ÀÌÁ¦ Àιö½º µµ¸ÞÀÎÀ» ¼³Á¤ÇØ º¸ÀÚ. Àιö½º µµ¸ÞÀÎÀ̶õ IP¸¦ µµ¸ÞÀÎÀ¸·Î º¯°æÇØ ÁÖ´Â ¼ºñ½ºÀÌ´Ù. ½±°Ô ¿¹¸¦ µé¸é yahoo.co.krÀÇ IPÁÖ¼Ò´Â 211.32.119.151ÀÌ´Ù. Áö±Ý ºê¶ó¿ìÀú¿¡´Ù 211.32.119.151¸¦ ÀÔ·ÂÇÏ°í ¿£ÅÍÅ°¸¦ Ãĺ¸±â ¹Ù¶õ´Ù. ¾Æ¸¶µµ yahoo.co.kr·Î º¯°æÀÌ µÇ¸é¼ ¾ßÈÄ È¨ÆäÀÌÁö°¡ ³ª¿Ã °ÍÀÌ´Ù. Àιö½º µµ¸ÞÀÎÀ» ¿î¿µÇÏ·Á¸é »óÀ§ ISP¿¡¼ ±ÇÇÑÀ» À§ÀÓ ¹Þ¾Æ¾ß µÈ´Ù. ½ÇÁ¦·Î IP¸î°³ °¡Áö°í´Â ¿î¿µÇϱâ Èûµé °ÍÀÌ´Ù. Àû¾îµµ Ŭ·¡½º ´ë¿ªÀ» ¹Þ¾Æ¾ß ±ÇÇÑ À§ÀÓÀÌ °¡´ÉÇÒ °ÍÀÌ´Ù. ±×·¡µµ °£´ÜÈ÷ ¾Ë¾Æº¸°í ³Ñ¾î°¡ÀÚ.
[root@localhost]# |
[root@localhost]# vi /etc/named.conf
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
|
¿ì¸®´Â caching nameserverÆÐÅ°Áö¸¦ ¼³Ä¡Ç߱⠶§¹®¿¡ À§ÀÇ ¼³Á¤ÀÌ ±âº»À¸·Î ÀâÇô ÀÖÀ» °ÍÀÌ´Ù. À§ÀÇ ¼³Á¤Àº ·ÎÄà ³×Æ®¿öÅ© ¼³Á¤ÀÌ´Ù. À§¿¡¼ ¿ä±¸ÇÏ´Â named.localÈÀÏÀ» ¿¾îº¸ÀÚ.
[root@localhost]# |
[root@localhost]# vi /var/named/named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
2003081401 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
|
named.localÈÀÏ¿¡ º¸¸é SOA¿µ¿ªÀº µµ¸ÞÀÎ ¼³Á¤ÇÒ ¶§ÀÇ zoneÈÀÏ°ú °°´Ù. µ¥ÀÌÅÍ ¿µ¿ª¿¡ º¸¸é »õ·Î¿î ·¹Äڵ尡 ÇÑ °³ º¸ÀÏ °ÍÀÌ´Ù. PTR ·¹ÄÚµå´Â Àιö½º µµ¸ÞÀÎÀ» Á¤ÀÇ ÇØÁÖ´Â ·¹ÄÚµå ÀÌ´Ù. ±âº»ÀûÀ¸·Î ·ÎÄà ·çÇÁ¹é ÁÖ¼ÒÀÎ 127.0.0.1¹ø IP°¡ localhost·Î ¼³Á¤ÀÌ µÇ¾îÀÖ´Ù.
ÀÌÁ¦ ½ÇÁ¦·Î ³×Æ®¿öÅ© ´ë¿ª¿¡ ´ëÇؼ ¼³Á¤À» Çغ¸ÀÚ. ÇÊÀÚ´Â 192.168.0.0ÀÇ CŬ·¡½º ´ë¿ªÀ» °¡Áö°í ÀÖ´Ù. ÀÌÁ¦ ÇÊÀÚÀÇ ³×Æ®¿öÅ© ´ë¿ª¿¡ ´ëÇؼ Àιö½º µµ¸ÞÀÎÀ» ¼³Á¤ÇØ º¸ÀÚ.
[root@localhost]# |
[root@localhost]# vi /var/named/0.168.192.rev
$TTL 86400
@ IN SOA ns.nasord.com. admin.nasord.com. (
2003081401 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns.nasord.com.
10 IN PTR ns.nasord.com.
13 IN PTR nasord.com
14 IN PTR ftp.nasord.com
15 IN PTR mail.nasord.com
|
À§ÀÇ ¼³Á¤À» º¸¸é ÇÊÀÚ´Â °¢°¢ÀÇ È£½ºÆ® ¸¶´Ù PTR·¹Äڵ带 ¼³Á¤ÇØ ÁÖ¾ú´Ù. PTR·¹ÄÚµå´Â ÇÑ °³ÀÇ IP¿¡ ¿©·¯°³ÀÇ È£½ºÆ®¸¦ ¼³Á¤ÇÒ ¼ö ¾ø´Ù. ÁÖÀÇ Çϱ⠹ٶõ´Ù.
+ÁÖ³×ÀÓ¼¹ö¿Í º¸Á¶ ³×ÀÓ¼¹ö ¿¬µ¿
|
|
À¢¸¸ÇÑ ±â¾÷¿¡¼´Â ³×ÀÓ¼¹ö¸¦ 2´ë¸¦ »ç¿ëÇÏ´Â °ÍÀÌ ³¶ºñÀÏ ¼öµµ ÀÖÀ¸³ª, ³×ÀÓ¼¹ö°¡ Àå¾Ö½Ã Á¤»óÀûÀÎ ¼ºñ½º¸¦ À§Çؼ º¸Á¶ ³×ÀÓ¼¹ö¸¦ ¿î¿µÇÏ´Â °ÍÀº ÁÁÀº ¹æ¹ýÀÌ´Ù. ÀÌÁ¦ ¾î¶»°Ô ÁÖ³×ÀÓ¼¹ö¿Í º¸Á¶ ³×ÀÓ¼¹ö¸¦ ¿î¿µÇÏ´ÂÁö ¾Ë¾Æº¸ÀÚ.
