네임서버 구축

:: 네임서버 구축

[root@s92 bind-9.3.0]# service named stop
named 를 정지함:
[root@s92 bind-9.3.0]# rpm -qa | grep bind
bind-chroot-9.2.4-2
bind-libs-9.2.4-2
ypbind-1.17.2-3
bind-9.2.4-2
system-config-bind-2.0.3-1
bind-devel-9.2.4-2
kdebindings-3.3.0-3
bind-utils-9.2.4-2
kdebindings-devel-3.3.0-3
[root@s92 bind-9.3.0]# yum remove bind
Setting up Remove Process
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package bind.i386 20:9.2.4-2 set to be erased
--> Running transaction check
Setting up Repos
http://ftp.rhnet.is/pub/fedora/3/i386/os/repodata/repomd.xml: [Errno 4] IOError: HTTP Error 404: Not Found
Trying other mirror.
base 100% |=========================| 1.1 kB 00:00
updates-released 100% |=========================| 951 B 00:00
Reading repository metadata in from local files
base : ################################################## 2622/2622
primary.xml.gz 100% |=========================| 362 kB 00:04
MD Read : ################################################## 962/962
updates-re: ################################################## 962/962
--> Processing Dependency: bind = 20:9.2.4-2 for package: bind-chroot
--> Processing Dependency: bind for package: system-config-bind
--> Processing Dependency: bind for package: caching-nameserver
--> Processing Dependency: bind >= 9.1.3-0.rc2.3 for package: caching-nameserver
--> Processing Dependency: bind = 20:9.2.4-2 for package: bind-devel
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package caching-nameserver.noarch 0:7.3-3 set to be erased
---> Package bind-devel.i386 20:9.2.4-2 set to be erased
---> Package system-config-bind.noarch 0:2.0.3-1 set to be erased
---> Package bind-chroot.i386 20:9.2.4-2 set to be erased
--> Running transaction check

Dependencies Resolved
Transaction Listing:
Remove: bind.i386 20:9.2.4-2

Performing the following to resolve dependencies:
Remove: bind-chroot.i386 20:9.2.4-2
Remove: bind-devel.i386 20:9.2.4-2
Remove: caching-nameserver.noarch 0:7.3-3
Remove: system-config-bind.noarch 0:2.0.3-1
Total download size: 0
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test

Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Erasing: bind-devel 1/5
Erasing: caching-nameserver 2/5
warning: /etc/sysconfig/named saved as /etc/sysconfig/named.rpmsave
warning: /etc/rndc.key saved as /etc/rndc.key.rpmsave
Erasing: bind 3/5
Erasing: system-config-bind 4/5
/var/tmp/rpm-tmp.31911: line 15: /etc/init.d/named: 그런 파일이나 디렉토리가 없음
Erasing: bind-chroot 5/5
/var/tmp/rpm-tmp.31911: line 7: /etc/init.d/named: 그런 파일이나 디렉토리가 없음

Removed: bind.i386 20:9.2.4-2
Dependency Removed: bind-chroot.i386 20:9.2.4-2 bind-devel.i386 20:9.2.4-2 caching-nameserver.noarch 0:7.3-3 system-config-bind.noarch 0:2.0.3-1
Complete!

[root@s92 bind-9.3.0]# rpm -qa | grep bind
bind-libs-9.2.4-2
ypbind-1.17.2-3
kdebindings-3.3.0-3
bind-utils-9.2.4-2
kdebindings-devel-3.3.0-3

[root@s92 bind-9.3.0]# rpm -e --nodeps bind-libs-9.2.4-2
[root@s92 bind-9.3.0]# rpm -e --nodeps bind-utils-9.2.4-2
[root@s92 bind-9.3.0]# rpm -qa | grep bind
ypbind-1.17.2-3
kdebindings-3.3.0-3
kdebindings-devel-3.3.0-3

[root@s92 bind-9.3.0]# ./configure --prefix=/usr --sysconfdir=/etc \\
> --localstatedir=/var --with-openssl --with-libtool

