= gentoo BIND ¼³Ä¡ (chroot ¹öÀü) = [[TableOfContents]] == ¼Ò°³ == ÀÌ ¹®¼­´Â chroot BIND ¹®¼­ÀÌ´Ù. chroot ·Î ¿î¿µÇÏÁö ¾ÊÀ¸·Á¸é ¾Æ·¡ ebuild /var... config Ç׸ñÀ» ½ÇÇà½ÃÄÑ ÁÖÁö ¾ÊÀ¸¸é µÈ´Ù. ±×¸®°í ±âº» µð·ºÅ丮¸¦ /var/bind ·Î °¡Á¤ÇÑ´Ù. == ¼³Ä¡ == === bind , bind-tools install === {{{# emerge bind bind-tools }}}³×ÀÓ¼­¹ö bind ¿Í bind-tools (dig, nslookup, host µî) À» ¼³Ä¡ÇÑ´Ù === chroot === ==== chroot ºôµå ==== chroot ·Î µ¹¸®±â À§Çؼ­ ¾Æ·¡¿Í °°ÀÌ ½ÇÇàÇÑ´Ù{{{ # ebuild /var/db/pkg/net-dns// config }}} ¼³Ä¡µÈ ¹öÀüÀÌ bind-9.2.2-r3 ÀÓÀ¸·Î ¾Æ·¡¿Í °°ÀÌ ÀÔ·ÂÇÑ´Ù{{{ # ebuild /var/db/pkg/net-dns/bind-9.2.2-r3/bind-9.2.2-r3.ebuild config * * Setting up the chroot directory... Done. * * Add the following to your root .bashrc or .bash_profile: * alias rndc='rndc -k /chroot/dns/etc/bind/rndc.key' * Then do the following: * source /root/.bashrc or .bash_profile *}}} À§¿Í °°ÀÌ Çϸé /etc/conf.d/named ÆÄÀÏ ³»¿ëÀ» º¸¸é CHROOT ¶ó´Â Ç׸ñµµ º¯°æµÇ¾î ÀÖ´Ù chroot ·Î º¯°æÇÏ´Â ÀÌÀ¯´Â named °¡ º¸¾È¹ö±×»ó Ãë¾à¼ºÀÌ ¹ß°ßµÇ¾î ¶Õ¸± ¼ö°¡ Àִµ¥, ÀÌ·²¶§¸¦ ¹æÁöÇϱâ À§Çؼ­ »ç¿ëÇÑ´Ù. chroot »ç¿ë ¾ÈÇÏ´Â »ç¶÷Àº /var/bind ·Î »ç¿ëÇÑ´Ù. ==== chroot ¿É¼ÇÈ®ÀÎ ==== {{{ # cat /etc/conf.d/named # Set various named options here. # OPTIONS="" # Set this to the number of processors you have. # CPU="1" # If you wish to run bind in a chroot, run: # ebuild /var/db/pkg/net-dns// config # and un-comment the following line. # You can specify a different chroot directory but MAKE SURE it's empty. CHROOT="/chroot/dns" }}} ==== chroot directory ==== chroot ÇÏÀ§µð·ºÅ丮´Â ¾Æ·¡¿Í °°ÀÌ ±¸¼ºµÇ¾î ÀÖ´Ù. {{{ # cd /chroot # tree . `-- dns |-- dev | |-- random | `-- zero |-- etc | |-- bind | | |-- named.conf | | |-- pri -> ../../var/bind/pri | | |-- rndc.key | | `-- sec -> ../../var/bind/sec | `-- localtime `-- var |-- bind | |-- named.ca | |-- pri | | |-- 127.zone | | `-- localhost.zone | |-- root.cache -> ../../var/bind/named.ca | `-- sec `-- run `-- named 12 directories, 9 files}}} == ¼³Á¤ == === named.conf === {{{ # vi /chroot/dns/etc/bind/named.conf }}} À§ ÆÄÀÏ Áß¿¡ listen-on À̶ó°í µÇ¾îÀÖ´Â Ç׸ñÀÌ Àִµ¥, ÇöÀç »óÅ°¡ 127.0.0.1 ¿¡ ´ëÇÑ lookup ¸¸ Çã¿ëµÇ¾îÀÖ´Ù. ¼­ºñ½º µ¹¸± IP ¸¦ Ãß°¡ÇÏ¿© ÁØ´Ù.