¾î´À³¯ °©ÀÚ±â ÁÖ³×ÀÓ¼¹ö°¡ Àå¾Ö·Î ÀÎÇؼ ´Ù¿îÀÌ µÇ¾ú´Ù. ¹°·Ð ij½ÃµÈ ³»¿ëµéÀÌ ´Ù¸¥ ³×ÀÓ¼¹öµé¿¡ ³²¾ÆÀֱ⠶§¹®¿¡ ¹Ù·Î ¿µÇâÀ» ¹ÞÁö´Â ¾Ê´Â´Ù. ÇÏÁö¸¸ ij½ÃµÈ ³»¿ëÀÌ ¾ø´Â ¼¹öµéµµ Àֱ⠶§¹®¿¡ »¡¸® º¹±¸¸¦ ÇØ¾ß µÈ´Ù. ÀÌ·² ¶§ º¸Á¶ ³×ÀÓ¼¹ö°¡ ÀÖ´Ù¸é, Á»´õ ¾ÈÁ¤ÀûÀÎ ¼ºñ½º¸¦ ÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù.
ÇÊÀÚ´Â ÁÖ ³×ÀÓ¼¹öÀÇ IP¸¦ 192.168.0.10¹øÀ¸·Î ¼³Á¤ÇÏ°í º¸Á¶ ³×ÀÓ¼¹ö´Â 192.168.0.11¹øÀ¸·Î ¼³Á¤ÇÒ °ÍÀÌ´Ù. È£½ºÆ® ³×ÀÓÀº ns.nasod.com°ú ns2.nasord.comÀ¸·Î ¼³Á¤Çؼ ¿î¿µÇÒ °ÍÀÌ´Ù. ¼³Ä¡ ¹æ¹ýÀº ÁÖ³×ÀÓ¼¹ö³ª º¸Á¶ ³×ÀÓ¼¹ö³ª °°´Ù. ´Ù¸¸ ¼³Á¤¿¡¼ ¾à°£ÀÇ º¯È°¡ ÇÊ¿äÇÏ´Ù. ¿ì¸®´Â ¿©±â¼ ¹è¿î SOA¿µ¿ª¿¡ °üÇÑ ³»¿ëµéÀ» »ç¿ëÇÒ °ÍÀÌ´Ù. ÁÖ·Î SOA¿µ¿ªÀº ÁÖ³×ÀÓ¼¹ö¿Í º¸Á¶ ³×ÀÓ¼¹ö°£¿¡ µ¥ÀÌÅÍÀÇ ½Å·Ú¼º¿¡ °üÇÑ ³»¿ëµéÀ» °¡Áö°í ÀÖ´Ù. ÀÌ·¸°Ô ¸»·Î ¾Ö±âÇÏ´Â °Íº¸´Ù ½ÇÁ¦·Î ¼³Á¤Çغ¸´Â °ÍÀÌ ÈξÀ ÀÌÇØ°¡ ÀßµÉ °ÍÀÌ´Ù.
ÁÖ ³×ÀÓ¼¹ö ¼³Á¤
[root@localhost]# |
[root@localhost]# vi /etc/named.conf
zone "nasord.com" IN {
type master;
file "nasord.com.zone";
};
|
º¸Á¶ ³×ÀÓ¼¹ö ¼³Á¤
[root@localhost]# |
[root@localhost]# vi /etc/named.conf
zone "nasord.com" IN {
type slave;
file "nasord.com.zone";
masters { 192.168.0.10; };
};
|
´Þ¶óÁø °ÍÀÌ ÀÖ´Ù¸é µµ¸ÞÀÎÀÇ type°¡ º¯°æÀÌ µÇ¾ú°í º¸Á¶ ³×ÀÓ¼¹ö¿¡¼´Â ÁÖ ³×ÀÓ¼¹ö¸¦ ¼³Á¤ÇØ ÁÖ¾ú´Ù. º¸Á¶ ³×ÀÓ¼¹ö´Â zoneÈÀÏÀ» ¸¸µé¾îÁÙ ÇÊ¿ä°¡ ¾ø´Ù. reload½ÃÅ°¸é ÀÚµ¿À¸·Î ºÒ·¯¿Â´Ù. º¸Á¶ ³×ÀÓ¼¹ö ¼³Á¤½Ã ÁÖÀÇÇÒÁ¡Àº ÁÖ ³×ÀÓ¼¹ö¿¡ allow-transfer¿É¼ÇÀÌ ¼³Á¤µÇ¾î ÀÖ¾î¾ß µÈ´Ù. ±âº»ÀûÀ¸·Î ¸ðµç È£½ºÆ®¿¡ ´ëÇؼ transferÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤ÀÌ µÇ¾îÀÖ´Ù. allow-transfer¿¡ ´ëÇÑ ³»¿ëÀº µÞºÎºÐ¿¡¼ ´Ù·ç±â·Î ÇÏ°Ú´Ù.
Bind 9ÀÇ ½ÃÀÛ°ú Á¾·á¿¡ ´ëÇؼ ¾Ë¾Æº¸ÀÚ. Bind 9ÀÇ ½ÃÀÛ µ¥¸óÀÇ À§Ä¡´Â ¼³Ä¡ ¹æ½Ä¿¡ µû¶ó¼ Ʋ¸®´Ù. Source¼³Ä¡½Ã /usr/local/bind/sbin/namedÀÌ°í, RPM¼³Ä¡½Ã´Â /usr/sbin/namedÀÌ´Ù. µ¥¸ó ÆÄÀÏ¿¡¼ ¹Ù·Î ½ÇÇàÇÏ´Â °Íº¸´Ù, ½ºÅ©¸³Æ®¸¦ µî·ÏÇØ ³õ°í »ç¿ëÇϸé Æí¸®ÇÏ´Ù.
[root@localhost]# |
[root@localhost]# /etc/rc.d/init.d/named start
Starting named: [ OK ]
|
½ÇÇàÀ» ½ÃÅ°¸é named°èÁ¤À¸·Î Bindµ¥¸óÀÌ ±¸µ¿ÀÌ µÉ °ÍÀÌ´Ù. µ¥¸óÀÇ Á¾·á´Â ¾Æ·¡¿Í °°ÀÌ ÇÏ¸é µÈ´Ù.
[root@localhost]# |
[root@localhost]# /etc/rc.d/init.d/named stop
Stopping named: [ OK ]
|
Bind 9ÀÇ Àç½ÃÀÛÀº rndc¸¦ ÀÌ¿ëÇؼ Çϱ⠹ٶõ´Ù. µµ¸ÞÀÎÀÌ ¸¹À» °æ¿ì µ¥¸ó ±¸µ¿ ½ºÅ©¸³Æ®·Î Àç½ÃÀÛÇÒ °æ¿ì ij½Ã°¡ Áö¿öÁö¸é¼ ´Ù½Ã ·ÎµåÇϴµ¥ ¿À·£ ½Ã°£ÀÌ °É¸°´Ù.
