반응형
우분투에서 BIND9를 설치하고 설정하는 방법
BIND (Berkeley Internet Name Domain)는 주로 DNS (Domain Name System) 서버를 구축하고 관리하기 위해 사용되는 오픈 소스 소프트웨어입니다. DNS는 도메인 이름을 IP 주소로 변환하거나 역으로 IP 주소를 도메인 이름으로 변환하는 역할을 합니다.
테스트 환경
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
BIND9 설치하기
- bind9 패키지 설치
sudo apt update
sudo apt install bind9
- 설치된 패키지(bind9) 목록 확인
apt list --installed bind9
$ apt list --installed bind9
Listing... Done
bind9/jammy-updates,jammy-security,now 1:9.18.1-1ubuntu1.2 amd64 [installed]
N: There is 1 additional version. Please use the '-a' switch to see it
apt list --installed -a bind9
- 패키지(bind9) 정보 확인
apt show bind9
$ apt show bind9
Package: bind9
Version: 1:9.18.1-1ubuntu1.2
Priority: optional
Section: net
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian DNS Team <team+dns@tracker.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 928 kB
Pre-Depends: init-system-helpers (>= 1.54~)
Depends: adduser, bind9-libs (= 1:9.18.1-1ubuntu1.2), bind9-utils (= 1:9.18.1-1ubuntu1.2), debconf | debconf-2.0, dns-root-data, iproute2, lsb-base (>= 3.2-14), netbase, libc6 (>= 2.34), libcap2 (>= 1:2.10), libjson-c5 (>= 0.15), liblmdb0 (>= 0.9.7), libmaxminddb0 (>= 1.3.0), libnghttp2-14 (>= 1.3.0), libssl3 (>= 3.0.0~~alpha1), libuv1 (>= 1.4.2), libxml2 (>= 2.7.4), zlib1g (>= 1:1.1.4)
Suggests: bind-doc, dnsutils, resolvconf, ufw
Breaks: bind (<< 1:9.13.6~)
Replaces: bind (<< 1:9.13.6~)
Homepage: https://www.isc.org/downloads/bind/
Task: dns-server
Download-Size: 251 kB
APT-Manual-Installed: yes
APT-Sources: http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
Description: Internet Domain Name Server
The Berkeley Internet Name Domain (BIND 9) implements an Internet domain
name server. BIND 9 is the most widely-used name server software on the
Internet, and is supported by the Internet Software Consortium, www.isc.org.
.
This package provides the server and related configuration files.
N: There is 1 additional record. Please use the '-a' switch to see it
- 설치된 패키지(bind9)의 설치 경로 확인
dpkg -L bind9
$ dpkg -L bind9
/.
/etc
/etc/apparmor.d
/etc/apparmor.d/force-complain
/etc/apparmor.d/local
/etc/apparmor.d/usr.sbin.named
/etc/bind
/etc/bind/bind.keys
/etc/bind/db.0
/etc/bind/db.127
/etc/bind/db.255
/etc/bind/db.empty
/etc/bind/db.local
/etc/bind/named.conf
/etc/bind/named.conf.default-zones
/etc/bind/named.conf.local
/etc/bind/named.conf.options
/etc/bind/zones.rfc1918
/etc/default
/etc/default/named
/etc/init.d
/etc/init.d/named
...
