본문 바로가기

네임서버

우분투에 BIND를 컴파일하고 설치하는 방법

반응형

우분투에 BIND를 컴파일하고 설치하는 방법

필수 패키지 설치

sudo apt-get install -y build-essential libssl-dev libdns-dev libuv1-dev libcap-dev

jemalloc 메모리 할당 라이브러리를 설치

sudo apt-get install -y libjemalloc2 libjemalloc-dev

작업 디렉토리로 이동

작업 디렉토리로 이동합니다.

cd /usr/local/src

BIND 계정 생성

BIND를 실행할 시스템 사용자를 생성합니다.

sudo adduser --system --home /var/named --no-create-home --disabled-login --disabled-password --group named

BIND 소스 코드 다운로드

bisc_bind_ftp
bisc_bind_http

소스 코드를 다운로드합니다.

sudo wget https://ftp.isc.org/isc/bind9/9.18.26/bind-9.18.26.tar.xz

또는

sudo wget https://downloads.isc.org/isc/bind9/9.18.26/bind-9.18.26.tar.xz

압축 해제

다운로드 받은 파일을 압축 해제합니다.

tar -xf bind-9.18.26.tar.xz

디렉토리 이동

압축이 풀린 디렉토리로 이동합니다.

cd bind-9.18.26

빌드(configure)

configure 스크립트를 실행합니다.

./configure --prefix=/usr/local/named --sysconfdir=/etc --localstatedir=/var --with-openssl

만약 libcap을 설치하지 않고 Linux capabilities 지원을 비활성화하려면 --disable-linux-caps 옵션을 사용하여 configure 스크립트를 실행합니다.

===============================================================================
Configuration summary:
-------------------------------------------------------------------------------
Optional features enabled:
    Memory allocator: jemalloc
    DNSSEC validation active by default (--enable-auto-validation)
-------------------------------------------------------------------------------
Features disabled or unavailable on this platform:
    Small-system tuning (--with-tuning)
    Allow 'dnstap' packet logging (--enable-dnstap)
    GeoIP2 access control (--enable-geoip)
    GSS-API (--with-gssapi)
    DNS Response Policy Service interface (--enable-dnsrps)
    Allow 'fixed' rrset-order (--enable-fixed-rrset)
    Very verbose query trace logging (--enable-querytrace)
    Single-query trace logging (--enable-singletrace)
    CMocka Unit Testing Framework (--with-cmocka)
    XML statistics (--with-libxml2)
    JSON statistics (--with-json-c)
    LMDB database to store configuration for 'addzone' zones (--with-lmdb)
    IDN support (--with-libidn2)
-------------------------------------------------------------------------------
Configured paths:
    prefix: /usr/local/named
    sysconfdir: /etc
    localstatedir: /var
-------------------------------------------------------------------------------
Compiler: gcc
    gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
    Copyright (C) 2021 Free Software Foundation, Inc.
    This is free software; see the source for copying conditions.  There is NO
    warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    
CFLAGS: -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -Werror=vla -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -pthread
CPPFLAGS: -D_FORTIFY_SOURCE=2 
LDFLAGS: 
-------------------------------------------------------------------------------
For more detail, use --enable-full-report.
===============================================================================

컴파일

컴파일을 진행합니다.

make -j $(( $(nproc) / 2 ))

설치

BIND를 설치합니다.

sudo make install
----------------------------------------------------------------------
Libraries have been installed in:
   /usr/local/named/lib/bind

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the 'LD_RUN_PATH' environment variable
     during linking
   - use the '-Wl,-rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to '/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------

BIND의 버전을 확인

$ /usr/local/named/sbin/named -v
BIND 9.18.26 (Extended Support Version) <id:936d80b>

BIND의 구성 옵션을 확인

$ /usr/local/named/sbin/named -V
BIND 9.18.26 (Extended Support Version) <id:936d80b>
running on Linux x86_64 5.15.0-92-generic #102-Ubuntu SMP Wed Jan 10 09:33:48 UTC 2024
built by make with  '--prefix=/usr/local/named' '--sysconfdir=/etc' '--localstatedir=/var' '--with-openssl'
compiled by GCC 11.4.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.43.0
linked to libuv version: 1.43.0
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): no

default paths:
  named configuration:  /etc/named.conf
  rndc configuration:   /etc/rndc.conf
  DNSSEC root key:      /etc/bind.keys
  nsupdate session key: /var/run/named/session.key
  named PID file:       /var/run/named/named.pid
  named lock file:      /var/run/named/named.lock
728x90

심볼릭 링크 설정

바이너리에 대한 심볼릭 링크를 생성하여 시스템 PATH에 추가합니다.

ln -s /usr/local/named/bin/named-checkconf /bin/named-checkconf
ln -s /usr/local/named/bin/named-checkzone /bin/named-checkzone
ln -s /usr/local/named/sbin/named /sbin/named
ln -s /usr/local/named/sbin/named /sbin/rndc

BIND의 설정 파일을 수정

sudo vim /etc/named.conf
options {
  directory "/var/named";
  version "not currently available";
};

logging {
  channel example_log {
    file "log/example.log" versions 3 size 250k;
    severity info;
  };
  category default {
    example_log;
  };
};

BIND의 로그 디렉터리를 생성

mkdir -p /var/named/log

/var/named 디렉터리의 소유권을 할당

chown named.named -R /var/named

ld.so.conf 파일에 추가

sudo echo "/usr/local/named/lib" >> /etc/ld.so.conf

BIND 서비스 등록

systemd 서비스 파일을 생성

sudo vim /etc/systemd/system/named.service
[Unit]
Description=BIND DNS server
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/named/sbin/named -u named
ExecReload=/usr/local/named/sbin/rndc reload
ExecStop=/usr/local/named/sbin/rndc stop

[Install]
WantedBy=multi-user.target

systemd에 새로운 서비스 파일을 로드

sudo systemctl daemon-reload

BIND 서비스를 부팅시 자동으로 시작하도록 설정

sudo systemctl enable named

BIND 서비스를 시작

sudo systemctl start named

BIND 서비스의 상태를 확인

sudo systemctl status named

설치 검증

이제 BIND가 성공적으로 설치되고 실행 중입니다. 필요에 따라 /etc/bind/named.conf와 같은 설정 파일을 편집하여 DNS 서버를 구성할 수 있습니다.

 

참고URL

- Read the Docs : Configurations and Zone Files

- Read the Docs : BIND 9 Administrator Reference Manual

 

728x90
반응형