BIND 0
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
|[[FrontPage]]|[[BIND 1]]|[[BIND 2]]|[[BIND 3]]|
#contents
DNSの入れ替えを企むので、もう一度BND9のおさらい
*bind9 を最新のモノに入れ替える [#n2b8599b]
#portinstall dns/bind9
%%portでBIND9をインストールすると、もともと有った/etc/nam...
&ref(bind.png);オプション指定で、もともとのBINDを入れ替え...
いきなりエラー!?
make: don't know how to make /usr/ports/dns/bind9/work/....
*** Error code 2
Stop in /usr/ports/dns/bind9.
** Command failed [exit code 1]: /usr/bin/script -qa /tm...
** Fix the problem and try again.
** Listing the failed packages (-:ignored / *:skipped / ...
! dns/bind9 (unknown build error)
やりなお~し
flora# cd /usr/ports/dns/bind9
flora# make install
===> Found saved configuration for bind9-9.3.6.1.1
=> bind-9.3.6-P1.tar.gz doesn't seem to exist in /usr/po...
=> Attempting to fetch from ftp://ftp.isc.org/isc/bind9/...
bind-9.3.6-P1.tar.gz 5% of 55...
********************************************************...
* _ _____ _____ _____ _ _ _____ ___ ___ _ ...
* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \...
* / _ \ | | | | | _| | \| | | | | | | | | ...
* / ___ \| | | | | |___| |\ | | | | | |_| | |...
* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_|...
* ...
* If you are running BIND 9 in a chroot environmen...
* sure that there is a /dev/random device in the c...
* ...
* BIND 9 also requires configuration of rndc, incl...
* "secret" key. The easiest, and most secure way ...
* rndc is to run 'rndc-confgen -a' to generate the...
* file, with a new random key, and appropriate fil...
* ...
* The /etc/rc.d/named script in the base will do b...
* ...
********************************************************...
* ...
* Please note: BIND 9.3.6 has been classified as "...
* as of 1 December 2008 by the ISC. The port will...
* through the lifetime of the RELENG_6 branch, cur...
* scheduled to be supported through 30 November 20...
* ...
********************************************************...
===> Compressing manual pages for bind9-base-9.3.6.1.1
===> Registering installation for bind9-base-9.3.6.1.1
===> SECURITY REPORT:
This port has installed the following files which ...
servers and may therefore pose a remote security r...
/usr/sbin/rndc-confgen
/usr/sbin/named-checkconf
/usr/sbin/dnssec-keygen
/usr/sbin/rndc
/usr/sbin/lwresd
/usr/bin/nsupdate
/usr/bin/dig
/usr/sbin/named
/usr/bin/host
/usr/sbin/dnssec-signzone
/usr/bin/nslookup
/usr/sbin/named-checkzone
If there are vulnerabilities in these programs the...
risk to the system. FreeBSD makes no guarantee abo...
ports included in the Ports Collection. Please typ...
to deinstall the port if this is a concern.
For more information, and contact details about th...
status of this software, see the following webpage:
https://www.isc.org/software/bind
でアップグレード完了。でも、936は本年までの寿命?なんだと...
既にBindは稼働中なので、以下は、
# cd /etc/namedb/
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
設定済みで、keyは作り直し
Feb 17 07:50:24 flora named[621]: starting BIND 9.3.6-P1...
Feb 17 07:50:24 flora named[621]: using up to 4096 sockets
Feb 17 07:50:24 flora named[621]: loading configuration ...
Feb 17 07:50:24 flora named[621]: /etc/namedb/named.conf...
Feb 17 07:50:24 flora kernel: Feb 17 07:50:24 flora name...
Feb 17 07:50:24 flora named[621]: loading configuration:...
Feb 17 07:50:24 flora kernel: Feb 17 07:50:24 flora name...
Feb 17 07:50:24 flora named[621]: exiting (due to fatal ...
Feb 17 07:50:24 flora kernel: Feb 17 07:50:24 flora name...