[root@s92 bind-9.3.0]# make ; make install
[root@s92 src]# useradd -u 25 -c \"DNS SERVER\" -r -d /var/named \\
> -s /bin/false named
[root@s92 src]# grep named /etc/passwd
named:x:25:25:DNS SERVER:/var/named:/bin/false

[root@s92 src]# ls /var/named
chroot

# named 디렉토리를 다운받았음
# /var/named/chroot/var/named 에 있는 파일이 /var/named 에 링크되어있는지 확인해봐야 한다.
# 여기서는 링크가 되어있지 않아서 다른곳에서 named 디렉토리를 통채로 다운받았다
[root@s92 src]# chmod 770 /var/named
[root@s92 src]# chgrp named /var/named
[root@s92 src]# ls -ld /var/named
drwxrwx--- 3 root named 4096 11월 25 10:52 /var/named
[root@s92 src]# chown named /var/named
[root@s92 src]# ls -ld /var/named
drwxrwx--- 3 named named 4096 11월 25 10:52 /var/named
[root@s92 src]# ls -l /etc/named.conf
ls: /etc/named.conf: 그런 파일이나 디렉토리가 없음 <- 그래서 다운받았음

[root@s92 named]# cd /var/named
[root@s92 named]# mkdir data
[root@s92 named]# chmod 770 data
[root@s92 named]# ls -l
합계 16
drwxrwx--- 5 root named 4096 11월 7 14:49 chroot
drwxrwx--- 2 root root 4096 11월 25 11:29 data
[root@s92 named]#
mkdir data
[root@s92 named]# chmod 770 data
[root@s92 named]# ls -l
합계 16
drwxrwx--- 5 root named 4096 11월 7 14:49 chroot
drwxrwx--- 2 root root 4096 11월 25 11:29 data
[root@s92 named]#

[root@s92 named]# vi named.ca
# named.ca 업데이트
[root@s92 named]# dig @a.root-servers.net . NS | grep -v \"^;\" > named.ca
[root@s92 named]# pwd
/var/named/chroot/var/named

[root@s92 named]# cd /etc/rc.d/init.d
[root@s92 init.d]# ls -l named <- 다운받은 name 구동 스크립트
-rwx------ 1 root root 3184 11월 25 11:23 named
[root@s92 init.d]# pwd
/etc/rc.d/init.d
[root@s92 init.d]#

[root@s92 named]# rndc-confgen > /etc/rndc.conf
[root@s92 named]# vi /etc/rndc.conf

[root@s92 named]# chkconfig --add named
[root@s92 named]# chkconfig --list named
named 0:해제 1:해제 2:해제 3:해제 4:해제 5:해제 6:해제
[root@s92 named]# chkconfig --level 35 named on
[root@s92 named]# chkconfig --list named
named 0:해제 1:해제 2:해제 3:활성 4:해제 5:활성 6:해제


[root@s92 etc]# rndc-confgen -a
wrote key file \"/etc/rndc.key\"
[root@s92 etc]# cat /etc/rndc.key
key \"rndc-key\" {
algorithm hmac-md5;
secret \"/rY70AngJU5iWlgxo4jDQw==\";
};
[root@s92 etc]# grep secret /etc/rndc.conf
secret \"D7za6FzVwTL0KvN04wOduA==\";
# secret \"D7za6FzVwTL0KvN04wOduA==\";
[root@s92 etc]# grep rndc-key /etc/rndc.conf
key \"rndc-key\" {
default-key \"rndc-key\";
# key \"rndc-key\" {
# allow { 127.0.0.1; } keys { \"rndc-key\"; };
[root@s92 etc]# grep rndckey /etc/named.conf
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
[root@s92 etc]# vi /etc/named.conf
[root@s92 etc]# grep rndckey /etc/named.conf
[root@s92 etc]# grep rndc /etc/named.conf
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
include \"/etc/rndc.key\";
[root@s92 etc]# service named start