[root@localhost]# |
[root@localhost]# rndc reload
|
rndc¸¦ ÀÌ¿ëÇؼ reloadÇÏ¸é º¯°æµÈ ºÎºÐ¸¸ ¹Ù·Î Àû¿ëÀ» ½ÃŲ´Ù. rndc¸í·É¾î´Â ÇöÀç Bindµ¥¸óÀÇ »óŸ¦ ÀÚ¼¼ÇÏ°Ô ¾Ë·ÁÁØ´Ù.
[root@localhost]# |
[root@localhost]# rndc status
number of zones: 388
debug level: 0
xfers running: 2
xfers deferred: 22
soa queries in progress: 351
query logging is OFF
server is up and running
|
À§¿Í °°ÀÌ zoneÀÇ °¹¼ö¿Í ÁøÇàµÇ°í ÀÖ´Â transfer»óÅÂ¿Í µ¥¸óÀÇ ÇöÀç »óÅÂµî ´Ù¾çÇÑ °ÍµéÀ» º¸¿©ÁØ´Ù.
+Bind 9ÀÇ °í±Þ¿É¼Ç°ú ±â´É #1
|
|
Áö±Ý ±îÁöÀÇ ¼³¸íÀº ÃÊ±Þ »ç¿ëÀÚµéÀÌ ½±°Ô »ç¿ëÇÒ ¼ö ÀÖµµ·Ï ±âº»ÀûÀÎ ¼³¸íÀ§ÁÖ·Î ÁøÇàÀ» Çß´Ù. Áö±ÝºÎÅÍ´Â ³×ÀÓ¼¹ö¸¦ ¿î¿µÇϴµ¥ ÀÖ¾î¼ Á»´õ °í±Þ¿É¼Ç°ú º¸¾È¿¡ ÁßÁ¡À» µÎ¾î¼ ¼³¸íÇÏ°íÀÚ ÇÑ´Ù. ¸ÕÀú named.confÀÇ ¿É¼ÇµéÀ» »ìÆ캸ÀÚ.
[root@localhost]# |
[root@localhost]# vi /etc/named.conf
// generated by named-bootconf.pl
options {
directory "/var/named";
version "unknown";
pid-file "/var/run/named/";
allow-transfer { 192.168.0.10; };
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { key; };
};
logging {
category lame-servers { null; };
category unmatched { null; };
category network { null; };
category notify { null; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
include "/etc/rndc.key";
|
options{} : Bind 9ÀÇ ±âº»ÀûÀÎ ¿É¼ÇÀ» ¼³Á¤ÇÑ´Ù. ¼¼ºÎ ¿É¼ÇÀ» »ìÆì º¸ÀÚ.
directory : zoneÈÀÏÀÌ À§Ä¡ÇÏ´Â °æ·Î¸¦ ÁöÁ¤ÇØ ÁØ´Ù. ±âº»°ªÀº /var/namedÀÌ´Ù.
version : BindÀÇ ¹öÀüÀ» ÀÓÀÇ·Î ÁöÁ¤ÇØ ÁØ´Ù. ¹öÀüº°·Î Ãë¾àÁ¡À» ¾Ç¿ëÇÑ exploitÀÌ Á¸ÀçÇϱ⠶§¹®¿¡ ¹öÀüÀ» ¼û±æ ¼ö ÀÖÀ½À¸·Î °ø°ÝÀÚ°¡ Á¤º¸ÀÇ È¹µæÀ» Èûµé °Ô ÇÑ´Ù.
[root@localhost]# |
[root@localhost]# dig @192.168.0.2 version.bind chaos txt
; <<>> DiG 9.2.0 <<>> @192.168.0.2 version.bind chaos txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2655
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;version.bind. CH TXT
;; ANSWER SECTION:
version.bind. 0 CH TXT "9.2.2"
;; Query time: 2 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Sat Aug 16 11:25:06 2003
;; MSG SIZE rcvd: 48
|
À§ÀÇ ¿¹Á¦¸¦ º¸¸é Bind 9ÀÇ ¹öÀüÀÌ 9.2.2¶ó´Â °ÍÀÌ ³ª¿Ô´Ù. ±×·¯¸é °ø°ÝÀÚ´Â 9.2.2¹öÀüÀÇ exploitÀ» ÁغñÇؼ °ø°ÝÀ» ÇÏ¸é µÈ´Ù. ¸¸¾à ¹öÀüÀÌ unknownÀ¸·Î ³ª¿À¸é °ø°ÝÀÚ´Â ´Ù¸¥ ¹æ¹ýÀ» ã¾Æ¾ß ÇÒ°ÍÀÌ´Ù.
pid-file : Bind 9ÀÇ PID°¡ »ý¼ºµÉ °æ·Î¸¦ ÁöÁ¤ÇØ ÁØ´Ù. ±âº»°ªÀº /var/run/namedÀ̳ª, ±ÇÇѺÎÁ·À¸·Î »ý¼ºÀÌ ¾ÈµÉ °æ¿ì º¯°æÇØ ÁÖ¸é µÈ´Ù.
allow-transfer : zone-transferÀ» Çã¿ëÇÒ IP¸¦ ÁöÁ¤ÇØ ÁØ´Ù. º¸Åë º¸Á¶ ³×ÀÓ¼¹ö¸¦ ÁöÁ¤ÇØ µÎ¸é µÈ´Ù. ¸¸¾à ÁöÁ¤ÇÏÁö ¾ÊÀ» °æ¿ì º¸¾È»ó Ãë¾àÇÏ°Ô µÈ´Ù. ¸¸¾à Çã°¡ µÇÁö ¾ÊÀº »ç¶÷¿¡°Ô zone-transferÀ» Çã¿ëÇÒ °æ¿ì DNS ¼¹öÀÇ Áß¿äÇÑ Á¤º¸°¡ À¯ÃâµÇ°Ô µÈ´Ù. Áï, °ø°ÝÀÚ´Â Àü¼Û ¹ÞÀº Zone Á¤º¸¸¦ ÀÌ¿ëÇÏ¿© È£½ºÆ® Á¤º¸, ³×Æ®¿öÅ© ±¸¼º ÇüÅ µîÀÇ ¸¹Àº Á¤º¸¸¦ ÆľÇÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ´ëºÎºÐÀÇ »çÀÌÆ®¿¡¼ DNS ¼¹ö¸¦ µðÆúÆ®·Î ¼³Ä¡ÇÒ °æ¿ì ÀÓÀÇÀÇ »ç¿ëÀÚ°¡ Zone Transfer ¸¦ ÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤µÈ´Ù. ´ÙÀ½Àº nslookup ¸í·ÉÀ» ÀÌ¿ëÇÏ¿© DNS ¼¹öÀÇ Zone µ¥ÀÌÅ͸¦ ¼öÁýÇÏ´Â °ÍÀ» º¸¿©ÁØ´Ù.