仰せの通りファイルを編集してreboot
Feb 17 08:05:33 flora named[619]: starting BIND 9.3.6-P1...
Feb 17 08:05:33 flora named[619]: using up to 4096 sockets
Feb 17 08:05:33 flora named[619]: loading configuration ...
Feb 17 08:05:34 flora named[619]: max open files (3405) ...
Feb 17 08:05:34 flora named[619]: using default UDP/IPv4...
Feb 17 08:05:34 flora named[619]: using default UDP/IPv6...
Feb 17 08:05:34 flora named[619]: listening on IPv4 inte...
Feb 17 08:05:34 flora named[619]: listening on IPv4 inte...
Feb 17 08:05:34 flora named[619]: command channel listen...
Feb 17 08:05:34 flora named[619]: the working directory ...
Feb 17 08:05:34 flora kernel: Feb 17 08:05:34 flora name...
Feb 17 08:05:34 flora named[619]: zone 0.0.127.in-addr.a...
Feb 17 08:05:34 flora named[619]: zone 144.228.44.218.in...
Feb 17 08:05:34 flora named[619]: zone kuji-clinic.info/...
Feb 17 08:05:34 flora named[619]: zone thousand-winds.jp...
Feb 17 08:05:34 flora named[619]: zone localhost/IN: loa...
Feb 17 08:05:34 flora named[619]: running
Feb 17 08:05:34 flora named[619]: zone 144.228.44.218.in...
Feb 17 08:05:34 flora named[619]: zone kuji-clinic.info/...
Feb 17 08:05:34 flora named[619]: zone thousand-winds.jp...
Feb 17 08:05:34 flora kernel: Setting date via ntp.
Feb 17 08:05:34 flora named[619]: host unreachable resol...
Feb 17 08:05:34 flora named[619]: host unreachable resol...
Feb 17 08:05:34 flora named[619]: host unreachable resol...
***rndc設定 [#x29b7bac]
# mv /etc/namedb/named.conf /etc/namedb/named.conf.org
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
# cat /etc/namedb/rndc.key >> /etc/namedb/named.conf 書...
# rm /etc/namedb/rndc.key してない
# vi /etc/namedb/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓すでにあるオプション行に追加
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Server 127.0.0.1 {
key "rndc-key";
};
# chmod 400 /etc/namedb/rndc.conf
# chmod 600 /etc/namedb/named.conf
# chown bind:wheel /etc/namedb/named.conf
***named.conf編集 [#ccacfdb2]
# vi /etc/namedb/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys...
};
options {
version "unknown";
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on-v6 { none; };
listen-on { localhost; localnets; };
allow-query { localhost; localnets; };
allow-recursion { localhost; localnets; };
allow-transfer { localhost; localnets; };
forwarders { xxx.xxx.xxx.xx1; xxx.xxx.xxx.xx2; };
};
view "internal"{
match-clients { localnets; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa";
};
zone "3.168.192.in-addr.arpa" {
type master;
file "3.168.192.in-addr.arpa";
};
zone "freebsd.orz" {
type master;
file "freebsd.orz.local";
};
};
※黄色い部分は環境に合わせて変更してください。~
※xxx.xxx.xxx.xx1 はプロバイダのプライマリDNSサーバーのIP...
※xxx.xxx.xxx.xx2 はプロバイダのセカンダリDNSサーバーのIP...
***named.conf編集 (固定IPの場合) [#h1028d28]
# vi /etc/namedb/named.conf
↓最終行に下記を記入
view "external"{
match-clients { any; };
recursion no;
zone "freebsd.orz" {
type master;
file "freebsd.orz.zone";
allow-transfer { yyy.yyy.yyy.yyy; };
};
};
※黄色い部分は環境に合わせて変更してください~
※yyy.yyy.yyy.yyy はセカンダリDNSサーバーのIPアドレスです。
***localhost逆引き [#ubfa6c88]
# vi /etc/namedb/0.0.127.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
1 IN PTR localhost.
※黄色い部分は環境に合わせて変更してください。
***内部正引き [#dfc20194]
# vi /etc/namedb/freebsd.orz.local
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
IN MX 10 mail.freebsd.orz.
