E D R , A S I H C RSS

FrontPage bind_gentoo

gentoo BIND ¼³Ä¡ (chroot ¹öÀü)


Contents

1. gentoo BIND ¼³Ä¡ (chroot ¹öÀü)
1.1. ¼Ò°³
1.2. ¼³Ä¡
1.2.1. bind , bind-tools install
1.2.2. chroot
1.2.2.1. chroot ºôµå
1.2.2.2. chroot ¿É¼ÇÈ®ÀÎ
1.2.2.3. chroot directory
1.3. ¼³Á¤
1.3.1. named.conf
1.3.2. named µ¥¸ó µî·Ï & ½ÃÀÛ
1.4. kkanari.info µµ¸ÞÀÎ µî·Ï
1.4.1. named.conf ¼öÁ¤
1.4.2. zone ÆÄÀÏ»ý¼º
1.4.3. named zone reload
1.4.4. log È®ÀÎ
1.4.5. Å×½ºÆ® !!!


1.1. ¼Ò°³

ÀÌ ¹®¼­´Â chroot BIND ¹®¼­ÀÌ´Ù. chroot ·Î ¿î¿µÇÏÁö ¾ÊÀ¸·Á¸é ¾Æ·¡ ebuild /var... config Ç׸ñÀ» ½ÇÇà½ÃÄÑ ÁÖÁö ¾ÊÀ¸¸é µÈ´Ù. ±×¸®°í ±âº» µð·ºÅ丮¸¦ /var/bind ·Î °¡Á¤ÇÑ´Ù.

1.2. ¼³Ä¡

1.2.1. bind , bind-tools install 


# emerge bind bind-tools
³×ÀÓ¼­¹ö bind ¿Í bind-tools (dig, nslookup, host µî) À» ¼³Ä¡ÇÑ´Ù

1.2.2. chroot

1.2.2.1. chroot ºôµå

chroot ·Î µ¹¸®±â À§Çؼ­ ¾Æ·¡¿Í °°ÀÌ ½ÇÇàÇÑ´Ù
# ebuild /var/db/pkg/net-dns/<bind version>/<bind-version> config

¼³Ä¡µÈ ¹öÀüÀÌ bind-9.2.2-r3 ÀÓÀ¸·Î ¾Æ·¡¿Í °°ÀÌ ÀÔ·ÂÇÑ´Ù
 # ebuild /var/db/pkg/net-dns/bind-9.2.2-r3/bind-9.2.2-r3.ebuild config
 *
 * Setting up the chroot directory... Done.
 *
 * Add the following to your root .bashrc or .bash_profile:
 *    alias rndc='rndc -k /chroot/dns/etc/bind/rndc.key'
 * Then do the following:
 *    source /root/.bashrc or .bash_profile
 *

À§¿Í °°ÀÌ Çϸé /etc/conf.d/named ÆÄÀÏ ³»¿ëÀ» º¸¸é CHROOT ¶ó´Â Ç׸ñµµ º¯°æµÇ¾î ÀÖ´Ù
chroot ·Î º¯°æÇÏ´Â ÀÌÀ¯´Â named °¡ º¸¾È¹ö±×»ó Ãë¾à¼ºÀÌ ¹ß°ßµÇ¾î ¶Õ¸± ¼ö°¡ Àִµ¥, ÀÌ·²¶§¸¦ ¹æÁöÇϱâ À§Çؼ­ »ç¿ëÇÑ´Ù. chroot »ç¿ë ¾ÈÇÏ´Â »ç¶÷Àº /var/bind ·Î »ç¿ëÇÑ´Ù.

1.2.2.2. chroot ¿É¼ÇÈ®ÀÎ 

# cat /etc/conf.d/named 
# Set various named options here.
#
OPTIONS=""

# Set this to the number of processors you have.
#
CPU="1"

# If you wish to run bind in a chroot, run:
# ebuild /var/db/pkg/net-dns/<bind version>/<bind-version> config
# and un-comment the following line.
# You can specify a different chroot directory but MAKE SURE it's empty.
CHROOT="/chroot/dns"

1.2.2.3. chroot directory

chroot ÇÏÀ§µð·ºÅ丮´Â ¾Æ·¡¿Í °°ÀÌ ±¸¼ºµÇ¾î ÀÖ´Ù. 
# cd /chroot
# tree
.
`-- dns
    |-- dev
    |   |-- random
    |   `-- zero
    |-- etc
    |   |-- bind
    |   |   |-- named.conf
    |   |   |-- pri -> ../../var/bind/pri
    |   |   |-- rndc.key
    |   |   `-- sec -> ../../var/bind/sec
    |   `-- localtime
    `-- var
        |-- bind
        |   |-- named.ca
        |   |-- pri
        |   |   |-- 127.zone
        |   |   `-- localhost.zone
        |   |-- root.cache -> ../../var/bind/named.ca
        |   `-- sec
        `-- run
            `-- named

