728x90
우분투에서 BIND(Berkeley Internet Name Domain)를 설치하고 설정하는 방법
BIND (Berkeley Internet Name Domain)는 DNS(Domain Name System) 서버를 설정하고 관리하기 위한 소프트웨어입니다.
테스트 환경
- 운영체제 버전 정보
$ lsb_release -d
Description: Ubuntu 22.04.2 LTS
1. BIND(bind9) 설치
BIND(bind9) 패키지 설치
sudo apt-get update
apt-get install -y bind9
더보기
---
$ apt-get install -y bind9
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
bind9-dnsutils bind9-host bind9-libs bind9-utils dns-root-data
Suggested packages:
bind-doc resolvconf
The following NEW packages will be installed:
bind9 bind9-utils dns-root-data
The following packages will be upgraded:
bind9-dnsutils bind9-host bind9-libs
3 upgraded, 3 newly installed, 0 to remove and 78 not upgraded.
Need to get 1,880 kB of archives.
After this operation, 3,542 kB disk space will be freed.
...
Setting up bind9 (1:9.18.18-0ubuntu0.22.04.1) ...
Adding group `bind' (GID 118) ...
Done.
Adding system user `bind' (UID 111) ...
Adding new user `bind' (UID 111) with group `bind' ...
Not creating home directory `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
named-resolvconf.service is a disabled or a static unit, not starting it.
Created symlink /etc/systemd/system/bind9.service → /lib/systemd/system/named.service.
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service.
Setting up bind9-host (1:9.18.18-0ubuntu0.22.04.1) ...
Setting up bind9-dnsutils (1:9.18.18-0ubuntu0.22.04.1) ...
---
named(bind) 버전 확인
named -v
$ named -v
BIND 9.18.1-1ubuntu1.2-Ubuntu (Stable Release) <id:>
BIND 서비스 활성화 및 시작
systemctl --now enable named
$ systemctl --now enable named
Synchronizing state of named.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable named
BIND 서비스 상태 확인
sudo systemctl restart named
BIND(bind9) 패키지가 설치된 파일 목록 확인
dpkg -L bind9
BIND 파일 및 BIND 명령어
더보기
---
dpkg -L bind9 | egrep -v 'ppp|ufw|network|init|share|insserv|lib|apparmor'
$ dpkg -L bind9 | egrep -v 'ppp|ufw|network|init|share|insserv|lib|apparmor'
/.
/etc
/etc/bind
/etc/bind/bind.keys
/etc/bind/db.0
/etc/bind/db.127
/etc/bind/db.255
/etc/bind/db.empty
/etc/bind/db.local
/etc/bind/named.conf
/etc/bind/named.conf.default-zones
/etc/bind/named.conf.local
/etc/bind/named.conf.options
/etc/bind/zones.rfc1918
/etc/default
/etc/default/named
/usr
/usr/bin
/usr/bin/arpaname
/usr/bin/dnssec-importkey
/usr/bin/named-journalprint
/usr/bin/named-nzd2nzf
/usr/bin/named-rrchecker
/usr/bin/nsec3hash
/usr/sbin
/usr/sbin/ddns-confgen
/usr/sbin/named
/usr/sbin/tsig-keygen
/var
/var/cache
/var/cache/bind
---
2. BIND9 설정 파일 수정
BIND9 설정 파일은 /etc/bind/named.conf.options 및 /etc/bind/named.conf.local에 저장됩니다. named.conf.options 파일은 DNS 서버의 전반적인 설정을 포함하고, named.conf.local 파일은 도메인 및 리버스 룩업 영역에 대한 설정을 관리합니다.
- named.conf 파일
vim /etc/bind/named.conf
$ cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
- named.conf.options 파일
vim /etc/bind/named.conf.options
$ cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};
- named.conf.default-zones 설정
vim /etc/bind/named.conf.default-zones
$ cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
728x90
3. DNS 데이터베이스 파일 생성
데이터베이스 파일은 named.conf.local 파일에서 정의한 경로에 생성되어야 합니다. 위의 설정에서는 /etc/bind/zones/ 디렉토리에 데이터베이스 파일을 저장하도록 설정했습니다.
locahost 도메인 zone 파일
vim /etc/bind/db.local
$ cat /etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1
127.0.0.1 도메인 zone 파일
vim /etc/bind/db.127
$ cat /etc/bind/db.127
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1.0.0 IN PTR localhost.
4. rndc 명령어
rndc status
$ rndc status
version: BIND 9.18.1-1ubuntu1.2-Ubuntu (Stable Release) <id:>
running on node3: Linux x86_64 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023
boot time: Fri, 13 Jan 2023 14:22:34 GMT
last configured: Fri, 13 Jan 2023 14:22:34 GMT
configuration file: /etc/bind/named.conf
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 0/150
TCP high-water: 0
server is up and running
5. DNS 질의 테스트
정방향 DNS 조회
dig @127.0.0.1 localhost
$ dig @127.0.0.1 localhost
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 localhost
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19881
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 4e2ce4f4c49373ee0100000063c16ef6c54f54389821b5dd (good)
;; QUESTION SECTION:
;localhost. IN A
;; ANSWER SECTION:
localhost. 604800 IN A 127.0.0.1
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jan 13 23:47:18 KST 2023
;; MSG SIZE rcvd: 82
역방향 DNS 조회
dig @127.0.0.1 -x 127.0.0.1
$ dig @127.0.0.1 -x 127.0.0.1
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 -x 127.0.0.1
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35993
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a3e25e918e2563f80100000063c16e7abe7af071fc9b2b94 (good)
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 604800 IN PTR localhost.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jan 13 23:45:14 KST 2023
;; MSG SIZE rcvd: 102
역방향 DNS 조회
dig @127.0.0.1 127.in-addr.arpa
$ dig @127.0.0.1 127.in-addr.arpa
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 127.in-addr.arpa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38525
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d670b169cceecc470100000063c16eb1234eeea14acb1bef (good)
;; QUESTION SECTION:
;127.in-addr.arpa. IN A
;; AUTHORITY SECTION:
127.in-addr.arpa. 604800 IN SOA localhost. root.localhost. 1 604800 86400 2419200 604800
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jan 13 23:46:09 KST 2023
;; MSG SIZE rcvd: 12
BIND를 사용한 DNS 설정은 매우 복잡하고 구체적인 요구 사항에 따라 다르므로 자세한 설정에 대해서는 DNS 서비스를 운영하려는 목적과 요구 사항에 따라 추가적인 지침과 조언이 필요할 수 있습니다.
728x90
'리눅스' 카테고리의 다른 글
CentOS 7에서 BIND(named)의 로깅을 설정하는 방법 (0) | 2023.01.16 |
---|---|
[draft] CentOS 7에서 BIND DNS 서버를 설치하고 설정하는 방법 (0) | 2023.01.14 |
keepalived, haproxy 설치 및 설정하기 (0) | 2023.01.13 |
리눅스 sed 명령어 (0) | 2023.01.12 |
[draft] CentOS 7에서 기본 저장소를 변경하는 방법 (0) | 2023.01.12 |