@ IN A 192.168.3.10
* IN A 192.168.3.10
mail IN A 192.168.3.10
***内部逆引き [#ia4bef52]
# vi /etc/namedb/3.168.192.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS freebsd.orz.
10 IN PTR freebsd.orz.
***外部正引き (固定IPの場合) [#dc32c08e]
# vi /etc/namedb/freebsd.orz.zone
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
IN MX 10 mail.freebsd.orz.
@ IN A zzz.zzz.zzz.zzz
* IN A zzz.zzz.zzz.zzz
mail IN A zzz.zzz.zzz.zzz
freebsd.orz. IN TXT "v=spf1 a mx ~all"
***ルートゾーン最新化 [#gebedcee]
# dig . ns @128.63.2.53 > /etc/namedb/named.ca
***resolv.conf編集 [#k39434c2]
# echo 'nameserver 127.0.0.1' > /etc/resolv.conf
***BIND起動 [#o6fb6ff3]
# vi /etc/rc.conf
named_enable="YES" ←追加(named起動)
# /etc/rc.d/named start
**Bind [#f989fb97]
Oct 8 07:05:37 vaio_ns1 kernel: Oct 8 07:05:37 vaio_ns...
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or direct...
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or direct...
vaio_ns1# mkdir /var/log/named
vaio_ns1# chown bind:bind /var/log/named
http://hazyinfo.net/wiki/index.php?FreeBSD%2FBIND9
http://www.kishiro.com/FreeBSD/bind.html
http://freebsd.server-manual.com/bind.html
https://www.dns-oarc.net/oarc/services/dnsentropy
----
#counter([total|today|yesterday]);
&lastmod;
----
終了行:
|[[FrontPage]]|[[BIND 1]]|[[BIND 2]]|[[BIND 3]]|
#contents
DNSの入れ替えを企むので、もう一度BND9のおさらい
*bind9 を最新のモノに入れ替える [#n2b8599b]
#portinstall dns/bind9
%%portでBIND9をインストールすると、もともと有った/etc/nam...
&ref(bind.png);オプション指定で、もともとのBINDを入れ替え...
いきなりエラー!?
make: don't know how to make /usr/ports/dns/bind9/work/....
*** Error code 2
Stop in /usr/ports/dns/bind9.
** Command failed [exit code 1]: /usr/bin/script -qa /tm...
** Fix the problem and try again.
** Listing the failed packages (-:ignored / *:skipped / ...
! dns/bind9 (unknown build error)
やりなお~し
flora# cd /usr/ports/dns/bind9
flora# make install
===> Found saved configuration for bind9-9.3.6.1.1
=> bind-9.3.6-P1.tar.gz doesn't seem to exist in /usr/po...
=> Attempting to fetch from ftp://ftp.isc.org/isc/bind9/...
bind-9.3.6-P1.tar.gz 5% of 55...
********************************************************...
* _ _____ _____ _____ _ _ _____ ___ ___ _ ...
* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \...
* / _ \ | | | | | _| | \| | | | | | | | | ...
* / ___ \| | | | | |___| |\ | | | | | |_| | |...
* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_|...
* ...
* If you are running BIND 9 in a chroot environmen...
* sure that there is a /dev/random device in the c...
* ...
* BIND 9 also requires configuration of rndc, incl...
* "secret" key. The easiest, and most secure way ...
* rndc is to run 'rndc-confgen -a' to generate the...
* file, with a new random key, and appropriate fil...
* ...
* The /etc/rc.d/named script in the base will do b...
* ...
********************************************************...
* ...
* Please note: BIND 9.3.6 has been classified as "...