[root@localhost]# |
[root@localhost]# nslookup
>server 192.168.0.10
Default Server: [192.168.0.10]
Address: 192.168.0.10
>
> set type=any
> nasord.com >> nasord.com.zone
Server: [192.168.0.10]
Address: 192.168.0.10
|
À§¿Í °°ÀÌ ½ÇÇàÈÄ Àü¼ÛµÈ naosrd.com.zoneÈÀÏÀ» º¸¸é, È£½ºÆ®º° IP¿Í ³×Æ®¿öÅ©ÀÇ ±¸¼ºÇüŵîÀÇ Áß¿äÇÑ ³»ºÎ Á¤º¸°¡ À¯ÃâµÉ ¼ö ÀÖ´Ù. ±×·¯¹Ç·Î º¸Á¶ ³×ÀÓ¼¹ö¸¦ Á¦¿ÜÇÏ°í´Â ¸ðµÎ ¸·¾Æ µÎ´Â °ÍÀÌ ÁÁ´Ù.
+Bind 9ÀÇ °í±Þ¿É¼Ç°ú ±â´É #2
|
|
controls {} : ÄÜÆ®·Ñ ¿É¼ÇÀº ÁÖ·Î °ü¸® ¸ñÀûÀ¸·Î ¼³Á¤ÀÌ µÈ´Ù. ¼¼ºÎ ¼³Á¤À» »ìÆ캸ÀÚ.
inet : Listening IP¸¦ ÁöÁ¤ÇÑ´Ù.
allow : allow¿¡ ÁöÁ¤µÈ È£½ºÆ®¸¸ÀÌ Bind¸¦ ÄÁÆ®·Ñ ÇÒ ¼ö ÀÖ´Ù.
key : allow¿¡ ÁöÁ¤ÀÌ ¾ÈµÇÀÖ´õ¶ó°í key°ªÀÌ µ¿ÀÏÇÑ °æ¿ì ÄÜÆ®·ÑÇÒ ¼ö ÀÖ´Ù. key»ý¼º¿¡ ´ëÇؼ °£´ÜÈ÷ ¾Ë¾Æº¸ÀÚ. key´Â rndc-confgen¸í·É¾î·Î »ý¼ºÇϸç, »ý¼º½Ã¿¡ ·¥´ýÇÏ°Ô »ý¼ºÀÌ µÈ´Ù.
[root@localhost]# |
[root@localhost]# /usr/local/bind/sbin/rndc-confgen > /etc/rndc.conf
[root@localhost]# cat /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "PSYc3s2THUqOK8qV65Jm9w==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
|
logging {} : ÁÖ·Î ·Î±× °ü·Ã Ç׸ñµéÀ» ¼³Á¤ÇÑ´Ù. °ÅÀÇ ºÒÇÊ¿äÇÑ ·Î±×µéÀ̹ǷΠnull·Î ¼³Á¤Çؼ ÇÏ¿ëÇÏ¸é µÈ´Ù. ¼¼ºÎ Ç׸ñÀÇ ¼³¸íÀº »ý·«ÇÏ°Ú´Ù.
include "/etc/rndc.key" : /etc/rndc.key¿¡ Á¤ÀÇµÈ °æ·Î¸¦ ³Ö¾îÁÖ¸é µÈ´Ù. ÃÖ¼Ò named»ç¿ëÀÚ¿¡°Ô Àб⠱ÇÇÑÀÌ ÀÖ¾î¾ß µÈ´Ù. º¸¾È»ó ¿ÜºÎ»ç¿ëÀÚ¿¡°Ô À¯ÃâµÇ¸é ¾ÈµÇ´Ï, ÃÖ¼ÒÀÇ ±ÇÇѸ¸À¸·Î ¿î¿µÇϱ⠹ٶõ´Ù.
°ÅÀÇ ¼Õ´îÀÏÀÌ ¾ø´Â ºÎºÐÀÌ´Ù. ÇÏÁö¸¸ °¡²û½Ä º¯°æÇϱ⵵ Çϴϱî, ÃÖ¼Ò ÇÑ´Þ¿¡ Çѹø½Ä¸¸ ¾÷µ¥ÀÌÆ® ÇØÁֱ⠹ٶõ´Ù. ¾÷µ¥ÀÌÆ®´Â cronÀ¸·Î ÇÑ´Þ¿¡ Çѹø ½ÇÇàµÇµµ·Ï ¼³Á¤ÇØ ÁÖ¸é µÈ´Ù.
[root@localhost]# |
[root@localhost]# dig @ns.krnic.net . ns > /var/named/named.ca
[root@localhost]# crontab -e
0 0 1 * * root dig @ns.krnic.net . ns > /var/named/named.ca
|
ÇÊÀÚ´Â ÁÖ·Î krnic¿¡¼ ¹Þ¾Æ¿Â´Ù.
Dynamic Update´Â µ¿Àû ¾÷µ¥ÀÌÆ®·Î Bind 8¿¡ ºñÇؼ dnssec-key¸¦ ÀÌ¿ëÇÑ ÀÎÁõºÎºÐÀÌ °ÈµÇ¾ú´Ù. Dynamic Update¸¦ »ç¿ëÇϱâ À§Çؼ´Â named.confÀÇ zone¼³Á¤¿¡¼ allow-updateÁö½ÃÀÚ¿¡ rndc.key¿¡¼ Á¤ÀÇµÈ key¸¦ »ç¿ëÇØ¾ß µÈ´Ù.
[root@localhost]# |
[root@localhost]# tar xvfz bind-9.2.2.tar.gz
[root@localhost]# cd bind-9.2.2[root@localhost]# vi /etc/naemd.conf
zone "nasord.com" IN {
type master;
file "nasord.com.zone";
allow-update { key "rndc-key"; };
};
|
À§¿Í °°ÀÌ Á¤ÀÇµÈ Å°¸¦ ÀÔ·ÂÇÏ°í ¸í·ÉÀ» ¼öÇàÇØ¾ß µÈ´Ù. ÀÎÁõ¹æ½ÄÀº µÎ°¡Áö·Î key¸¦ »ç¿ëÇÑ ÀÎÁõ°ú IPÀÎÁõÀÌ ÀÖ´Ù. µÉ ¼ö ÀÖÀ¸¸é key¸¦ »ç¿ëÇÑ ÀÎÁõÀ» »ç¿ëÇÏ´Â °ÍÀ» ±ÇÀåÇÑ´Ù. ÀÌÁ¦ ½ÇÁ¦·Î ¾÷µ¥ÀÌÆ®¸¦ »ç¿ëÇØ º¸ÀÚ.
