AIX 5.2 DNS setting
2010.05.11 10:58
원문 : http://www.ischo.net -- 조인상 // 시스템 엔지니어
Writer : http://www.ischo.net -- ischo // System Engineer in Replubic Of Korea
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
AIX 5.2 DNS setting
1. bind 는 OS 인스톨 되면서 설치가 되어 진다
확인
[root@p615 /usr/sbin]# ls -al named*
lrwxrwxrwx 1 root system 16 Dec 12 21:41 named -> /usr/sbin/named9
lrwxrwxrwx 1 root system 21 Oct 8 01:45 named-xfer -> /usr/sbin/named4-xfer
-r-sr-xr-- 1 root system 330978 Jul 9 22:19 named4
-r-xr-xr-- 1 root system 32378 Jul 9 22:19 named4-xfer
-r-sr-xr-- 1 root system 648318 Jul 10 03:15 named8
-r-xr-xr-- 1 root system 189512 Jul 10 03:15 named8-xfer
-r-sr-xr-- 1 root system 480354 Jul 9 22:22 named9
위처럼 보이면 bind 4 8 9 모두가 설치가 된것이다.
그래서 위에 named 명령어가 처음에는 namd4에 링크가 되어 있는데 이것을 사용할
dameon 으로 링크를 시켜주면 된다.
[root@p615 /usr/sbin]# ln -s /usr/sbin/named9 /usr/sbin/named
2. rndc-key값 설정
bind 9을 사용하기 위해서는 rndc-key값을 설정을 해줘야 하는데
모든 명령어는 /usr/sbin에 있다 아래 순서처럼 하나씩 설정해 주면 된다.
[root@p615 /usr/sbin]# ./rndc-confgen > /etc/rndc.conf
[root@p615 /usr/sbin]# ./dnssec-keygen -a hmac-md5 -b 128 -n HOST kjulove
Kkjulove.+157+49844
[root@p615 /usr/sbin]# ls *kju*
Kkjulove.+157+49844.key Kkjulove.+157+49844.private
[root@p615 /usr/sbin]# cat Kkjulove.+157+49844.key
kjulove. IN KEY 512 3 157 FXFrGhw8/U4BP8lCjyzJUg==
FXFrGhw8/U4BP8lCjyzJUg== 이 값을 /etc/rdnc.conf 입력을 해주면 된다.
3. 설정 파일 생성
vi /etc/named.conf
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
include "/etc/rndc.key";
zone "aprosystem.org" IN {
type master;
file "aprosystem.zone";
allow-update { none; };
};
zone "255.34.61.in-addr.arpa" IN {
type master;
file "aprosystem.zone.rev";
allow-update { none; };
};
vi /var/named/aprosystem.zone
$TTL 10M
@ IN SOA aprosystem.org. root.aprosystem.org. (
2004101801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS aprosystem.org.
IN MX 10 mail.aprosystem.org.
aprosystem.org. IN A 61.34.255.81
ns IN A 61.34.255.81
www IN A 61.34.255.81
mail IN A 61.34.255.81
vi aprosystem.zone.rev
$TTL 10M
@ IN SOA aprosystem.org. root.aprosystem.org. (
2004101801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS aprosystem.org.