* as of 1 December 2008 by the ISC. The port will...
* through the lifetime of the RELENG_6 branch, cur...
* scheduled to be supported through 30 November 20...
* ...
********************************************************...
===> Compressing manual pages for bind9-base-9.3.6.1.1
===> Registering installation for bind9-base-9.3.6.1.1
===> SECURITY REPORT:
This port has installed the following files which ...
servers and may therefore pose a remote security r...
/usr/sbin/rndc-confgen
/usr/sbin/named-checkconf
/usr/sbin/dnssec-keygen
/usr/sbin/rndc
/usr/sbin/lwresd
/usr/bin/nsupdate
/usr/bin/dig
/usr/sbin/named
/usr/bin/host
/usr/sbin/dnssec-signzone
/usr/bin/nslookup
/usr/sbin/named-checkzone
If there are vulnerabilities in these programs the...
risk to the system. FreeBSD makes no guarantee abo...
ports included in the Ports Collection. Please typ...
to deinstall the port if this is a concern.
For more information, and contact details about th...
status of this software, see the following webpage:
https://www.isc.org/software/bind
でアップグレード完了。でも、936は本年までの寿命?なんだと...
既にBindは稼働中なので、以下は、
# cd /etc/namedb/
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
設定済みで、keyは作り直し
Feb 17 07:50:24 flora named[621]: starting BIND 9.3.6-P1...
Feb 17 07:50:24 flora named[621]: using up to 4096 sockets
Feb 17 07:50:24 flora named[621]: loading configuration ...
Feb 17 07:50:24 flora named[621]: /etc/namedb/named.conf...
Feb 17 07:50:24 flora kernel: Feb 17 07:50:24 flora name...
Feb 17 07:50:24 flora named[621]: loading configuration:...
Feb 17 07:50:24 flora kernel: Feb 17 07:50:24 flora name...
Feb 17 07:50:24 flora named[621]: exiting (due to fatal ...
Feb 17 07:50:24 flora kernel: Feb 17 07:50:24 flora name...
仰せの通りファイルを編集してreboot
Feb 17 08:05:33 flora named[619]: starting BIND 9.3.6-P1...
Feb 17 08:05:33 flora named[619]: using up to 4096 sockets
Feb 17 08:05:33 flora named[619]: loading configuration ...
Feb 17 08:05:34 flora named[619]: max open files (3405) ...
Feb 17 08:05:34 flora named[619]: using default UDP/IPv4...
Feb 17 08:05:34 flora named[619]: using default UDP/IPv6...
Feb 17 08:05:34 flora named[619]: listening on IPv4 inte...
Feb 17 08:05:34 flora named[619]: listening on IPv4 inte...
Feb 17 08:05:34 flora named[619]: command channel listen...
Feb 17 08:05:34 flora named[619]: the working directory ...
Feb 17 08:05:34 flora kernel: Feb 17 08:05:34 flora name...
Feb 17 08:05:34 flora named[619]: zone 0.0.127.in-addr.a...
Feb 17 08:05:34 flora named[619]: zone 144.228.44.218.in...
Feb 17 08:05:34 flora named[619]: zone kuji-clinic.info/...
Feb 17 08:05:34 flora named[619]: zone thousand-winds.jp...
Feb 17 08:05:34 flora named[619]: zone localhost/IN: loa...
Feb 17 08:05:34 flora named[619]: running
Feb 17 08:05:34 flora named[619]: zone 144.228.44.218.in...
Feb 17 08:05:34 flora named[619]: zone kuji-clinic.info/...
Feb 17 08:05:34 flora named[619]: zone thousand-winds.jp...
Feb 17 08:05:34 flora kernel: Setting date via ntp.
Feb 17 08:05:34 flora named[619]: host unreachable resol...
Feb 17 08:05:34 flora named[619]: host unreachable resol...
Feb 17 08:05:34 flora named[619]: host unreachable resol...