12 directories, 9 files

1.3. ¼³Á¤

1.3.1. named.conf 

# vi /chroot/dns/etc/bind/named.conf
À§ ÆÄÀÏ Áß¿¡ listen-on À̶ó°í µÇ¾îÀÖ´Â Ç׸ñÀÌ Àִµ¥, ÇöÀç »óÅ°¡ 127.0.0.1 ¿¡ ´ëÇÑ
lookup ¸¸ Çã¿ëµÇ¾îÀÖ´Ù. ¼­ºñ½º µ¹¸± IP ¸¦ Ãß°¡ÇÏ¿© ÁØ´Ù.
        listen-on { 127.0.0.1; 192.168.0.100; 210.111.16.144; };

1.3.2. named µ¥¸ó µî·Ï & ½ÃÀÛ

named ¸¦ ½ÃÀÛµ¥¸ó¿¡ µî·Ï½ÃÅ°°í start ½ÃŲ´Ù 
# rc-update add named default
 * named added to runlevel default
 * Caching service dependencies...
 * rc-update complete.
# /etc/init.d/named start
 * Starting chrooted named...                                                      [ ok ]

¿©±â±îÁö¸é ij½³¼­¹ö·Î ÈǸ¢ÇÑ µ¿ÀÛÀ» ÇÑ´Ù.

1.4. kkanari.info µµ¸ÞÀÎ µî·Ï

1.4.1. named.conf ¼öÁ¤

±×·³ µµ¸ÞÀÎÀ» Çϳª µî·ÏÇØ º¸ÀÚ !
kkanari.info µµ¸ÞÀÎÀ» µî·ÏÇØ º¸°Ú´Ù. (ÆÄÀϸí kkanari.info.zone)

/chroot/dns/etc/bind/named.conf ¿¡ ¾Æ·¡¿Í °°ÀÌ Ãß°¡¸¦ ÇØ ÁØ´Ù.
zone "kkanari.info" IN {
    type master;
    file "pri/kkanari.info.zone";
    allow-update { none; };
};

1.4.2. zone ÆÄÀÏ»ý¼º

/chroot/dns/etc/bind/pri/kkanari.info.zone ÆÄÀÏÀ» ¾Æ·¡¿Í °°ÀÌ ¸¸µé¾î ÁØ´Ù.
$TTL 3600
@   IN  SOA ns.kkanari.info. root.kkanari.info. (
                                      2005012701 ; serial
                                      28800      ; refresh
                                      7200       ; retry
                                      604800     ; expire
                                      86400      ; minimum
                                      )
;
;
        IN      NS      ns.kkanari.info.
        IN      A       210.111.16.144
        IN      MX 10   mail
;
;
ns      IN      A       210.111.16.144
ns2     IN      A       210.111.16.144
mail    IN      A       210.111.16.144
ftp     IN      A       210.111.16.144
www     IN      A       210.111.16.144
home    IN      A       210.111.16.144
*       IN      A       210.111.16.144

1.4.3. named zone reload

zone ÆÄÀÏ load ¸¦ ÇØÁØ´Ù 
# rndc reload

1.4.4. log È®ÀÎ

/var/log/everything/current ·Î±×¸¦ È®ÀÎÇØ º¸¸é (syslogd °¡ ¾Æ´Ñ metalog ´Ù ;;)
Jan 27 15:06:21 [kernel] process `rndc' is using obsolete setsockopt SO_BSDCOMPAT
Jan 27 15:06:21 [named] loading configuration from '/etc/bind/named.conf'
Jan 27 15:06:21 [named] no IPv6 interfaces found
Jan 27 15:06:21 [named] zone kkanari.info/IN: loaded serial 2005012701
À§¿Í°°ÀÌ Á¤»óÀûÀ¸·Î Àоîµé¿´´Ù.

1.4.5. Å×½ºÆ® !!!

Å×½ºÆ®¸¦ ÇØ º¸ÀÚ 
> server kkanari.info
Default Server:  kkanari.info
Address:  210.111.16.144

> kkanari.info
Server:  kkanari.info
Address:  210.111.16.144

Name:    kkanari.info
Address:  210.111.16.144

> www.kkanari.info
Server:  kkanari.info
Address:  210.111.16.144

Name:    www.kkanari.info
Address:  210.111.16.144

> mail.kkanari.info
Server:  kkanari.info
Address:  210.111.16.144

Name:    mail.kkanari.info
Address:  210.111.16.144

¾ÆÁÖ Àß µÈ´Ù :D
Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2005-01-27 15:55:02
Processing time 0.0241 sec