CentOS 7 bind 9.11.3 install ( comfile )

O/S : CentOS 7.x

centos에서 bind를 yum을 이용하여 설치를 할수 있으나 최신 버전이 아니므로 comfile을 진행하여
bind를 설치한다

버전 : bind 9.11.3

 

1. isc.org 사이트에서 최신버전 다운로드 ( 최신버전은 9.12.1 버전이지만 개발버전이라 안정적인 버전인 9.11.3 버전을 선택 )

   https://www.isc.org/downloads/

 

2. 다운받은 bind 버전 압축 해제 및 소스 컴파일

[root@localhost ~]# tar xvfz bind-9.11.3.tar.gz 

[root@localhost ~]# cd bind-9.11.3

[root@localhost bind-9.11.3]# ./configure --prefix=/usr/local/bind --sysconfdir=/etc --localstatedir=/var/named --enable-
threads --with-libtool --with-openssl

[root@localhost bind-9.11.3]# make -j `grep processor /proc/cpuinfo | wc -l`

[root@localhost bind-9.11.3]# make install 

3. 버전 확인 

[root@localhost bind-9.11.3]# /usr/local/bind/sbin/named -v
BIND 9.11.3 (Extended Support Version) <id:a375815>

4. 기본 유저 등록 및 환경설정 작업 ( 기본 /usr/sbin/에 있는 named명령어를 교체해 준다 )

[root@localhost bind-9.11.3]# useradd -u 25 -r -d /var/named -M -s /bin/false named

[root@localhost bind-9.11.3]# mkdir -p /var/named/dynamic

[root@localhost bind-9.11.3]# mkdir -p /var/named/log

[root@localhost bind-9.11.3]# ln -s /usr/local/bind/sbin/named* /usr/sbin/

[root@localhost bind-9.11.3]# ln -s /usr/local/bind/sbin/rndc /usr/sbin/

[root@localhost bind-9.11.3]# chown -R named:named /var/named

5.  rndc key 파일 생성

[root@localhost bind-9.11.3]# /usr/local/bind/sbin/rndc-confgen -b 512 -u named -k rndc-key -p 953 -s 127.0.0.1 > 
/etc/rndc.key

6. named.conf 파일 생성 

[root@localhost bind-9.11.3]# vi /etc/named.conf

// named.conf
options {
 listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
 directory "/var/named";
 dump-file "/var/named/data/cache_dump.db";
 statistics-file "/var/named/data/named_stats.txt";
 memstatistics-file "/var/named/data/named_mem_stats.txt";
 allow-query { any; };
 recursion no;
 check-names master ignore;
 version "UNKNOWN";
 //allow-transfer { none; };

 dnssec-enable yes;
 dnssec-validation yes;

  /* Path to ISC DLV key */
 bindkeys-file "/etc/named.iscdlv.key";

  managed-keys-directory "/var/named/dynamic";
  };

  managed-keys {
 "." initial-key 257 3 8
"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ
 bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh
 /RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA
 JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp
 oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3
 LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO
 Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc
 LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=";
};

logging {
 channel "default_syslog" {
 // Send most of the named messages to syslog.
 syslog local2;
 severity debug;
 };
 channel "default_syslog" {
 file "log/default.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "general_syslog" {
 file "log/general.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "database_syslog" {
 file "log/database.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "security_syslog" {
 file "log/security.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "config_syslog" {
 file "log/config.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "resolver_syslog" {
 file "log/resolver.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "notify_syslog" {
 file "log/notify.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "client_syslog" {
 file "log/client.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "unmatched_syslog" {
 file "log/unmatched.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "network_syslog" {
 file "log/network.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "update_syslog" {
 file "log/update.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "update_security_syslog" {
 file "log/update_security.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "queries_syslog" {
 file "log/queries.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "dispatch_syslog" {
 file "log/dispatch.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "dnssec_syslog" {
 file "log/dnssec.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "lame-servers_syslog" {
 file "log/lame-servers.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };
 channel "delegation-only_syslog" {
 file "log/delegation-only.log" versions 3 size 20m;
 severity debug;
 print-category yes;
 print-severity yes;
 print-time yes;
 };

 category default { default_syslog; };
 category general { default_syslog; };
 category database { database_syslog; };
 category security { security_syslog; };
 category config { config_syslog; };
 category resolver { resolver_syslog; };
 category notify { notify_syslog; };
 category client { client_syslog; };
 category unmatched { unmatched_syslog; };
 category network { network_syslog; };
 category update { update_syslog; };
 category update-security { update_security_syslog; };
 category queries { queries_syslog; };
 category dispatch { dispatch_syslog; };
 category dnssec { dnssec_syslog; };
 category lame-servers { lame-servers_syslog; };
 category delegation-only { delegation-only_syslog; };
};

zone "." IN {
 type hint;
 file "named.ca";
};

zone "xinet.kr" IN {type master; file "xinet.kr.zone"; allow-transfer { none; };};

7. 기본적으로 named.ca 파일은 없으므로 다운로드 진행 및 권한 수정

[root@localhost bind-9.11.3]# cd /var/named/
[root@localhost named]# wget ftp://ftp.rs.internic.net/domain/named.root
[root@localhost named]# mv named.root named.ca
[root@localhost named]# chown named:named named.ca 

8. 시작 스크립트 작성 및 sysconfig 파일 생성 

 [root@localhost named]# vi /usr/lib/systemd/system/named.service

[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network.target
After=named-setup-rndc.service

[Service]
Type=forking
Environment=NAMEDCONF=/etc/named.conf
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/var/named/run/named/named.pid

ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else 
echo "Checking of zone files is disabled"; fi'
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=true

[Install]
WantedBy=multi-user.target




[root@localhost named]# touch /etc/sysconfig/named

 9. rndc-confgen 설정  rndc-confgen에서 나온 secret 값을  rndc.key 파일에 그대로 복사

[root@localhost named]# /usr/local/bind/sbin/rndc-confgen 
# Start of rndc.conf
key "rndc-key" {
 algorithm hmac-md5;
 secret "dNi/bMkUgli59tcJAHMS8w==";
};

options {
 default-key "rndc-key";
 default-server 127.0.0.1;
 default-port 953;
};


[root@localhost named]# vi /etc/rndc.key 

# Start of rndc.conf
key "rndc-key" {
 algorithm hmac-md5;
 secret "dNi/bMkUgli59tcJAHMS8w==";
};

10. 서비스 데몬 reload 및 서비스 시작 등록 / 서비스 시작 

[root@localhost named]# systemctl daemon-reload

[root@localhost ~]# systemctl enable named.service

[root@localhost named]# systemctl start named.service

코멘트 쓰기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다.

다음의 HTML 태그와 속성을 사용할 수 있습니다:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



배송정보
배송조회를 하시려면 송장번호를 클릭하세요
배송조회
상품명
주문번호
택배사
송장번호