# yum update
# yum -y install gcc make perl-Net-DNS openssl-devel
# yum -y install wget sysstat ntpdate
# rpm -qa | grep bind
# reboot
chkconfig udev-post off
chkconfig postfix off
chkconfig netfs off
chkconfig acpid off
[root@dns-bind-server ~]# cd /usr/local/src
[root@dns-bind-server src]# pwd
/usr/local/src
[root@dns-bind-server src]# wget ftp://ftp.isc.org/isc/bind9/9.10.1-P4/bind-9.10.1-P4.tar.gz
[root@dns-bind-server src]# tar zxvf /usr/local/src/bind-9.10.1-P4.tar.gz
[root@dns-bind-server src]# cd /usr/local/src/bind-9.10.1-P4
[root@dns-bind-server bind-9.10.1-P4]#
[root@dns-bind-server bind-9.10.1-P4]# ll /var/named
ls: cannot access /var/named: No such file or directory
[root@dns-bind-server bind-9.10.1-P4]# ./configure --prefix=/var/named/chroot --enable-threads --with-openssl=yes --enable-openssl-version-check --disable-ipv6
[root@dns-bind-server bind-9.10.1-P4]# make
아래 과정은 생략해도 됨.(bind test 를 위해 IP 추가 후 여러가지 테스트 과정)
[root@dns-bind-server bind-9.10.1-P4]# ll bin/tests/system/ifconfig.sh
-rwxr-xr-x. 1 10292 9901 5760 Nov 21 08:56 bin/tests/system/ifconfig.sh
[root@dns-bind-server bind-9.10.1-P4]# bin/tests/system/ifconfig.sh up
[root@dns-bind-server bind-9.10.1-P4]# make test
I:System test result summary:
I: 44 FAIL
I: X PASS
I: X SKIPPED
위와 같이 Fail 이 다수보이면,
[root@dns-bind-server bind-9.10.1-P4]# chown -R root /usr/local/src/bind-9.10.1-P4
[root@dns-bind-server bind-9.10.1-P4]# make test
I:exit status: 0
R:PASS
E:zonechecks:Fri Jan 29 XX:XX:XX JST 2016
I:System test result summary:
I: 63 PASS
I: 6 SKIPPED
make[3]: Leaving directory `/usr/local/src/bind-9.10.1-P4/bin/tests/system'
make[2]: Leaving directory `/usr/local/src/bind-9.10.1-P4/bin/tests'
make[1]: Leaving directory `/usr/local/src/bind-9.10.1-P4'
[root@dns-bind-server bind-9.10.1-P4]# make install
ln /var/named/chroot/share/man/man1/isc-config.sh.1 /var/named/chroot/share/man/man1/bind9-config.1
/usr/bin/install -c -m 644 ./bind.keys /var/named/chroot/etc
[root@dns-bind-server bind-9.10.1-P4]# ls -lrta /var/named/chroot/sbin/named
-rwxr-xr-x. 2 root root 9974284 Jan 29 01:22 /var/named/chroot/sbin/named
[root@dns-bind-server bind-9.10.1-P4]# /var/named/chroot/sbin/named -v
BIND 9.10.1-P4
[root@dns-bind-server bind-9.10.1-P4]# cd ~
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# cp -p /etc/group /etc/group.ORG
[root@dns-bind-server ~]# cp -p /etc/passwd /etc/passwd.ORG
[root@dns-bind-server ~]# cp -p /etc/shadow /etc/shadow.ORG
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# groupadd -g 25 bind
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# useradd -u 25 -g bind -d /var/named -c "DNS BIND Named User" -s /sbin/nologin bind
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@dns-bind-server ~]# id bind
uid=25(bind) gid=25(bind) groups=25(bind)
[root@dns-bind-server ~]# su - bind
This account is currently not available.
