우분투에서 BIND를 설치하고 설정하는 방법

우분투에서 BIND(Berkeley Internet Name Domain)를 설치하고 설정하는 방법

BIND (Berkeley Internet Name Domain)는 DNS(Domain Name System) 서버를 설정하고 관리하기 위한 소프트웨어입니다.

테스트 환경

• 운영체제 버전 정보

$ lsb_release -d
Description:    Ubuntu 22.04.2 LTS

1. BIND(bind9) 설치

BIND(bind9) 패키지 설치

sudo apt-get update

apt-get install -y bind9

---

$ apt-get install -y bind9
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  bind9-dnsutils bind9-host bind9-libs bind9-utils dns-root-data
Suggested packages:
  bind-doc resolvconf
The following NEW packages will be installed:
  bind9 bind9-utils dns-root-data
The following packages will be upgraded:
  bind9-dnsutils bind9-host bind9-libs
3 upgraded, 3 newly installed, 0 to remove and 78 not upgraded.
Need to get 1,880 kB of archives.
After this operation, 3,542 kB disk space will be freed.
...
Setting up bind9 (1:9.18.18-0ubuntu0.22.04.1) ...
Adding group `bind' (GID 118) ...
Done.
Adding system user `bind' (UID 111) ...
Adding new user `bind' (UID 111) with group `bind' ...
Not creating home directory `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
named-resolvconf.service is a disabled or a static unit, not starting it.
Created symlink /etc/systemd/system/bind9.service → /lib/systemd/system/named.service.
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service.
Setting up bind9-host (1:9.18.18-0ubuntu0.22.04.1) ...
Setting up bind9-dnsutils (1:9.18.18-0ubuntu0.22.04.1) ...

---

named(bind) 버전 확인

named -v

$ named -v
BIND 9.18.1-1ubuntu1.2-Ubuntu (Stable Release) <id:>

BIND 서비스 활성화 및 시작

systemctl --now enable named

$ systemctl --now enable named
Synchronizing state of named.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable named

BIND 서비스 상태 확인

sudo systemctl restart named

BIND(bind9) 패키지가 설치된 파일 목록 확인

dpkg -L bind9

BIND 파일 및 BIND 명령어

---

dpkg -L bind9 | egrep -v 'ppp|ufw|network|init|share|insserv|lib|apparmor'

$ dpkg -L bind9 | egrep -v 'ppp|ufw|network|init|share|insserv|lib|apparmor'
/.
/etc
/etc/bind
/etc/bind/bind.keys
/etc/bind/db.0
/etc/bind/db.127
/etc/bind/db.255
/etc/bind/db.empty
/etc/bind/db.local
/etc/bind/named.conf
/etc/bind/named.conf.default-zones
/etc/bind/named.conf.local
/etc/bind/named.conf.options
/etc/bind/zones.rfc1918
/etc/default
/etc/default/named
/usr
/usr/bin
/usr/bin/arpaname
/usr/bin/dnssec-importkey
/usr/bin/named-journalprint
/usr/bin/named-nzd2nzf
/usr/bin/named-rrchecker
/usr/bin/nsec3hash
/usr/sbin
/usr/sbin/ddns-confgen
/usr/sbin/named
/usr/sbin/tsig-keygen
/var
/var/cache
/var/cache/bind

---

2. BIND9 설정 파일 수정

BIND9 설정 파일은 /etc/bind/named.conf.options 및 /etc/bind/named.conf.local에 저장됩니다. named.conf.options 파일은 DNS 서버의 전반적인 설정을 포함하고, named.conf.local 파일은 도메인 및 리버스 룩업 영역에 대한 설정을 관리합니다.

• named.conf 파일

vim /etc/bind/named.conf

$ cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

• named.conf.options 파일

vim /etc/bind/named.conf.options

$ cat /etc/bind/named.conf.options
options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable
	// nameservers, you probably want to use them as forwarders.
	// Uncomment the following block, and insert the addresses replacing
	// the all-0's placeholder.

	// forwarders {
	// 	0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-validation auto;

	listen-on-v6 { any; };
};

• named.conf.default-zones 설정

vim /etc/bind/named.conf.default-zones

$ cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/usr/share/dns/root.hints";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};

728x90

3. DNS 데이터베이스 파일 생성

데이터베이스 파일은 named.conf.local 파일에서 정의한 경로에 생성되어야 합니다. 위의 설정에서는 /etc/bind/zones/ 디렉토리에 데이터베이스 파일을 저장하도록 설정했습니다.

locahost 도메인 zone 파일

vim /etc/bind/db.local

$ cat /etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	localhost.
@	IN	A	127.0.0.1
@	IN	AAAA	::1

127.0.0.1 도메인 zone 파일

vim /etc/bind/db.127

$ cat /etc/bind/db.127
;
; BIND reverse data file for local loopback interface
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	localhost.
1.0.0	IN	PTR	localhost.

4. rndc 명령어

rndc status

$ rndc status
version: BIND 9.18.1-1ubuntu1.2-Ubuntu (Stable Release) <id:>
running on node3: Linux x86_64 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023
boot time: Fri, 13 Jan 2023 14:22:34 GMT
last configured: Fri, 13 Jan 2023 14:22:34 GMT
configuration file: /etc/bind/named.conf
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 0/150
TCP high-water: 0
server is up and running

5. DNS 질의 테스트

정방향 DNS 조회

dig @127.0.0.1 localhost

$ dig @127.0.0.1 localhost

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 localhost
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19881
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 4e2ce4f4c49373ee0100000063c16ef6c54f54389821b5dd (good)
;; QUESTION SECTION:
;localhost.			IN	A

;; ANSWER SECTION:
localhost.		604800	IN	A	127.0.0.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jan 13 23:47:18 KST 2023
;; MSG SIZE  rcvd: 82

역방향 DNS 조회

dig @127.0.0.1 -x 127.0.0.1

$ dig @127.0.0.1 -x 127.0.0.1

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 -x 127.0.0.1
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35993
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a3e25e918e2563f80100000063c16e7abe7af071fc9b2b94 (good)
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa.		IN	PTR

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa.	604800	IN	PTR	localhost.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jan 13 23:45:14 KST 2023
;; MSG SIZE  rcvd: 102

역방향 DNS 조회

dig @127.0.0.1 127.in-addr.arpa

$ dig @127.0.0.1 127.in-addr.arpa

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 127.in-addr.arpa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38525
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d670b169cceecc470100000063c16eb1234eeea14acb1bef (good)
;; QUESTION SECTION:
;127.in-addr.arpa.		IN	A

;; AUTHORITY SECTION:
127.in-addr.arpa.	604800	IN	SOA	localhost. root.localhost. 1 604800 86400 2419200 604800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jan 13 23:46:09 KST 2023
;; MSG SIZE  rcvd: 12

 

BIND를 사용한 DNS 설정은 매우 복잡하고 구체적인 요구 사항에 따라 다르므로 자세한 설정에 대해서는 DNS 서비스를 운영하려는 목적과 요구 사항에 따라 추가적인 지침과 조언이 필요할 수 있습니다.