dpkg -L bind9 | egrep -v 'share|lib|network|ppp|insserv|ufw' | egrep 'bind|bin/named'
설정 파일 편집
- named.conf 파일 편집
cat /etc/bind/named.conf
$ cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
- named.conf.options 파일 편집
cat /etc/bind/named.conf.options
$ cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};
- named.conf.local 파일 편집
cat /etc/bind/named.conf.local
$ cat /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
- named.conf.default-zones 파일 편집
cat /etc/bind/named.conf.default-zones
$ cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
- root.hints 파일
cat /usr/share/dns/root.hints
더보기
---
$ cat /usr/share/dns/root.hints
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: January 11, 2021
; related version of root zone: 2021011101
;
; FORMERLY NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file
---
728x90
- named 프로세스 확인
ps -ef | grep -v grep | grep named
$ ps -ef | grep -v grep | grep named
bind 71741 1 0 00:00 ? 00:00:00 /usr/sbin/named -u bind
- named tcp/udp listen port 확인(tcp 53, udp 53, rndc port tcp 953)
netstat -nlp | grep named
$ netstat -nlp | grep named
tcp 0 0 172.31.80.254:53 0.0.0.0:* LISTEN 71741/named
tcp 0 0 172.31.80.254:53 0.0.0.0:* LISTEN 71741/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 71741/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 71741/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 71741/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 71741/named
tcp6 0 0 fe80::42:b9ff:fe80:8:53 :::* LISTEN 71741/named
tcp6 0 0 fe80::42:b9ff:fe80:8:53 :::* LISTEN 71741/named
tcp6 0 0 fe80::a4d1:caff:fe24:53 :::* LISTEN 71741/named
tcp6 0 0 fe80::a4d1:caff:fe24:53 :::* LISTEN 71741/named
tcp6 0 0 ::1:53 :::* LISTEN 71741/named
tcp6 0 0 ::1:53 :::* LISTEN 71741/named
tcp6 0 0 ::1:953 :::* LISTEN 71741/named
tcp6 0 0 ::1:953 :::* LISTEN 71741/named
udp 0 0 172.31.80.254:53 0.0.0.0:* 71741/named
udp 0 0 172.31.80.254:53 0.0.0.0:* 71741/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 71741/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 71741/named
udp6 0 0 ::1:53 :::* 71741/named
udp6 0 0 ::1:53 :::* 71741/named
udp6 0 0 fe80::42:b9ff:fe80:8:53 :::* 71741/named
udp6 0 0 fe80::42:b9ff:fe80:8:53 :::* 71741/named
udp6 0 0 fe80::a4d1:caff:fe24:53 :::* 71741/named
udp6 0 0 fe80::a4d1:caff:fe24:53 :::* 71741/named
IPv4 LISTEN
/etc/default/bind9에서 OPTIONS 변수에 -4를 추가합니다.
vim /etc/default/named
더보기
---
$ cat /etc/default/named
#
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind"
---
#
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -4"
존 파일 생성
- mocha.scbyun.com 도메인 추가
- zonefile 디렉터리 : /var/cache/bind
- named.conf 파일 : /etc/bind/named.conf
- mocha.scbyun.com zonefile 편집
cd /var/cache/bind/
vim mocha.scbyun.com.zone
;
$TTL 60
@ IN SOA localhost. root.localhost. (
2022112307 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.mocha.scbyun.com.
;
@ IN A 172.31.80.254
www IN CNAME @
ns IN A 172.31.80.254
- named.conf 파일 편집
vim /etc/bind/named.conf
...
zone "mocha.scbyun.com" {
type master;
file "mocha.scbyun.com.zone";
};
- named.conf 문법 검사
named-checkconf
- zonefile 문법 검사
named-checkzone mocha.scbyun.com mocha.scbyun.com.zone
$ named-checkzone mocha.scbyun.com mocha.scbyun.com.zone
zone mocha.scbyun.com/IN: loaded serial 2022112307
OK
- 질의 테스트
dig @127.0.0.1 www.mocha.scbyun.com
$ dig @127.0.0.1 www.mocha.scbyun.com
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 www.mocha.scbyun.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41443
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 5e0d6ffb56d2b5a701000000637d8510e3d1ac093086392d (good)
;; QUESTION SECTION:
;www.mocha.scbyun.com. IN A
;; ANSWER SECTION:
www.mocha.scbyun.com. 60 IN CNAME mocha.scbyun.com.
mocha.scbyun.com. 60 IN A 172.31.80.254
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Nov 23 11:27:28 KST 2022
;; MSG SIZE rcvd: 107
이제 BIND9 DNS 서버가 설치되었고 도메인에 대한 설정이 완료되었습니다. 추가적인 설정이나 보안 강화를 위해서는 BIND9의 공식 문서나 관련 자료를 참고하는 것이 좋습니다.
728x90
반응형
'네임서버' 카테고리의 다른 글
우분투에서 BIND를 설치하고 설정하는 방법 (0) | 2023.01.13 |
---|---|
BIND와 queryperf를 설치하고 사용하는 방법 (0) | 2022.11.28 |
BIND 와일드카드 DNS 레코드(wildcard dns record) (0) | 2018.05.25 |
bind rndc 명령어 (0) | 2017.04.21 |
BIND 관리를 위한 RNDC 설정 (0) | 2017.04.21 |