반응형
bind(bind9) 설치 및 설정
테스트 환경
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammybind9 패키지 설치
apt install bind9설치된 패키지(bind9) 목록 확인
apt list --installed bind9$ apt list --installed bind9
Listing... Done
bind9/jammy-updates,jammy-security,now 1:9.18.1-1ubuntu1.2 amd64 [installed]
N: There is 1 additional version. Please use the '-a' switch to see itapt list --installed -a bind9패키지(bind9) 정보 확인
apt show bind9$ apt show bind9
Package: bind9
Version: 1:9.18.1-1ubuntu1.2
Priority: optional
Section: net
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian DNS Team <team+dns@tracker.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 928 kB
Pre-Depends: init-system-helpers (>= 1.54~)
Depends: adduser, bind9-libs (= 1:9.18.1-1ubuntu1.2), bind9-utils (= 1:9.18.1-1ubuntu1.2), debconf | debconf-2.0, dns-root-data, iproute2, lsb-base (>= 3.2-14), netbase, libc6 (>= 2.34), libcap2 (>= 1:2.10), libjson-c5 (>= 0.15), liblmdb0 (>= 0.9.7), libmaxminddb0 (>= 1.3.0), libnghttp2-14 (>= 1.3.0), libssl3 (>= 3.0.0~~alpha1), libuv1 (>= 1.4.2), libxml2 (>= 2.7.4), zlib1g (>= 1:1.1.4)
Suggests: bind-doc, dnsutils, resolvconf, ufw
Breaks: bind (<< 1:9.13.6~)
Replaces: bind (<< 1:9.13.6~)
Homepage: https://www.isc.org/downloads/bind/
Task: dns-server
Download-Size: 251 kB
APT-Manual-Installed: yes
APT-Sources: http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
Description: Internet Domain Name Server
The Berkeley Internet Name Domain (BIND 9) implements an Internet domain
name server. BIND 9 is the most widely-used name server software on the
Internet, and is supported by the Internet Software Consortium, www.isc.org.
.
This package provides the server and related configuration files.
N: There is 1 additional record. Please use the '-a' switch to see it설치된 패키지(bind9)의 설치 경로 확인
dpkg -L bind9$ dpkg -L bind9
/.
/etc
/etc/apparmor.d
/etc/apparmor.d/force-complain
/etc/apparmor.d/local
/etc/apparmor.d/usr.sbin.named
/etc/bind
/etc/bind/bind.keys
/etc/bind/db.0
/etc/bind/db.127
/etc/bind/db.255
/etc/bind/db.empty
/etc/bind/db.local
/etc/bind/named.conf
/etc/bind/named.conf.default-zones
/etc/bind/named.conf.local
/etc/bind/named.conf.options
/etc/bind/zones.rfc1918
/etc/default
/etc/default/named
/etc/init.d
/etc/init.d/named
...dpkg -L bind9 | egrep -v 'share|lib|network|ppp|insserv|ufw' | egrep 'bind|bin/named'
named.conf 파일
cat /etc/bind/named.conf$ cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";$ cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};$ cat /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";$ cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};root.hints 파일
$ cat /usr/share/dns/root.hints
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: January 11, 2021
; related version of root zone: 2021011101
;
; FORMERLY NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of filenamed 프로세스 확인
$ ps -ef | grep -v grep | grep named
bind 71741 1 0 00:00 ? 00:00:00 /usr/sbin/named -u bindnamed tcp/udp listen port 확인(tcp 53, udp 53, rndc port tcp 953)
$ netstat -nlp | grep named
tcp 0 0 172.31.80.254:53 0.0.0.0:* LISTEN 71741/named
tcp 0 0 172.31.80.254:53 0.0.0.0:* LISTEN 71741/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 71741/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 71741/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 71741/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 71741/named
tcp6 0 0 fe80::42:b9ff:fe80:8:53 :::* LISTEN 71741/named
tcp6 0 0 fe80::42:b9ff:fe80:8:53 :::* LISTEN 71741/named
tcp6 0 0 fe80::a4d1:caff:fe24:53 :::* LISTEN 71741/named
tcp6 0 0 fe80::a4d1:caff:fe24:53 :::* LISTEN 71741/named
tcp6 0 0 ::1:53 :::* LISTEN 71741/named
tcp6 0 0 ::1:53 :::* LISTEN 71741/named
tcp6 0 0 ::1:953 :::* LISTEN 71741/named
tcp6 0 0 ::1:953 :::* LISTEN 71741/named
udp 0 0 172.31.80.254:53 0.0.0.0:* 71741/named
udp 0 0 172.31.80.254:53 0.0.0.0:* 71741/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 71741/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 71741/named
udp6 0 0 ::1:53 :::* 71741/named
udp6 0 0 ::1:53 :::* 71741/named
udp6 0 0 fe80::42:b9ff:fe80:8:53 :::* 71741/named
udp6 0 0 fe80::42:b9ff:fe80:8:53 :::* 71741/named
udp6 0 0 fe80::a4d1:caff:fe24:53 :::* 71741/named
udp6 0 0 fe80::a4d1:caff:fe24:53 :::* 71741/namedmocha.scbyun.com 도메인 추가
- zonefile 디렉터리 : /var/cache/bind
- named.conf 파일 : /etc/bind/named.conf
mocha.scbyun.com zone file 작성
cd /var/cache/bind/vim mocha.scbyun.com.zone;
$TTL 60
@ IN SOA localhost. root.localhost. (
2022112307 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.mocha.scbyun.com.
;
@ IN A 172.31.80.254
www IN CNAME @
ns IN A 172.31.80.254named.conf 설정
vim /etc/bind/named.conf...
zone "mocha.scbyun.com" {
type master;
file "mocha.scbyun.com.zone";
};named.conf 문법 검사
named-checkconfzonefile 문법 검사
named-checkzone mocha.scbyun.com mocha.scbyun.com.zone$ named-checkzone mocha.scbyun.com mocha.scbyun.com.zone
zone mocha.scbyun.com/IN: loaded serial 2022112307
OK질의 테스트
dig @127.0.0.1 www.mocha.scbyun.com$ dig @127.0.0.1 www.mocha.scbyun.com
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 www.mocha.scbyun.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41443
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 5e0d6ffb56d2b5a701000000637d8510e3d1ac093086392d (good)
;; QUESTION SECTION:
;www.mocha.scbyun.com. IN A
;; ANSWER SECTION:
www.mocha.scbyun.com. 60 IN CNAME mocha.scbyun.com.
mocha.scbyun.com. 60 IN A 172.31.80.254
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Nov 23 11:27:28 KST 2022
;; MSG SIZE rcvd: 107
반응형
'네임서버' 카테고리의 다른 글
| [네임서버] ubuntu에 bind 설치하기(install bind on ubuntu) (0) | 2023.01.13 |
|---|---|
| [네임서버] bind(named) 성능 점검(queryperf) (0) | 2022.11.28 |
| [네임서버] dig 명령어 (0) | 2020.09.04 |
| [네임서버] wildcard dns record (0) | 2018.05.25 |
| [네임서버] bind rndc 명령어 (0) | 2017.04.21 |