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# mkdir /var/named/chroot/dev
[root@dns-bind-server ~]# mknod -m 666 /var/named/chroot/dev/null c 1 3
[root@dns-bind-server ~]# mknod -m 666 /var/named/chroot/dev/random c 1 8
[root@dns-bind-server ~]# /var/named/chroot/sbin/rndc-confgen -a
wrote key file "/var/named/chroot/etc/rndc.key"
[root@dns-bind-server ~]# cat /var/named/chroot/etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "XXXXXXXXXXXXXXXXXXXXX";
};
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/sbin/rndc
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/sbin/named-checkconf
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/sbin/named-checkzone
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/bin/dig
[root@dns-bind-server ~]# ll /usr/local/sbin/rndc
ls: cannot access /usr/local/sbin/rndc: No such file or directory
[root@dns-bind-server ~]# ll /usr/local/sbin/*named*
ls: cannot access /usr/local/sbin/*named*: No such file or directory
[root@dns-bind-server ~]# ll /usr/local/bin/dig
ls: cannot access /usr/local/bin/dig: No such file or directory
[root@dns-bind-server ~]# ln -s /var/named/chroot/sbin/rndc /usr/local/sbin/rndc
[root@dns-bind-server ~]# ln -s /var/named/chroot/sbin/named-checkconf /usr/local/sbin/named-checkconf
[root@dns-bind-server ~]# ln -s /var/named/chroot/sbin/named-checkzone /usr/local/sbin/named-checkzone
[root@dns-bind-server ~]# ln -s /var/named/chroot/bin/dig /usr/local/bin/dig
[root@dns-bind-server ~]# mkdir /var/named/chroot/var/named
[root@dns-bind-server ~]# dig @a.root-servers.net . ns > /var/named/chroot/var/named/named.root
[root@dns-bind-server ~]# ls -lrta /var/named/chroot/var/named/named.root
-rw-r--r--. 1 root root 2196 Jan 29 01:47 /var/named/chroot/var/named/named.root
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone . /var/named/chroot/var/named/named.root
zone ./IN: has 0 SOA records
zone ./IN: not loaded due to errors.
[root@dns-bind-server ~]# mkdir /var/named/chroot/data
[root@dns-bind-server ~]# mkdir /var/named/chroot/var/log
[root@dns-bind-server ~]# ll /var/named/chroot/etc/named.conf
ls: cannot access /var/named/chroot/etc/named.conf: No such file or directory
[root@dns-bind-server ~]# vi /var/named/chroot/etc/named.conf
########################
/var/named/chroot/etc/named.conf
########################
Controls {
inet 127.0.0.1 allow {localhost;} keys {rndc-key;};
};
include "/etc/rndc.key";
options {
version "unknown";
directory "/var/named";
dump-file "/data/cache_dump.db";
statistics-file "/data/named_status.dat";
pid-file "/var/run/named/named.pid";
listen-on port 53 {any;};
allow-query {any;};
recursion yes;
allow-recursion { any ;};
allow-transfer {none;};
allow-update {none;};
};
zone "example.co.kr" IN { type master; file "example.co.kr.zone"; };
#############################
[root@dns-bind-server ~]# ll /var/named/chroot/etc/rndc.key
-rw-------. 1 bind bind 77 Jan 29 01:41 /var/named/chroot/etc/rndc.key
[root@dns-bind-server ~]# ln -s /var/named/chroot/etc/rndc.key /etc/rndc.key
[root@dns-bind-server ~]# ll /etc/rndc.key
lrwxrwxrwx. 1 root root 30 Jan 29 XX:XX /etc/rndc.key -> /var/named/chroot/etc/rndc.key
[root@dns-bind-server ~]# ll /var/named/chroot/etc/named.conf
-rw-r--r--. 1 bind bind 2226 Jan 29 22:21 /var/named/chroot/etc/named.conf
[root@dns-bind-server ~]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf
[root@dns-bind-server ~]# ll /etc/named.conf
lrwxrwxrwx. 1 root root 32 Jan 29 XX:XX /etc/named.conf -> /var/named/chroot/etc/named.conf
[root@dns-bind-server ~]# ll /etc/sysconfig/named
ls: cannot access /etc/sysconfig/named: No such file or directory
[root@dns-bind-server ~]# vi /etc/sysconfig/named
########################
/etc/sysconfig/named
########################
ROOTDIR=/var/named/chroot
OPTIONS=-4
########################
root@dns-bind-server ~]# ll /etc/sysconfig/named
-rw-r--r--. 1 root root 37 Jan 29 XX:XX /etc/sysconfig/named
[root@dns-bind-server ~]# /usr/local/sbin/named-checkconf /var/named/chroot/etc/named.conf
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# vi /var/named/chroot/var/named/example.co.kr.zone
########################
/var/named/chroot/var/named/example.co.kr.zone
########################
$ORIGIN example.co.kr.