{{{ listen-on { 127.0.0.1; 192.168.0.100; 210.111.16.144; };}}} === named µ¥¸ó µî·Ï & ½ÃÀÛ === named ¸¦ ½ÃÀÛµ¥¸ó¿¡ µî·Ï½ÃÅ°°í start ½ÃŲ´Ù {{{ # rc-update add named default * named added to runlevel default * Caching service dependencies... * rc-update complete. # /etc/init.d/named start * Starting chrooted named... [ ok ] }}} ¿©±â±îÁö¸é ij½³¼­¹ö·Î ÈǸ¢ÇÑ µ¿ÀÛÀ» ÇÑ´Ù. == kkanari.info µµ¸ÞÀÎ µî·Ï === === named.conf ¼öÁ¤ === ±×·³ µµ¸ÞÀÎÀ» Çϳª µî·ÏÇØ º¸ÀÚ ! kkanari.info µµ¸ÞÀÎÀ» µî·ÏÇØ º¸°Ú´Ù. (ÆÄÀϸí kkanari.info.zone) /chroot/dns/etc/bind/named.conf ¿¡ ¾Æ·¡¿Í °°ÀÌ Ãß°¡¸¦ ÇØ ÁØ´Ù. {{{ zone "kkanari.info" IN { type master; file "pri/kkanari.info.zone"; allow-update { none; }; }; }}} === zone ÆÄÀÏ»ý¼º === /chroot/dns/etc/bind/pri/kkanari.info.zone ÆÄÀÏÀ» ¾Æ·¡¿Í °°ÀÌ ¸¸µé¾î ÁØ´Ù. {{{ $TTL 3600 @ IN SOA ns.kkanari.info. root.kkanari.info. ( 2005012701 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; minimum ) ; ; IN NS ns.kkanari.info. IN A 210.111.16.144 IN MX 10 mail ; ; ns IN A 210.111.16.144 ns2 IN A 210.111.16.144 mail IN A 210.111.16.144 ftp IN A 210.111.16.144 www IN A 210.111.16.144 home IN A 210.111.16.144 * IN A 210.111.16.144 }}} === named zone reload === zone ÆÄÀÏ load ¸¦ ÇØÁØ´Ù {{{ # rndc reload }}} === log È®ÀÎ === /var/log/everything/current ·Î±×¸¦ È®ÀÎÇØ º¸¸é (syslogd °¡ ¾Æ´Ñ metalog ´Ù ;;) {{{ Jan 27 15:06:21 [kernel] process `rndc' is using obsolete setsockopt SO_BSDCOMPAT Jan 27 15:06:21 [named] loading configuration from '/etc/bind/named.conf' Jan 27 15:06:21 [named] no IPv6 interfaces found Jan 27 15:06:21 [named] zone kkanari.info/IN: loaded serial 2005012701 }}} À§¿Í°°ÀÌ Á¤»óÀûÀ¸·Î Àоîµé¿´´Ù. === Å×½ºÆ® !!! === Å×½ºÆ®¸¦ ÇØ º¸ÀÚ {{{ > server kkanari.info Default Server: kkanari.info Address: 210.111.16.144 > kkanari.info Server: kkanari.info Address: 210.111.16.144 Name: kkanari.info Address: 210.111.16.144 > www.kkanari.info Server: kkanari.info Address: 210.111.16.144 Name: www.kkanari.info Address: 210.111.16.144 > mail.kkanari.info Server: kkanari.info Address: 210.111.16.144 Name: mail.kkanari.info Address: 210.111.16.144 }}} ¾ÆÁÖ Àß µÈ´Ù :D