***rndc設定 [#x29b7bac]
# mv /etc/namedb/named.conf /etc/namedb/named.conf.org
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
# cat /etc/namedb/rndc.key >> /etc/namedb/named.conf 書...
# rm /etc/namedb/rndc.key してない
# vi /etc/namedb/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓すでにあるオプション行に追加
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Server 127.0.0.1 {
key "rndc-key";
};
# chmod 400 /etc/namedb/rndc.conf
# chmod 600 /etc/namedb/named.conf
# chown bind:wheel /etc/namedb/named.conf
***named.conf編集 [#ccacfdb2]
# vi /etc/namedb/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys...
};
options {
version "unknown";
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on-v6 { none; };
listen-on { localhost; localnets; };
allow-query { localhost; localnets; };
allow-recursion { localhost; localnets; };
allow-transfer { localhost; localnets; };
forwarders { xxx.xxx.xxx.xx1; xxx.xxx.xxx.xx2; };
};
view "internal"{
match-clients { localnets; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa";
};
zone "3.168.192.in-addr.arpa" {
type master;
file "3.168.192.in-addr.arpa";
};
zone "freebsd.orz" {
type master;
file "freebsd.orz.local";
};
};
※黄色い部分は環境に合わせて変更してください。~
※xxx.xxx.xxx.xx1 はプロバイダのプライマリDNSサーバーのIP...
※xxx.xxx.xxx.xx2 はプロバイダのセカンダリDNSサーバーのIP...
***named.conf編集 (固定IPの場合) [#h1028d28]
# vi /etc/namedb/named.conf
↓最終行に下記を記入
view "external"{
match-clients { any; };
recursion no;
zone "freebsd.orz" {
type master;
file "freebsd.orz.zone";
allow-transfer { yyy.yyy.yyy.yyy; };
};
};
※黄色い部分は環境に合わせて変更してください~
※yyy.yyy.yyy.yyy はセカンダリDNSサーバーのIPアドレスです。
***localhost逆引き [#ubfa6c88]
# vi /etc/namedb/0.0.127.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
1 IN PTR localhost.
※黄色い部分は環境に合わせて変更してください。
***内部正引き [#dfc20194]
# vi /etc/namedb/freebsd.orz.local
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
IN MX 10 mail.freebsd.orz.
@ IN A 192.168.3.10
* IN A 192.168.3.10
mail IN A 192.168.3.10
***内部逆引き [#ia4bef52]
# vi /etc/namedb/3.168.192.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS freebsd.orz.
10 IN PTR freebsd.orz.
***外部正引き (固定IPの場合) [#dc32c08e]
# vi /etc/namedb/freebsd.orz.zone
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
IN MX 10 mail.freebsd.orz.
@ IN A zzz.zzz.zzz.zzz
* IN A zzz.zzz.zzz.zzz
mail IN A zzz.zzz.zzz.zzz
freebsd.orz. IN TXT "v=spf1 a mx ~all"
***ルートゾーン最新化 [#gebedcee]
# dig . ns @128.63.2.53 > /etc/namedb/named.ca
***resolv.conf編集 [#k39434c2]
# echo 'nameserver 127.0.0.1' > /etc/resolv.conf
***BIND起動 [#o6fb6ff3]
# vi /etc/rc.conf
named_enable="YES" ←追加(named起動)
# /etc/rc.d/named start
**Bind [#f989fb97]
Oct 8 07:05:37 vaio_ns1 kernel: Oct 8 07:05:37 vaio_ns...
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or direct...
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or direct...
vaio_ns1# mkdir /var/log/named
vaio_ns1# chown bind:bind /var/log/named
http://hazyinfo.net/wiki/index.php?FreeBSD%2FBIND9
http://www.kishiro.com/FreeBSD/bind.html
http://freebsd.server-manual.com/bind.html
https://www.dns-oarc.net/oarc/services/dnsentropy
----
#counter([total|today|yesterday]);
&lastmod;
----
ページ名:
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
