본문 바로가기

리눅스

우분투에서 BIND9를 설치하고 설정하는 방법

728x90

우분투에서 BIND9를 설치하고 설정하는 방법

BIND (Berkeley Internet Name Domain)는 주로 DNS (Domain Name System) 서버를 구축하고 관리하기 위해 사용되는 오픈 소스 소프트웨어입니다. DNS는 도메인 이름을 IP 주소로 변환하거나 역으로 IP 주소를 도메인 이름으로 변환하는 역할을 합니다.

테스트 환경

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.1 LTS
Release:	22.04
Codename:	jammy

BIND9 설치하기

  • bind9 패키지 설치
sudo apt update
sudo apt install bind9
  • 설치된 패키지(bind9) 목록 확인
apt list --installed bind9
$ apt list --installed bind9
Listing... Done
bind9/jammy-updates,jammy-security,now 1:9.18.1-1ubuntu1.2 amd64 [installed]
N: There is 1 additional version. Please use the '-a' switch to see it
apt list --installed -a bind9
  • 패키지(bind9) 정보 확인
apt show bind9
$ apt show bind9
Package: bind9
Version: 1:9.18.1-1ubuntu1.2
Priority: optional
Section: net
Origin: Ubuntu
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: Debian DNS Team <[email protected]>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 928 kB
Pre-Depends: init-system-helpers (>= 1.54~)
Depends: adduser, bind9-libs (= 1:9.18.1-1ubuntu1.2), bind9-utils (= 1:9.18.1-1ubuntu1.2), debconf | debconf-2.0, dns-root-data, iproute2, lsb-base (>= 3.2-14), netbase, libc6 (>= 2.34), libcap2 (>= 1:2.10), libjson-c5 (>= 0.15), liblmdb0 (>= 0.9.7), libmaxminddb0 (>= 1.3.0), libnghttp2-14 (>= 1.3.0), libssl3 (>= 3.0.0~~alpha1), libuv1 (>= 1.4.2), libxml2 (>= 2.7.4), zlib1g (>= 1:1.1.4)
Suggests: bind-doc, dnsutils, resolvconf, ufw
Breaks: bind (<< 1:9.13.6~)
Replaces: bind (<< 1:9.13.6~)
Homepage: https://www.isc.org/downloads/bind/
Task: dns-server
Download-Size: 251 kB
APT-Manual-Installed: yes
APT-Sources: http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
Description: Internet Domain Name Server
 The Berkeley Internet Name Domain (BIND 9) implements an Internet domain
 name server.  BIND 9 is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package provides the server and related configuration files.

N: There is 1 additional record. Please use the '-a' switch to see it
  • 설치된 패키지(bind9)의 설치 경로 확인
dpkg -L bind9
$ dpkg -L bind9
/.
/etc
/etc/apparmor.d
/etc/apparmor.d/force-complain
/etc/apparmor.d/local
/etc/apparmor.d/usr.sbin.named
/etc/bind
/etc/bind/bind.keys
/etc/bind/db.0
/etc/bind/db.127
/etc/bind/db.255
/etc/bind/db.empty
/etc/bind/db.local
/etc/bind/named.conf
/etc/bind/named.conf.default-zones
/etc/bind/named.conf.local
/etc/bind/named.conf.options
/etc/bind/zones.rfc1918
/etc/default
/etc/default/named
/etc/init.d
/etc/init.d/named
...

 

dpkg -L bind9 | egrep -v 'share|lib|network|ppp|insserv|ufw' | egrep 'bind|bin/named'

설정 파일 편집

  • named.conf 파일 편집
cat /etc/bind/named.conf
$ cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
  • named.conf.options 파일 편집
cat /etc/bind/named.conf.options
$ cat /etc/bind/named.conf.options
options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable
	// nameservers, you probably want to use them as forwarders.
	// Uncomment the following block, and insert the addresses replacing
	// the all-0's placeholder.

	// forwarders {
	// 	0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-validation auto;

	listen-on-v6 { any; };
};
  • named.conf.local 파일 편집
cat /etc/bind/named.conf.local
$ cat /etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
  • named.conf.default-zones 파일 편집
cat /etc/bind/named.conf.default-zones
$ cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/usr/share/dns/root.hints";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};
  • root.hints 파일
cat /usr/share/dns/root.hints
더보기

---

$ cat /usr/share/dns/root.hints
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:     January 11, 2021
;       related version of root zone:     2021011101
;
; FORMERLY NS.INTERNIC.NET
;
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     199.9.14.201
B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:200::b
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:9f::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
; End of file

