc-confgen rndc-confgen
     
    # cd /usr/bin
    # mv dig dig.bak
    # mv nslookup nslookup.bak
    # ln -s ../local/bind/bin/dig dig
    # ln -s ../local/bind/bin/nslookup nslookup
     
    10. named.conf, kkanari.info.zone »ý¼º 
    # cd /usr/local/bind/etc
    # cat named.conf
    options {
            directory "/var/named";
            dump-file "/usr/local/bind/var/tmp/named_dump.db";
            statistics-file "/usr/local/bind/var/tmp/named.stats";
            version "no version";
            /*
             * If there is a firewall between you and nameservers you want
             * to talk to, you might need to uncomment the query-source
             * directive below.  Previous versions of BIND always asked
             * questions using port 53, but BIND 8.1 uses an unprivileged
             * port by default.
             */
            // query-source address * port 53;
    };
    key "rndc-key" {
           algorithm hmac-md5;
          secret "xx4m2r4GlTiKIaAVrW5fbg==";
    };
    controls {
           inet 127.0.0.1 port 953
                   allow { 127.0.0.1; } keys { "rndc-key"; };
    };
    zone "." IN {
            type hint;
            file "named.ca";
    };
    zone "localhost" IN {
            type master;
            file "localhost.zone";
            allow-update { none; };
    };
    zone "0.0.127.in-addr.arpa" IN {
            type master;
            file "named.local";
            allow-update { none; };
    };
    zone "kkanari.info" IN {
            type master;
            file "kkanari.info.zone";
            allow-update { key rndc-key; };
    };
    //include "/etc/rndc.key";
     
    # cd /usr/local/bind/var/named
    # cat kkanari.info.zone
    $TTL 3600
    @       IN      SOA     ns.kkanari.info. root.kkanari.info. (
                                          2004121003 ; serial
                                          28800      ; refresh
                                          7200       ; retry
                                          604800     ; expire
                                          86400      ; minimum
                                          )
            IN      NS      ns.kkanari.info.
            IN      A       210.111.16.144
            IN      MX 10   mail
    ns      IN      A       210.111.16.144
    ns2     IN      A       210.111.16.144
    mail    IN      A       210.111.16.144
    ftp     IN      A       210.111.16.144
    www     IN      A       210.111.16.144
    home    IN      A       210.111.16.144
    *       IN      A       210.111.16.144
    
     
    11. rndc.conf »ý¼º 
    # cd /usr/local/bind/etc
    # cat rndc.conf
    # Start of rndc.conf
    key "rndc-key" {
            algorithm hmac-md5;
            secret "xx4m2r4GlTiKIaAVrW5fbg==";
    };
    options {
            default-key "rndc-key";
            default-server 127.0.0.1;
            default-port 953;
    };
    # End of rndc.conf
    # Use with the following in named.conf, adjusting the allow list as needed:
    # key "rndc-key" {
    #       algorithm hmac-md5;
    #       secret "xx4m2r4GlTiKIaAVrW5fbg==";
    # };
    #
    # controls {
    #       inet 127.0.0.1 port 953
    #               allow { 127.0.0.1; } keys { "rndc-key"; };
    # };
    # End of named.conf
     
    12. ½ÇÇà 
    # /usr/local/bind/sbin/named -c /usr/local/bind/etc/named.conf&
     
    13. ij½³¼­¹ö µ¿ÀÛÈ®ÀÎ 
    [root@ns bind]# nslookup
    > server 127.0.0.1
    Default server: 127.0.0.1
    Address: 127.0.0.1#53
    > naver.com
    Server:         127.0.0.1
    Address:        127.0.0.1#53
    Non-authoritative answer:
    Name:   naver.com
    Address: 211.218.150.200
    > kr.yahoo.com
    Server:         127.0.0.1
    Address:        127.0.0.1#53
    Non-authoritative answer:
    kr.yahoo.com    canonical name = home.vip.krn.yahoo.com.
    Name:   home.vip.krn.yahoo.com
    Address: 202.43.214.190
    
    * À§¿Í°°ÀÌ Äõ¸®°¡ ¿Â´Ù¸é ÀÌ»ó¾øÀ½
     
    14. µµ¸ÞÀÎ Äõ¸® µ¿ÀÛÈ®ÀÎ 
    [root@ns bind]# nslookup
    > server 127.0.0.1
    Default server: 127.0.0.1
    Address: 127.0.0.1#53
    > kkanari.info
    Server:         127.0.0.1
    Address:        127.0.0.1#53
    Name:   kkanari.info
    Address: 210.111.16.144
    > www.kkanari.info
    Server:         127.0.0.1
    Address:        127.0.0.1#53
    Name:   www.kkanari.info
    Address: 210.111.16.144
    >
     
    * À§¿Í°°ÀÌ Äõ¸®°¡ ¿Â´Ù¸é ÀÌ»ó¾øÀ½
Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2005-01-13 11:32:49
Processing time 0.0210 sec