728x90
우분투에 BIND를 컴파일하고 설치하는 방법
필수 패키지 설치
sudo apt-get install -y build-essential libssl-dev libdns-dev libuv1-dev libcap-devjemalloc 메모리 할당 라이브러리를 설치
sudo apt-get install -y libjemalloc2 libjemalloc-dev작업 디렉토리로 이동
작업 디렉토리로 이동합니다.
cd /usr/local/srcBIND 계정 생성
BIND를 실행할 시스템 사용자를 생성합니다.
sudo adduser --system --home /var/named --no-create-home --disabled-login --disabled-password --group namedBIND 소스 코드 다운로드
소스 코드를 다운로드합니다.
sudo wget https://ftp.isc.org/isc/bind9/9.18.26/bind-9.18.26.tar.xz또는
sudo wget https://downloads.isc.org/isc/bind9/9.18.26/bind-9.18.26.tar.xz압축 해제
다운로드 받은 파일을 압축 해제합니다.
tar -xf bind-9.18.26.tar.xz디렉토리 이동
압축이 풀린 디렉토리로 이동합니다.
cd bind-9.18.26빌드(configure)
configure 스크립트를 실행합니다.
./configure --prefix=/usr/local/named --sysconfdir=/etc --localstatedir=/var --with-openssl만약 libcap을 설치하지 않고 Linux capabilities 지원을 비활성화하려면 --disable-linux-caps 옵션을 사용하여 configure 스크립트를 실행합니다.
===============================================================================
Configuration summary:
-------------------------------------------------------------------------------
Optional features enabled:
Memory allocator: jemalloc
DNSSEC validation active by default (--enable-auto-validation)
-------------------------------------------------------------------------------
Features disabled or unavailable on this platform:
Small-system tuning (--with-tuning)
Allow 'dnstap' packet logging (--enable-dnstap)
GeoIP2 access control (--enable-geoip)
GSS-API (--with-gssapi)
DNS Response Policy Service interface (--enable-dnsrps)
Allow 'fixed' rrset-order (--enable-fixed-rrset)
Very verbose query trace logging (--enable-querytrace)
Single-query trace logging (--enable-singletrace)
CMocka Unit Testing Framework (--with-cmocka)
XML statistics (--with-libxml2)
JSON statistics (--with-json-c)
LMDB database to store configuration for 'addzone' zones (--with-lmdb)
IDN support (--with-libidn2)
-------------------------------------------------------------------------------
Configured paths:
prefix: /usr/local/named
sysconfdir: /etc
localstatedir: /var
-------------------------------------------------------------------------------
Compiler: gcc
gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
CFLAGS: -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -Werror=vla -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -pthread
CPPFLAGS: -D_FORTIFY_SOURCE=2
LDFLAGS:
-------------------------------------------------------------------------------
For more detail, use --enable-full-report.
===============================================================================컴파일
컴파일을 진행합니다.
make -j $(( $(nproc) / 2 ))설치
BIND를 설치합니다.
sudo make install----------------------------------------------------------------------
Libraries have been installed in:
/usr/local/named/lib/bind
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the 'LD_RUN_PATH' environment variable
during linking
- use the '-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to '/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------BIND의 버전을 확인
$ /usr/local/named/sbin/named -v
BIND 9.18.26 (Extended Support Version) <id:936d80b>BIND의 구성 옵션을 확인
$ /usr/local/named/sbin/named -V
BIND 9.18.26 (Extended Support Version) <id:936d80b>
running on Linux x86_64 5.15.0-92-generic #102-Ubuntu SMP Wed Jan 10 09:33:48 UTC 2024
built by make with '--prefix=/usr/local/named' '--sysconfdir=/etc' '--localstatedir=/var' '--with-openssl'
compiled by GCC 11.4.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.43.0
linked to libuv version: 1.43.0
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): no
default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock728x90
심볼릭 링크 설정
바이너리에 대한 심볼릭 링크를 생성하여 시스템 PATH에 추가합니다.
ln -s /usr/local/named/bin/named-checkconf /bin/named-checkconfln -s /usr/local/named/bin/named-checkzone /bin/named-checkzoneln -s /usr/local/named/sbin/named /sbin/namedln -s /usr/local/named/sbin/named /sbin/rndcBIND의 설정 파일을 수정
sudo vim /etc/named.confoptions {
directory "/var/named";
version "not currently available";
};
logging {
channel example_log {
file "log/example.log" versions 3 size 250k;
severity info;
};
category default {
example_log;
};
};BIND의 로그 디렉터리를 생성
mkdir -p /var/named/log/var/named 디렉터리의 소유권을 할당
chown named.named -R /var/namedld.so.conf 파일에 추가
sudo echo "/usr/local/named/lib" >> /etc/ld.so.confBIND 서비스 등록
systemd 서비스 파일을 생성
sudo vim /etc/systemd/system/named.service[Unit]
Description=BIND DNS server
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/named/sbin/named -u named
ExecReload=/usr/local/named/sbin/rndc reload
ExecStop=/usr/local/named/sbin/rndc stop
[Install]
WantedBy=multi-user.targetsystemd에 새로운 서비스 파일을 로드
sudo systemctl daemon-reloadBIND 서비스를 부팅시 자동으로 시작하도록 설정
sudo systemctl enable namedBIND 서비스를 시작
sudo systemctl start namedBIND 서비스의 상태를 확인
sudo systemctl status named설치 검증
이제 BIND가 성공적으로 설치되고 실행 중입니다. 필요에 따라 /etc/bind/named.conf와 같은 설정 파일을 편집하여 DNS 서버를 구성할 수 있습니다.
참고URL
- Read the Docs : Configurations and Zone Files
- Read the Docs : BIND 9 Administrator Reference Manual
728x90
'리눅스' 카테고리의 다른 글
| [draft] 우분투에 Python 3를 설치하는 방법 (0) | 2024.05.13 |
|---|---|
| [draft] 우분투에 jemalloc을 설치하고 설정하는 방법 (0) | 2024.05.13 |
| [draft] 리눅스에 Slack CLI를 설치 및 제거하는 방법 (0) | 2024.05.10 |
| [draft] 우분투에 Apache2를 컴파일하여 설치하는 방법 (0) | 2024.05.09 |
| [draft] Nginx에서 Gzip 압축을 설정하는 방법 (0) | 2024.05.03 |