81 IN PTR aprosystem.org.
81 IN PTR ns.aprosystem.org.
81 IN PTR www.aprosystem.org.
81 IN PTR mail.aprosystem.org.
vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
그리고 마지막으로
vi named.ca
[root@p615 /var/named]# cat named.ca
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
;
; last update: Nov 5, 2002
; related version of root zone: 2002110501
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by IANA
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
4. 데몬 start stop
startsrc -s namd
stopsrc -s named
5. 로그보기
syslog 설정
/etc/syslog.conf *.notic /var/spool/syslog
stopsrc -s syslogd
startsrc -s syslogd
6. 시스템 시작시 named 데몬 실행
스크립트를 만든후
vi dns.start ( /script/dns.start)
startsrc -s named
chmod 755 /scriptdns.start
/etc/inittab 파일에
myscript:2:wait:/script/dns.start > /dev/console 2>&1
또는
vi /etc/rc.tcpip
# Start up Domain Name daemon
#start /usr/sbin/named "$src_running"
위에 항목 #을 제거해 준다.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
AIX 5.2 DNS setting
1. bind 는 OS 인스톨 되면서 설치가 되어 진다
확인
[root@p615 /usr/sbin]# ls -al named*
lrwxrwxrwx 1 root system 16 Dec 12 21:41 named -> /usr/sbin/named9
lrwxrwxrwx 1 root system 21 Oct 8 01:45 named-xfer -> /usr/sbin/named4-xfer
-r-sr-xr-- 1 root system 330978 Jul 9 22:19 named4
-r-xr-xr-- 1 root system 32378 Jul 9 22:19 named4-xfer
-r-sr-xr-- 1 root system 648318 Jul 10 03:15 named8
-r-xr-xr-- 1 root system 189512 Jul 10 03:15 named8-xfer
-r-sr-xr-- 1 root system 480354 Jul 9 22:22 named9
위처럼 보이면 bind 4 8 9 모두가 설치가 된것이다.
그래서 위에 named 명령어가 처음에는 namd4에 링크가 되어 있는데 이것을 사용할
dameon 으로 링크를 시켜주면 된다.
[root@p615 /usr/sbin]# ln -s /usr/sbin/named9 /usr/sbin/named
2. rndc-key값 설정
bind 9을 사용하기 위해서는 rndc-key값을 설정을 해줘야 하는데
모든 명령어는 /usr/sbin에 있다 아래 순서처럼 하나씩 설정해 주면 된다.
[root@p615 /usr/sbin]# ./rndc-confgen > /etc/rndc.conf
[root@p615 /usr/sbin]# ./dnssec-keygen -a hmac-md5 -b 128 -n HOST kjulove
Kkjulove.+157+49844
[root@p615 /usr/sbin]# ls *kju*
Kkjulove.+157+49844.key Kkjulove.+157+49844.private
[root@p615 /usr/sbin]# cat Kkjulove.+157+49844.key
kjulove. IN KEY 512 3 157 FXFrGhw8/U4BP8lCjyzJUg==
FXFrGhw8/U4BP8lCjyzJUg== 이 값을 /etc/rdnc.conf 입력을 해주면 된다.
3. 설정 파일 생성
vi /etc/named.conf
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
include "/etc/rndc.key";
zone "aprosystem.org" IN {
type master;
file "aprosystem.zone";
allow-update { none; };
};
zone "255.34.61.in-addr.arpa" IN {
type master;
file "aprosystem.zone.rev";
allow-update { none; };
};
vi /var/named/aprosystem.zone
$TTL 10M
@ IN SOA aprosystem.org. root.aprosystem.org. (
2004101801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS aprosystem.org.
IN MX 10 mail.aprosystem.org.
aprosystem.org. IN A 61.34.255.81
ns IN A 61.34.255.81
www IN A 61.34.255.81
mail IN A 61.34.255.81
vi aprosystem.zone.rev
$TTL 10M
@ IN SOA aprosystem.org. root.aprosystem.org. (
2004101801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS aprosystem.org.
81 IN PTR aprosystem.org.
81 IN PTR ns.aprosystem.org.
81 IN PTR www.aprosystem.org.
81 IN PTR mail.aprosystem.org.
vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
그리고 마지막으로
vi named.ca
[root@p615 /var/named]# cat named.ca
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
;
; last update: Nov 5, 2002
; related version of root zone: 2002110501
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by IANA
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
4. 데몬 start stop
startsrc -s namd
stopsrc -s named
5. 로그보기
syslog 설정
/etc/syslog.conf *.notic /var/spool/syslog
stopsrc -s syslogd
startsrc -s syslogd
6. 시스템 시작시 named 데몬 실행
스크립트를 만든후
vi dns.start ( /script/dns.start)
startsrc -s named
chmod 755 /scriptdns.start
/etc/inittab 파일에
myscript:2:wait:/script/dns.start > /dev/console 2>&1
또는
vi /etc/rc.tcpip
# Start up Domain Name daemon
#start /usr/sbin/named "$src_running"
위에 항목 #을 제거해 준다.