---

728x90
  • named 프로세스 확인
ps -ef | grep -v grep | grep named
$ ps -ef | grep -v grep | grep named
bind       71741       1  0 00:00 ?        00:00:00 /usr/sbin/named -u bind
  • named tcp/udp listen port 확인(tcp 53, udp 53, rndc port tcp 953)
netstat -nlp | grep named
$ netstat -nlp | grep named
tcp        0      0 172.31.80.254:53        0.0.0.0:*               LISTEN      71741/named
tcp        0      0 172.31.80.254:53        0.0.0.0:*               LISTEN      71741/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      71741/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      71741/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      71741/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      71741/named
tcp6       0      0 fe80::42:b9ff:fe80:8:53 :::*                    LISTEN      71741/named
tcp6       0      0 fe80::42:b9ff:fe80:8:53 :::*                    LISTEN      71741/named
tcp6       0      0 fe80::a4d1:caff:fe24:53 :::*                    LISTEN      71741/named
tcp6       0      0 fe80::a4d1:caff:fe24:53 :::*                    LISTEN      71741/named
tcp6       0      0 ::1:53                  :::*                    LISTEN      71741/named
tcp6       0      0 ::1:53                  :::*                    LISTEN      71741/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      71741/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      71741/named
udp        0      0 172.31.80.254:53        0.0.0.0:*                           71741/named
udp        0      0 172.31.80.254:53        0.0.0.0:*                           71741/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           71741/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           71741/named
udp6       0      0 ::1:53                  :::*                                71741/named
udp6       0      0 ::1:53                  :::*                                71741/named
udp6       0      0 fe80::42:b9ff:fe80:8:53 :::*                                71741/named
udp6       0      0 fe80::42:b9ff:fe80:8:53 :::*                                71741/named
udp6       0      0 fe80::a4d1:caff:fe24:53 :::*                                71741/named
udp6       0      0 fe80::a4d1:caff:fe24:53 :::*                                71741/named

IPv4 LISTEN

/etc/default/bind9에서 OPTIONS 변수에 -4를 추가합니다.

vim /etc/default/named
더보기

---

$ cat /etc/default/named
#
# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind"

---

#
# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"

존 파일 생성

  • mocha.scbyun.com 도메인 추가
    • zonefile 디렉터리 : /var/cache/bind
    • named.conf 파일 : /etc/bind/named.conf
  • mocha.scbyun.com zonefile 편집
cd /var/cache/bind/
vim mocha.scbyun.com.zone
;
$TTL    60
@                       IN      SOA     localhost. root.localhost. (
                                        2022112307      ; Serial
                                            604800      ; Refresh
                                             86400      ; Retry
                                           2419200      ; Expire
                                            604800 )    ; Negative Cache TTL
;
@                       IN      NS              ns.mocha.scbyun.com.
;
@                       IN      A               172.31.80.254
www                     IN      CNAME           @
ns                      IN      A               172.31.80.254
  • named.conf 파일 편집
vim /etc/bind/named.conf
...
zone "mocha.scbyun.com" {
        type master;
        file "mocha.scbyun.com.zone";
};
  • named.conf 문법 검사
named-checkconf
  • zonefile 문법 검사
named-checkzone mocha.scbyun.com mocha.scbyun.com.zone
$ named-checkzone mocha.scbyun.com mocha.scbyun.com.zone   
zone mocha.scbyun.com/IN: loaded serial 2022112307
OK
  • 질의 테스트
dig @127.0.0.1 www.mocha.scbyun.com
$ dig @127.0.0.1 www.mocha.scbyun.com

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 www.mocha.scbyun.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41443
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 5e0d6ffb56d2b5a701000000637d8510e3d1ac093086392d (good)
;; QUESTION SECTION:
;www.mocha.scbyun.com.          IN      A

;; ANSWER SECTION:
www.mocha.scbyun.com.   60      IN      CNAME   mocha.scbyun.com.
mocha.scbyun.com.       60      IN      A       172.31.80.254

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Nov 23 11:27:28 KST 2022
;; MSG SIZE  rcvd: 107

 

이제 BIND9 DNS 서버가 설치되었고 도메인에 대한 설정이 완료되었습니다. 추가적인 설정이나 보안 강화를 위해서는 BIND9의 공식 문서나 관련 자료를 참고하는 것이 좋습니다.

 

728x90

'리눅스' 카테고리의 다른 글

How to Install python 3.7 on CentOS 7  (0) 2022.11.24
[리눅스] bind rndc(rndc.conf) 설정 및 rndc 명령  (0) 2022.11.23
apt/apt-get command  (0) 2022.11.21
php 서버 정보 확인  (0) 2022.11.21
[리눅스] MySQL 백업 및 복구  (0) 2022.11.16