728x90
named(bind)에 geoip 기능 사용하기
yum install gcc epel-releaseyum install zlib-devel openssl-develyum install GeoIP GeoIP-develyum install bind bind-utils
[bind download site]
http://ftp.isc.org/isc/bind9/9.10.4-P6/
cd /usr/local/src/wget http://ftp.isc.org/isc/bind9/9.10.4-P6/bind-9.10.4-P6.tar.gztar xfz bind-9.10.4-P6.tar.gzcd bind-9.10.4-P6./configure --prefix=/usr/local/bind-9.10.4-P6 --sysconfdir=/etc --localstatedir=/var --enable-threads --without-openssl --with-geoip=/usr/share/GeoIPmake && make install
cd /usr/local/bind-9.10.4-P6/sbin./named -V | sed -r 's/ +/\n/g' | grep geoip$ ./named -V | sed -r 's/ +/\n/g'|grep geoip
'--with-geoip=/usr/share/GeoIP'ldd ./named | grep libGeoIP$ ldd ./named | grep libGeoIP
libGeoIP.so.1 => /usr/lib64/libGeoIP.so.1 (0x00007f3284d00000)파일 복사
cp /usr/local/bind-9.10.4-P6/sbin/named /usr/sbin/namedcp /usr/local/bind-9.10.4-P6/sbin/named-checkconf /usr/sbin/named-checkconfcp /usr/local/bind-9.10.4-P6/sbin/named-checkzone /usr/sbin/named-checkzone
vim /etc/named.confacl "country_KR" {
geoip country KR;
#geoip region CA;
#geoip city "Redwood City";
/* names, etc., must be quoted if they contain spaces */
};
options {
# listen-on port 53 { 127.0.0.1; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
geoip-directory "/usr/share/GeoIP";
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
include "/etc/named.logging.conf";
#include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
view "ACL_KR" {
match-clients { country_KR; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "example.com" IN {
type master;
file "example.com-KR.zone";
allow-update { none; };
};
};
view "OTHER" {
match-clients { any; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "example.com" IN {
type master;
file "example.com-ETC.zone";
allow-update { none; };
};
};
vim /var/named/example.com-KR.zone$TTL 60
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
IN A 1.1.1.1
www IN A 1.1.1.1
ns1 IN A 192.168.56.101
vim /var/named/example.com-ETC.zone$TTL 60
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
IN A 2.2.2.2
www IN A 2.2.2.2
ns1 IN A 192.168.56.101728x90
'리눅스' 카테고리의 다른 글
| [리눅스] php 임의(랜덤)의 패스워드 생성 (0) | 2022.11.24 |
|---|---|
| [리눅스] named(bind) zone file ip change scripte (0) | 2022.11.24 |
| [리눅스] named(bind) 백업 스크립트 (0) | 2022.11.24 |
| How to Install python 3.7 on CentOS 7 (0) | 2022.11.24 |
| [리눅스] bind rndc(rndc.conf) 설정 및 rndc 명령 (0) | 2022.11.23 |
