[네임서버] ubuntu에 bind 설치하기(install bind on ubuntu)

ubuntu에 bind 설치하기(install bind on ubuntu)

테스트 환경

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.1 LTS
Release:	22.04
Codename:	jammy

bind(bind9) 설치하기

bind(bind9) 패키지 설치

apt-get install -y bind9

named(bind) 버전 확인

named -v

$ named -v
BIND 9.18.1-1ubuntu1.2-Ubuntu (Stable Release) <id:>

named 시작

systemctl --now enable named

named 상태 확인

systemctl status named

bind9 패키지가 설치된 파일 목록 확인

dpkg -L bind9

bind 파일 및 bind 명령어

dpkg -L bind9 | egrep -v 'ppp|ufw|network|init|share|insserv|lib|apparmor'

$ dpkg -L bind9 | egrep -v 'ppp|ufw|network|init|share|insserv|lib|apparmor'
/.
/etc
/etc/bind
/etc/bind/bind.keys
/etc/bind/db.0
/etc/bind/db.127
/etc/bind/db.255
/etc/bind/db.empty
/etc/bind/db.local
/etc/bind/named.conf
/etc/bind/named.conf.default-zones
/etc/bind/named.conf.local
/etc/bind/named.conf.options
/etc/bind/zones.rfc1918
/etc/default
/etc/default/named
/usr
/usr/bin
/usr/bin/arpaname
/usr/bin/dnssec-importkey
/usr/bin/named-journalprint
/usr/bin/named-nzd2nzf
/usr/bin/named-rrchecker
/usr/bin/nsec3hash
/usr/sbin
/usr/sbin/ddns-confgen
/usr/sbin/named
/usr/sbin/tsig-keygen
/var
/var/cache
/var/cache/bind

named 설정

vim /etc/bind/named.conf

$ cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

named 옵션 설정

vim /etc/bind/named.conf.options

$ cat /etc/bind/named.conf.options
options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable
	// nameservers, you probably want to use them as forwarders.
	// Uncomment the following block, and insert the addresses replacing
	// the all-0's placeholder.

	// forwarders {
	// 	0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-validation auto;

	listen-on-v6 { any; };
};

named zone 설정

vim /etc/bind/named.conf.default-zones

$ cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/usr/share/dns/root.hints";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};

locahost 도메인

vim /etc/bind/db.local

$ cat /etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	localhost.
@	IN	A	127.0.0.1
@	IN	AAAA	::1

127.0.0.1 도메인

vim /etc/bind/db.127

$ cat /etc/bind/db.127
;
; BIND reverse data file for local loopback interface
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	localhost.
1.0.0	IN	PTR	localhost.

rndc 명령

rndc status

$ rndc status
version: BIND 9.18.1-1ubuntu1.2-Ubuntu (Stable Release) <id:>
running on node3: Linux x86_64 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023
boot time: Fri, 13 Jan 2023 14:22:34 GMT
last configured: Fri, 13 Jan 2023 14:22:34 GMT
configuration file: /etc/bind/named.conf
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 0/150
TCP high-water: 0
server is up and running

dns 퀴리 테스트

정방향 질의

dig @127.0.0.1 localhost

$ dig @127.0.0.1 localhost

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 localhost
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19881
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 4e2ce4f4c49373ee0100000063c16ef6c54f54389821b5dd (good)
;; QUESTION SECTION:
;localhost.			IN	A

;; ANSWER SECTION:
localhost.		604800	IN	A	127.0.0.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jan 13 23:47:18 KST 2023
;; MSG SIZE  rcvd: 82

역방향 질의

dig @127.0.0.1 -x 127.0.0.1

$ dig @127.0.0.1 -x 127.0.0.1

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 -x 127.0.0.1
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35993
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a3e25e918e2563f80100000063c16e7abe7af071fc9b2b94 (good)
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa.		IN	PTR

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa.	604800	IN	PTR	localhost.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jan 13 23:45:14 KST 2023
;; MSG SIZE  rcvd: 102

dig @127.0.0.1 127.in-addr.arpa

$ dig @127.0.0.1 127.in-addr.arpa

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 127.in-addr.arpa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38525
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d670b169cceecc470100000063c16eb1234eeea14acb1bef (good)
;; QUESTION SECTION:
;127.in-addr.arpa.		IN	A

;; AUTHORITY SECTION:
127.in-addr.arpa.	604800	IN	SOA	localhost. root.localhost. 1 604800 86400 2419200 604800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jan 13 23:46:09 KST 2023
;; MSG SIZE  rcvd: 12