$TTL 3600 ; 1 hour
@ IN SOA ns1.example.co.kr. root.ns1.example.co.kr. (
2015012902 ; serial
3600 ; refresh (1 hour)
1200 ; retry (20 min.)
1209600 ; expire (2 weeks)
900 ; minimum (15 min.)
)
@ IN NS ns1.example.co.kr.
@ IN NS ns2.example.co.kr.
ns1 IN A 192.51.100.6
ns2 IN A 192.51.100.7
##########################
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone ns1.example.co.kr /var/named/chroot/var/named/example.co.kr.zone
zone test.example.com/IN: loaded serial 2015012902
OK
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# vi /var/named/chroot/var/named/xxx.xxx.xxx.in-addr.arpa.rev
##########################
/var/named/chroot/var/named/xxx.xxx.xxx.in-addr.arpa.rev
##########################
$TTL 3600
@ IN SOA ns1.example.co.kr. root.ns1.example.co.kr. (
2002062500 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
10 ) ; Minimum
IN NS ns1.example.co.kr.
xxx IN PTR ns1.example.co.kr.
##########################
[root@dns-bind-server ~]# /usr/local/sbin/named-checkzone xxx.xxx.xxx /var/named/chroot/var/named/xxx.xxx.xxx.in-addr.arpa.rev
zone 100.51.192/IN: loaded serial 2015012904
OK
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# chown -R bind:bind /var/named
[root@dns-bind-server ~]# cp -p /etc/resolv.conf /etc/resolv.conf.ORG
[root@dns-bind-server ~]# diff /etc/resolv.conf /etc/resolv.conf.ORG
[root@dns-bind-server ~]# vi /etc/resolv.conf
##########################
/etc/resolv.conf
##########################
search example.co.kr
nameserver 127.0.0.1
nameserver XXX.XXX.XXX.XXX
##########################
[root@dns-bind-server ~]# /usr/local/sbin/named-checkconf /var/named/chroot/etc/named.conf
[root@dns-bind-server ~]# chown -R bind:bind /var/named
[root@dns-bind-server ~]# ps awux | grep -v grep | grep bind
[root@dns-bind-server ~]# /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]# ps awux | grep -v grep | grep bind
bind 6673 1.5 2.7 144024 16808 ? Ssl 03:35 0:00 /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# tail /var/log/messages
[root@dns-bind-server ~]# tail /var/named/chroot/var/log/alert.log
[root@dns-bind-server ~]# tail /var/named/chroot/var/log/named.log
[root@dns-bind-server ~]#
SELINUX 확인
[root@dns-bind-server ~]# getenforce
Enforcing
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# vi /etc/sysconfig/selinux
.....
SELINUX=enforcing
....
....
SELINUX=disabled
....
로 수정
[root@dns-bind-server ~]#
BIND 테스트
[root@dns-bind-server ~]# dig +norec ns1.example.co.kr. @127.0.0.1
[root@dns-bind-server ~]# dig +norec -x xxx.xxx.xxx.xxx @127.0.0.1
[root@dns-bind-server ~]# dig www.yahoo.com @127.0.0.1
BIND init 스크립트
[root@dns-bind-server ~]# vi /etc/init.d/named
##########################
/etc/init.d/named
##########################
#!/bin/bash
#
# named This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: 235 23 77
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
RETVAL=0
prog="named"
named_user="bind"
named_conf="/etc/named.conf"
# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 1
[ -r /etc/sysconfig/named ] && . /etc/sysconfig/named
[ -x ${ROOTDIR}/sbin/named ] || exit 1
[ -r ${named_conf} ] || exit 1
PATH=$PATH:/usr/local/sbin
start() {
# Start daemons.
echo -n $"Starting $prog: "
if [ -n "`/sbin/pidof named`" ]; then
echo -n $"$prog: already running"
failure
echo
return 1
fi
ckcf_options='-z';
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
ckcf_options="$ckcf_options -t ${ROOTDIR}";
fi
conf_ok=0;
if [ -x /usr/local/sbin/named-checkconf ] && \
#echo "named-checkconf $ckcf_options ${named_conf}"
named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then
conf_ok=1;
else
RETVAL=$?;
fi
if [ $conf_ok -eq 1 ]; then
#echo "daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf}"
daemon ${ROOTDIR}/sbin/named -u ${named_user} ${OPTIONS} -c ${named_conf};
RETVAL=$?;
if [ $RETVAL -eq 0 ]; then
ln -s $ROOTDIR/var/run/named/named.pid /var/run/named.pid;
fi;
else
#echo "named-checkconf $ckcf_options ${named_conf}"
named_err="`named-checkconf $ckcf_options ${named_conf} 2>&1`";
echo
echo $"Error in named configuration"':';
echo "$named_err";
failure
echo
if [ -x /usr/bin/logger ]; then
echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed
fi;
return $RETVAL;
fi;
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Stopping $prog: "
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/named
rm -f /var/run/named.pid
elif pidof named >/dev/null; then
rndc stop >/dev/null 2>&1 || killproc named >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/named
rm -f /var/run/named.pid
fi;
fi;
if [ $RETVAL -eq 0 ]; then
success
else
failure
fi;
echo
return $RETVAL
}
rhstatus() {
rndc status
return $?
}
restart() {
echo -e "\033[31;1m"============= NS1 Named Restart ============== "\033[m \n"
stop
sleep 2
start
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart)
restart
;;
condrestart)
if [ -e /var/lock/subsys/named ]; then restart; fi
;;
reload)
reload
;;
probe)
probe
;;
checkconfig)
checkconfig
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|probe|checkconfig}"
exit 1
esac
exit $?
##########################
[root@dns-bind-server ~]# chmod 755 /etc/init.d/named
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 6673 0.0 2.7 144032 16916 ? Ssl 03:35 0:00 /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]# cat /var/named/chroot/var/run/named/named.pid
6673
[root@dns-bind-server ~]# kill `cat /var/named/chroot/var/run/named/named.pid`
[root@dns-bind-server ~]# ps awux | grep -v grep | grep bind
[root@dns-bind-server ~]#
[root@dns-bind-server ~]# /etc/init.d/named checkconfig
named-checkconf -z -t /var/named/chroot /etc/named.conf
zone example.com/IN: loaded serial 2015012904
zone xxx.xxx.xxx.in-addr.arpa/IN: loaded serial 2015012904
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
[root@dns-bind-server ~]# /etc/init.d/named start
Starting named: named-checkconf -z -t /var/named/chroot /etc/named.conf
daemon /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[ OK ]
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 10162 0.5 1.9 139864 11860 ? Ssl 00:13 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]# chkconfig --list | grep named
[root@dns-bind-server ~]# chkconfig --add named
[root@dns-bind-server ~]# chkconfig named on
[root@dns-bind-server ~]# chkconfig --list | grep named
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@dns-bind-server ~]# reboot
[root@dns-bind-server ~]# ps awux | grep -v grep | grep named
bind 743 0.0 1.9 139864 11868 ? Ssl 00:22 0:00 /var/named/chroot/sbin/named -u bind -4 -t /var/named/chroot -c /etc/named.conf
[root@dns-bind-server ~]# dig +noall +ans +norec ns1.example.co.kr @127.0.0.1
[root@dns-bind-server ~]# dig +noall +ans +norec -x xxx.xxx.xxx.xxx @127.0.0.1
[root@dns-bind-server ~]# /usr/local/sbin/rndc reload
server reload successful
[root@dns-bind-server ~]# /usr/local/sbin/rndc status
version: 9.10.1-P4 (unknown) <id:162bfa62>
.....
'엔지니어 > Linux' 카테고리의 다른 글
| How to install Redis 4 on Centos 6 / 7, Ubuntu 16 and Debian 8 (0) | 2017.09.07 |
|---|---|
| Ubuntu 14.04 LTS 에서 Ubuntu 16.04 LTS 업그레이드 (0) | 2017.08.22 |
| top 명령어 및 옵션 설명 (0) | 2017.03.15 |
| 비트윈 시스템 아키텍처 (0) | 2017.02.15 |
| 서버 비용을 70%나 줄인 온디맨드 리사이징 이야기 (0) | 2017.02.15 |