¾÷µ¥ÀÌÆ® Àü¿¡ ¸í·É¹®¿¡ ´ëÇؼ °£´ÜÈ÷ ¾Ë¾Æº¸ÀÚ. ÀÚ¼¼ÇÑ ¸í·É¾î´Â msnÀ» Âü°íÇϱ⠹ٶõ´Ù.
prereq yxdomain DOMAIN-NAME : DOMAIN-NAMEÀÌ Á¸Àç(ÇϳªÀÌ»óÀÇ ·¹Äڵ尡 ¼³Á¤µÇ¾î ÀÖÀ½)ÇÔÀ» ¿¬¼ÓµÈ ¸í·ÉÀÇ ¼±Çà Á¶°ÇÀ¸·Î »ï´Â´Ù.
prereq nxdomain DOMAIN-NAME : DOMAIN-NAME¿¡ ¾î¶°ÇÑ ·¹Äڵ嵵 ¼³Á¤µÇ¾î ÀÖÁö ¾ÊÀ½À» ¿¬¼ÓµÈ ¸í·ÉÀÇ ¼±Çà Á¶°ÇÀ¸·Î »ï´Â´Ù.
prereq yxrrset DOMAIN-NAME [CLASS] TYPE [DATA] : DOMAIN-NAME¿¡ ÇØ´ç ·¹Äڵ尡 Á¸ÀçÇÔÀ» ¿¬¼ÓµÈ ¸í·ÉÀÇ ¼±Çà Á¶°ÇÀ¸·Î »ï´Â´Ù. DATA°¡ ¸í½ÃµÇ¾î ÀÖÀ» °æ¿ì¿¡´Â Á¤È®ÇÏ°Ô ¸ÅĪÀÌ µÇ´Â °æ¿ì¿¡¸¸ Á¶°ÇÀÌ ¼º¸³µÈ´Ù.
prereq nxrrset DOMAIN-NAME [CLASS] TYPE : DOMAIN-NAME¿¡ ÇØ´ç ·¹Äڵ尡 Á¸ÀçÇÏÁö ¾ÊÀ½À» ¿¬¼ÓµÈ ¸í·ÉÀÇ ¼±Çà Á¶°ÇÀ¸·Î »ï´Â´Ù.
update delete DOMAIN-NAME [CLASS] [TYPE [DATA...]]: TYPEÀÌ ¸í½ÃµÇÁö ¾Ê¾ÒÀ» °æ¿ì¿£ ÇØ´ç DOMAIN-NAME¿¡ ¼Ò¼ÓµÈ ·¹Äڵ带 ¸ðµÎ »èÁ¦ÇÑ´Ù. TYPEÀÌ ¸í½ÃµÉ °æ¿ì¿£ ¸ÅĪµÇ´Â ·¹Äڵ常ÀÌ Á¦°ÅµÈ´Ù.
update add DOMAIN-NAME TTL [CLASS] TYPE DATA... : ÁöÁ¤µÈ ·¹Äڵ带 ÇØ´ç µµ¸ÞÀο¡ Ãß°¡ÇÑ´Ù.
show: ¸¶Áö¸· send Àü ±îÁöÀÇ ¸ðµç ¼±Çà Á¶°Ç°ú ¾÷µ¥ÀÌÆ® ½ºÆåÀ» Æ÷ÇÔÇÑ ¸ðµç ¸Þ¼¼Áö¸¦ Ãâ·ÂÇÑ´Ù.
send: ÇöÀç ¸Þ¼¼Áö¸¦ ¼¹ö·Î Àü¼ÛÇÏ¿© ¾÷µ¥ÀÌÆ®¸¦ ½ÃµµÇÑ´Ù.
dnssec-key¸¦ »ç¿ëÇÑ ÀÎÁõ : ex)nsupdate -d -y key-name:dnssec-key
[root@localhost]# |
[root@localhost]# vi /etc/naemd.conf
zone "nasord.com" IN {
type master;
file "nasord.com.zone";
allow-update { key "rndc-key"; };
};
[root@localhost]# vi /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "PSYc3s2THUqOK8qV65Jm9w==";
};
[root@localhost]# nsupdate -d -y
rndc-key:PSYc3s2THUqOK8qV65Jm9w==
Creating key...
namefromtext
keycreate
> server 192.168.0.10
> prereq nxdomain kr.nasord.com
> update add kr.naosrd.com 86400 A 192.168.0.13
> send
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5040
;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;kr.naosrd.comr. IN SOA
;; AUTHORITY SECTION:
kr.naosrd.com. 0 IN SOA kr.naosrd.com. admin.kr.naosrd.com.
2003080410 28800 7200 604800 300
Found zone name: nasord.com
The master is: ns.nasord.com
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 35288
;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; TSIG PSEUDOSECTION:
rndc-key. 0 ANY TSIG hmac-md5.sig-alg.reg.int.
1061006788 300 16 IKIz+21KtkwHOUYyKb+8LQ== 35288 NOERROR 0
|
ÇÊÀÚ´Â kr.nasord.comÀ̶ó´Â È£½ºÆ®¸¦ Ãß°¡ÇØ º¸¾Ò´Ù. ÀÌÁ¦ Á¦´ë·Î Ãß°¡°¡ µÇ¾ú´ÂÁö È®ÀÎÇØ º¸ÀÚ.
[root@localhost]# |
[root@localhost]# nslookup kr.nasord.com
Server: ns.nasord.com
Address: 192.168.0.10
Non-authoritative answer:
Name: kr.nasord.com
Address: 192.168.0.13
|
À§¿¡ º¸ÀÌ´Â °Íó·³ krÈ£½ºÆ®°¡ Ãß°¡°¡ µÇ¾ú´Ù. ÇÏÁö¸¸ zoneÈÀÏ¿¡´Â ¾ÆÁ÷ Ãß°¡°¡ µÇÁö ¾Ê¾Ò´Ù. ¾ÆÁ÷±îÁö´Â ij½Ã¿¡¸¸ ÀúÀåÀÌ µÇ¾îÀÖ´Ù°¡ BindÁ¾·á½Ã zoneÈÀÏ¿¡ ¾²¿©Áø´Ù.
-ÁÖ ÀÇ-
Dynamic Update¸¦ ÀÌ¿ëÇÒ °æ¿ì BindÀÇ Á¾·á´Â rndc¸¦ ÀÌ¿ëÇؼ Á¾·á ÇØ¾ß µÈ´Ù. ÇÁ·Î¼¼½º¸¦ ±×³É Á׿© ¹ö¸± °æ¿ì ij½Ã¿¡ ³²¾ÆÀÖ´Â °ÍµéÀÌ zoneÈÀÏ¿¡ ¾²¿©ÁöÁö ¾Ê°í ³¯¾Æ°¡°Ô µÈ´Ù.
