변군이글루

[네임서버] BIND(named)에서 GeoIP 기능 사용하기 본문

임___네임서버

[네임서버] BIND(named)에서 GeoIP 기능 사용하기

변군 변군이글루 2017.04.06 11:23

BIND(named)에서 GeoIP 기능 사용하기

 

# yum install gcc epel-release

# yum install zlib-devel openssl-devel

# yum install GeoIP GeoIP-devel

# yum install bind bind-utils

 

# cd /usr/local/src/

[bind download site]

 http://ftp.isc.org/isc/bind9/9.10.4-P6/

# wget http://ftp.isc.org/isc/bind9/9.10.4-P6/bind-9.10.4-P6.tar.gz

# tar xvfz bind-9.10.4-P6.tar.gz

# cd bind-9.10.4-P6

# ./configure --prefix=/usr/local/bind-9.10.4-P6 --sysconfdir=/etc --localstatedir=/var --enable-threads --without-openssl --with-geoip=/usr/share/GeoIP

# make && make install

 

# cd /usr/local/bind-9.10.4-P6/sbin

# ./named -V | sed -r 's/ +/\n/g'|grep geoip

'--with-geoip=/usr/share/GeoIP'

# ldd ./named | grep libGeoIP

        libGeoIP.so.1 => /usr/lib64/libGeoIP.so.1 (0x00007f3284d00000)

 

파일 복사

# cp /usr/local/bind-9.10.4-P6/sbin/named /usr/sbin/named

# cp /usr/local/bind-9.10.4-P6/sbin/named-checkconf /usr/sbin/named-checkconf

# cp /usr/local/bind-9.10.4-P6/sbin/named-checkzone /usr/sbin/named-checkzone

 

#vi /etc/named.conf

-----

acl "country_KR" {

        geoip country KR;

        #geoip region CA;

        #geoip city "Redwood City"; /* names, etc., must be quoted if they contain spaces */

};

 

options {

#       listen-on port 53 { 127.0.0.1; };

#       listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };

        recursion yes;

 

        geoip-directory "/usr/share/GeoIP";

 

        dnssec-enable yes;

        dnssec-validation yes;

 

        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";

 

        managed-keys-directory "/var/named/dynamic";

};

 

include "/etc/named.logging.conf";

#include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

 

view "ACL_KR" {

      match-clients { country_KR; };

      recursion yes;

 

             zone "." IN {

                                        type hint;

                                        file "named.ca";

                                        };

 

             zone "localhost" IN {

                                        type master;

                                        file "named.localhost";

                                        allow-update { none; };

                                        };

 

             zone "1.0.0.127.in-addr.arpa" IN {

                                        type master;

                                        file "named.loopback";

                                        allow-update { none; };

                                        };

 

             zone "example.com" IN {

                                        type master;

                                        file "example.com-KR.zone";

                                        allow-update { none; };

                                        };

};

 

view "OTHER" {

      match-clients { any; };

      recursion yes;

 

             zone "." IN {

                                        type hint;

                                        file "named.ca";

                                        };

 

             zone "localhost" IN {

                                        type master;

                                        file "named.localhost";

                                        allow-update { none; };

                                        };

 

             zone "1.0.0.127.in-addr.arpa" IN {

                                        type master;

                                        file "named.loopback";

                                        allow-update { none; };

                                        };

 

             zone "example.com" IN {

                                        type master;

                                        file "example.com-ETC.zone";

                                        allow-update { none; };

                                        };

};

-----

 

# vi /var/named/example.com-KR.zone

-----

$TTL 60

@       IN SOA  @ rname.invalid. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

 

                        IN      NS      ns1.example.com.

 

                        IN      A       1.1.1.1

www                     IN      A       1.1.1.1

 

ns1                     IN      A       192.168.56.101

-----

 

# cat /var/named/example.com-ETC.zone

-----

$TTL 60

@       IN SOA  @ rname.invalid. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

 

                        IN      NS      ns1.example.com.

 

                        IN      A       2.2.2.2

www                     IN      A       2.2.2.2

 

ns1                     IN      A       192.168.56.101

-----

0 Comments
댓글쓰기 폼