[root@localhost]# |
[root@localhost]# rndc stop
[root@localhost]# /etc/rc.d/init.d/named.start
[root@localhost]# cat /var/named/nasord.com.zone
$TTL 86400
@ IN SOA ns.nasord.com. admin.nasord.com. (
2003081301 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
IN NS ns.nasord.com.
IN MX 10 mail.
@ IN A 192.168.0.13
ns IN A 192.168.0.10
ftp IN A 192.168.0.14
mail IN A 192.168.0.15
kr IN A 192.168.0.13 <-- Ãß°¡µÈ ºÎºÐ
www IN CNAME @
|
±âÁ¸ÀÇ È£½ºÆ®¸¦ ¼öÁ¤ÇÒ °æ¿ì ¸í·É¾î°¡ ´Þ¶óÁø´Ù. ¿¹Á¦¸¦ º¸±â ¹Ù¶õ´Ù.
[root@localhost]# |
[root@localhost]# nsupdate -d -y rndc-key:PSYc3s2THUqOK8qV65Jm9w==
Creating key...
namefromtext
keycreate
> server 192.168.0.10
> prereq yxdomain kr.nasord.com
> update delete kr.nasord.com A
> update add kr.naosrd.com 86400 A 192.168.0.14
> send
|
È£½ºÆ® ¼öÁ¤½Ã¿¡´Â ±âÁ¸ÀÇ È£½ºÆ®¸¦ »èÁ¦ÇØÁÖ°í Ãß°¡¸¦ ½ÃÄÑ Áà¾ß µÈ´Ù.
IP¸¦ ÀÌ¿ëÇÑ ÀÎÁõ : ex)nsupdate ip¸¦ ÀÌ¿ëÇÑ ÀÎÁõÀº º°´Ù¸¦ °ÍÀÌ ¾ø´Ù. IP¸¸À¸·Î ÀÎÁõÀ» ÇØ¾ß µÇ¹Ç·Î º¸¾È»ó Ãë¾àÇÒ ¼ö ÀÖ´Ù. µÉ ¼ö ÀÖÀ¸¸é keyÀ» ÀÌ¿ëÇÑ ÀÎÁõÀ» Çϱ⠹ٶõ´Ù.
[root@localhost]# |
[root@localhost]# vi /etc/naemd.conf
zone "nasord.com" IN {
type master;
file "nasord.com.zone";
allow-update { 192.168.0.10; };
};
[root@localhost]# nsupdate
Creating key...
namefromtext
keycreate
> server 192.168.0.10
> prereq nxdomain kr.nasord.com
> update add kr.naosrd.com 86400 A 192.168.0.13
> send
|
Dynamic Update±â´ÉÀº À¯¿ëÇÏ°Ô »ç¿ëÇÒ ¼ö ÀÖÀ¸³ª, ¸í·É¾î°¡ ¼Õ¿¡ À;î¾ß Àß »ç¿ëÇÒ ¼ö ÀÖÀ» °Í °°´Ù. ÇÊÀÚ´Â ¾ÆÁ÷ Àͼ÷ÇÏÁö°¡ ¾Ê¾Æ¼ ¹Ù·Î ¼öÁ¤Çؼ »ç¿ëÇÑ´Ù. ½ºÅ©¸³Æ®·Î ¸¸µé¾î¼ »ç¿ëÇÏ¸é ¾ÆÁÖ Æí¸®ÇÒ °Í °°´Ù.
+nslookup¸¦ ÀÌ¿ëÇÑ ³×ÀÓ¼¹ö Á¡°Ë
|
|
nslookupÀ̶õ ³×ÀÓ¼¹ö¿¡ ÁúÀǸ¦ ´øÁ®¼ °á°ú¸¦ ¾ò¾î ³»´Â µµ±¸ÀÌ´Ù. °ÅÀÇ ¸ðµç ¿î¿µÃ¼°è¿¡ ±âº»ÀûÀ¸·Î ¼³Ä¡°¡ µÇ¾îÀÖ´Ù. ³×ÀÓ¼¹ö ¿î¿µ½Ã¿¡ °¡Àå ¸¹ÀÌ »ç¿ëµÇ´Â µµ±¸ÀÌ´Ù. ÀÌÁ¦ nslookupÀÇ »ç¿ë¹ý¿¡ ´ëÇؼ ¾Ë¾Æº¸ÀÚ. ½ÇÇà¹æ¹ýÀº ¾ÆÁÖ °£´ÜÇÏ´Ù. ±×³É ¸í·É¾î¸¸ ÀÔ·ÂÇÏ¸é µÈ´Ù.
[root@localhost]# |
[root@localhost]# nslookup
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
>
|
À§ÀÇ ½ÇÇà ¿¹Á¦´Â ¸®´ª½º Ç÷§Æû¿¡¼ ½ÇÇà½ÃŲ ¿¹Á¦ÀÌ´Ù. noteºÎºÐÀº ¹«½ÃÇصµ µÈ´Ù. nslookupµµ±¸°¡ ¾ø¾îÁú °ÍÀÌ´Ï dig³ª host¸¦ »ç¿ëÇ϶ó´Â ¸»ÀÌ´Ù. À§ÀÇ note¸¦ º¸±â ½ÈÀ¸¸é -sil¿É¼ÇÀ¸·Î ½ÇÇàÇÏ¸é µÈ´Ù. ÀÌÁ¦ nslookup¸¦ ÀÌ¿ëÇؼ ½ÇÁ¦·Î ÁúÀǸ¦ Çغ¸ÀÚ.
[root@localhost]# |
[root@localhost]# nslookup -sil
> nasord.com
Server: 168.126.63.1
Address: 168.126.63.1#53
Name: nasord.com
Address: 192.168.0.13
>
|
nslookupÀ¸·Î ÁúÀǸ¦ ´øÁ³´õ´Ï nasord.com --> 192.168.0.13¹øÀ̶ó°í °¡¸£ÃÄ ÁÖ¾ú´Ù. À§ÀÇ ¿¹Á¦´Â °£´ÜÇÑ ¿¹Á¦¸¦ ½ÇÇàÇغ» °ÍÀÌ°í, Á»´õ °í³À̵µÀÇ ÁúÀǸ¦ Çغ¸ÀÚ. ¸¸¾à È£½ºÆ®ÀÇ IP°¡ º¯°æÀÌ µÇ¾î¼ ³×ÀÓ¼¹ö¿¡¼ IP¸¦ º¯°æÀ» ÇØÁÖ¾ú´Ù. ±×·±µ¥ ÀϺδ Á¤»óÀûÀ¸·Î Á¢¼ÓÀÌ µÇ´Âµ¥, Á¢¼ÓÀÌ ¾ÈµÇ´Â°÷µµ ÀÖ´Ù. ¿Ö ±×·±Áö ³×ÀÓ¼¹ö¿¡ ÁúÀǸ¦ Çؼ ¾Ë¾Æº¸ÀÚ.
[root@localhost]# |
[root@localhost]# nslookup -sil
> server 168.126.63.1
Default server: 168.126.63.1
Address: 168.126.63.1#53
> set type=soa
> nasord.com
Server: 168.126.63.1
Address: 168.126.63.1#53
nasord.com
origin = ns.nasord.com
mail addr = admin.nasord.com
serial = 2003080501
refresh = 300
retry = 7200
expire = 604800
minimum = 86400
>
|
Çѱ¹Åë½Å ȸ¼±À» »ç¿ëÇÏ´Â °¡ÀÔÀÚµéÀÌ ¼ºñ½º¿¡ Á¢¼ÓÀÌ ¾ÈµÈ´Ù°í ³¸®°¡ ³µ´Ù. ±×·¡¼ ÇÊÀÚ´Â ³×ÀÓ¼¹ö¸¦ 168.126.63.1·Î º¯°æÀ» ÇÏ°í ¼¹ö¿¡ ÁúÀǸ¦ Çغ¸¾Ò´Ù. ÀÌ·±, Çѱ¹Åë½Å ȸ¼±ÀÇ ³×ÀÓ¼¹ö¿¡´Â ttl°ªÀÌ 86400ÃÊ·Î µî·ÏÀÌ µÇ¾îÀÖ´Ù. Àú °ªÀÌ ´Ù µÇ±â Àü±îÁö´Â Çѱ¹Åë½ÅÀÇ ³×ÀÓ¼¹ö´Â ns.nasord.com¿¡ ÁúÀǸ¦ ÇÏÁö ¾Ê´Â´Ù. ¾î¿ ¼ö ¾øÀÌ 24½Ã°£À» ±â´Ù·Á¾ß µÈ´Ù.
¸¸¾à ÀÚ½ÅÀÌ ¼¹ö °ü¸®ÀÚ¶ó¸é, ¼¹öÀÇ IP¸¦ º¯°æÇϱâ Àü¿¡ ttl°ªÀ» 300Ãʳ»Áö ªÀº ½Ã°£À¸·Î º¯°æÀ» ÇØÁÖ°í Ÿ ³×ÀÓ¼¹ö¿¡ ÀüÆĵDZâ±îÁö 24½Ã°£ Á¤µµ¸¦ ÁöÄѺ»´ÙÀ½¿¡ È£½ºÆ®ÀÇ IP¸¦ º¯°æÀ» ÇØ¾ß µÉ °ÍÀÌ´Ù. ±×·¸°Ô ÇÑ´Ù¸é ÃÖ°í 5ºÐÀ̸é IPº¯°æÀÌ ¿Ï·á µÇ´Â °ÍÀÌ´Ù.
set type ¿É¼ÇÀº ¿©·¯ °¡Áö°¡ ÀÖ´Ù. ÇÊÀÚ°¡ ¾Æ´Â °Í¸¸ ¼³¸íÇغ¸°Ú´Ù.
[root@localhost]# |
[root@localhost]# nslookup -sil
> server 168.126.63.1
> set type=a
> nasord.com
Server: 168.126.63.1
Address: 168.126.63.1#53
Name: nasord.com
Address: 192.168.0.13
|
set type ¿É¼ÇÀÇ Á¾·ù´Â A·¹Äڵ带 º¸¿©ÁÖ´Â a¿É¼Ç, MX·¹Äڵ带 º¸¿©ÁÖ´Â mx¿É¼Ç, ±×¸®°í ³×ÀÓ¼¹ö¸¦ º¸¿©ÁÖ´Â ns¿É¼Çµî ¿©·¯ °¡Áö°¡ ÀÖ´Ù. µµ¸ÞÀÎÀÇ ¸ðµç Á¤º¸¸¦ ´Ù º¸°í ½Í´Ù¸é any¸¦ ÀÔ·ÂÇÏ¸é µÈ´Ù.
+Authoritative answer & Non-authoritative answer
|
|
³×ÀÓ¼¹ö´Â ÁúÀÇ¿¡ ´ëÇÑ °á°ú¸¦ ij½Ã¿¡ ÀúÀåÇÏ°í °°Àº ÁúÀÇ°¡ ¿ä±¸µÇ¾úÀ»½Ã ºü¸£°Ô ÀÀ´äÀ» ÇÑ´Ù. ij½ÃÀÇ ÀÚ·á´Â Resolving½Ã ¾òÀº TTL°ªÀÌ ¸¸·á µÇ±âÀü±îÁö À¯È¿ ÇÏ°í TTL°ª ¸¸·áÈÄ¿¡´Â ÆıâµÈ´Ù. µµ¸ÞÀÎ Resolving ¿äû½Ã ³×ÀÓ¼¹ö°¡ ij½¬ÀÇ ÀÚ·á·Î ÀÀ´ä ÇÒ °æ¿ì´Â Non-authoritative answerÀÌ°í, ij½¬¿¡ ÀÚ·á°¡ ¾ø°Å³ª, ÀÚ·áÀÇ TTLÀÌ ¸¸±âµÇ¾î ÇØ´ç µµ¸ÞÀÎÀÇ Primary ³×ÀÓ¼¹ö¿¡¼ Á÷Á¢ ÀڷḦ ¾ò¾î ´äº¯À» ÁÖ¾úÀ» °æ¿ì°¡ Authoritative answerÀÌ´Ù.
[root@localhost]# |
[root@localhost]# nslookup -sil
> server 168.126.63.1
> set type=a
> nasord.com
Server: 168.126.63.1
Address: 168.126.63.1#53
Non-authoritative answer:
Name: nasord.com
Address: 192.168.0.13
|
À§ÀÇ ¿¹Á¦¿¡¼´Â ij½Ã¿¡ ÀúÀåµÈ °ªÀ» ºÒ·¯¿Ô´Ù. ¸¸¾à ij½Ã¿¡ ¾ø´Ù¸é ÇØ´ç ³×ÀÓ¼¹ö·Î ÁúÀǸ¦ ÇÑµÚ °á°ú¸¦ ¾ò¾î ¿Ã °ÍÀÌ´Ù. ±×·³ Authoritative answer·Î ³ª¿À°Ô µÈ´Ù.
Bind 9¸¦ ¿î¿µÇÏ¸é¼ Á¢ÇÒ ¼ö ÀÖ´Â ¿¡·¯¿¡ ´ëÇØ ¾Ë¾Æº¸ÀÚ. ¸ÕÀú named.confÈÀÏÀÇ ±¸¹® ¿À·ù¸¦ üũÇØ º¼ ¼ö ÀÖ´Â named-checkconf¸í·É¾î¿¡ ´ëÇؼ ¾Ë¾Æº¸ÀÚ. ¸¸¾à named.confÈÀÏ¿¡ ±¸¹® ¿À·ù°¡ ¹ß»ýÇÑ´Ù¸é Bind 9ÀÇ µ¥¸óÀÌ ½ÇÇàÀÌ ¾ÈµÈ´Ù. ÀÌ·² °æ¿ì¸¦ ´ëºñÇؼnamed-checkconf¸¦ ÀÌ¿ëÇؼ named.confÈÀÏÀ» üũÇÏ´Â ½À°üÀ» ±â¸£µµ·Ï ÇÏÀÚ.
[root@localhost]# |
[root@localhost]# vi /etc/naemd.conf
zone "nasord.com" IN {
type master;a <-- ¿ÀŸ ÀÔ·Â
file "nasord.com.zone";
allow-update { key "rndc-key"; };
};
[root@localhost]# named-checkconf
/etc/named.conf:47: unknown option 'a'
|
À§¿Í °°ÀÌ ±¸¹® ¿À·ù°¡ ³ª´Â ºÎºÐÀÇ À§Ä¡¿Í ¿øÀÎÀÌ ÀÚ¼¼È÷ ³ª¿Â´Ù. º¸ÅëÀÇ °æ¿ì Bind 9ÀÇ ¿¡·¯´Â ¼ÒÀ¯±Ç°ú ÆÛ¹Ì¼Ç ¿¡·¯°¡ °ÅÀÇ ´ëºÎºÐÀÌ´Ù. Bind 9´Â named°èÁ¤À¸·Î ½ÇÇàÀÌ µÈ´Ù´Â °ÍÀ» ¸í½ÉÇضó. Bind 9°ü·Ã ÆÄÀÏÀº ÃÖÇÏ named°èÁ¤¿¡ ´ëÇؼ Àб⠱ÇÇÑÀÌ ÀÖ¾î¾ß µÈ´Ù. ¾Æ·¡ÀÇ ¿¹Á¦¸¦ º¸±â ¹Ù¶õ´Ù.
[root@localhost]# |
[root@localhost]# vi /var/log/message
named[184]: couldn't open pid file '/var/run/named.pid': Permission denied
|
PID»ý¼º ½ÇÆзΠ³ª¿À´Â ¿¡·¯ ¸Þ½ÃÁö ÀÌ´Ù. ¿¡·¯ ¸Þ½ÃÁöÀÇ ³»¿ëÀ» º¸¸é /var/run/named.pidÈÀÏÀ» »ý¼ºÇÏÁö ¸øÇؼ ¿¡·¯°¡ ³ª¿À°í ÀÖ´Ù. named°èÁ¤ÀÌ »ý¼ºÇÒ ¼ö ÀÖµµ·Ï ±ÇÇÑÀ» ºÎ¿© ÇÑ´Ù. ¾Æ´Ï¸é PIDÆú´õ¸¦ º¯°æÇØÁ൵ µÈ´Ù.
¾Æ·¡ÀÇ ¿¹Á¦´Â ÇØ´ç µµ¸ÞÀÎÀÇ zoneÈÀÏÀ» ãÁö ¸øÇؼ ³ª¿À´Â ¿¡·¯ÀÌ´Ù. ÇØ´ç µµ¸ÞÀÎÀÇ zoneÈÀÏÀ» »ý¼ºÇØ ÁÖ¸é µÈ´Ù.
[root@localhost]# |
[root@localhost]# vi /var/log/message
named[227]: zone nasord.com/IN: loading master file nasord.com.zone: file not found
|
¸¸¾à ±ÇÇÑÀÌ ¾ø´Ù¸é ¾Æ·¡¿Í °°Àº ¿¡·¯ ¸Þ½ÃÁö°¡ ³ª¿Â´Ù. ±ÇÇÑ ¿¡·¯ÀÇ °æ¿ì named°èÁ¤¿¡ °üÇØ Àб⠱ÇÇÑÀ» ÁÖ¸é µÈ´Ù.
[root@localhost]# |
[root@localhost]# vi /var/log/message
named[227]: zone nasord.com/IN: loading master file nasord.com.zone: permission denied
|
±âŸ ¿¡·¯¸Þ½ÃÁöµµ ·Î±×¸¦ º¸¸é ÇØ°áÇÒ ¼ö ÀÖ´Ù. µ¥¸óÀÌ ±¸µ¿ÀÌ ¾ÈµÈ´Ù´øÁö µµ¸ÞÀÎÀÌ ¼ÂÆÃÀÌ ¾ÈµÈ´Ù´ÂÁö ÇÒ ¶§´Â ¿¡·¯¸Þ½ÃÁö¸¦ Âü°íÇÏ¸é µÈ´Ù.
Bind 9¸¦ ÇÊÀڴ óÀ½ »ç¿ëÇØ ºÃ´Ù. ¹°·Ð Source¼³Ä¡µµ óÀ½ ÇغôÙ. ºÎÁ·ÇÑ ºÎºÐÀÌ ¸¹ÀÌ ÀÖ°í, °ÁÂÀÇ ÁøÇ൵ ¾î¼ö¼± ÇÏÁö¸¸ ³ª¸§´ë·Î ¿½ÉÈ÷ Á¤¸®¸¦ ÇغôÙ. °Á¸¦ ÀÛ¼ºÇϴµ¥ Àڱ׸¶Ä¡ ÀÏÁÖÀÏÀÌ °É·È´Ù. ÀÛ¼ºÇÏ¸é¼ ¸¹Àº ºÎºÐµéÀÌ ºüÁ³Áö¸¸, ºüÁø ºÎºÐÀº ³ª¸§´ë·Î ½Ã°£À» ³»¼ ´Ù½Ã Á¤¸®ÇÏ°Ú´Ù. °ÁÂÀÇ ³»¿ëÁß ¿ÀŸ¿Í Ʋ¸°ºÎºÐÀÌ ÀÖ´Ù¸é ¸ÞÀÏÀ̳ª °Ô½ÃÆÇÀ» ÀÌ¿ëÇϱ⠹ٶõ´Ù.
|