Bindの入れ替え
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
[[BIND9 20121215]]
最終更新 &lastmod;
----
#contents
----
*bind98 を bind99へ入れ替え [#fddab393]
2013-04-10 11:49:14
root@hotshot:/usr/ports/dns # cd bind98
root@hotshot:/usr/ports/dns/bind98 # make deinstall
===> Deinstalling for dns/bind98
===> Deinstalling bind98-9.8.4.2
root@hotshot:/usr/ports/dns/bind98 # portinstall dns/bin...
----
*OS同梱のbindをportsのものに入れ替える [#a598d102]
2013-03-14 08:19:57
http://www.yomaigoto.jp/archives/437
root@ns1:/root # named -v
BIND 9.8.3-P4
ports から最新のBIND をインストールする。このとき、make ...
なぜなら、freebsd-update を実行する度に BASE の BIND に戻...
root@ns1:/root # portinstall dns/bind99
オプションはデフォルトのまま
#ref(bind99_option.png)
********************************************************...
* _ _____ _____ _____ _ _ _____ ___ ___ _ ...
* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \...
* / _ \ | | | | | _| | \| | | | | | | | | ...
* / ___ \| | | | | |___| |\ | | | | | |_| | |...
* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_|...
* ...
* If you are running BIND 9 in a chroot environmen...
* sure that there is a /dev/random device in the c...
* ...
* BIND 9 also requires configuration of rndc, incl...
* "secret" key. The easiest, and most secure way ...
* rndc is to run 'rndc-confgen -a' to generate the...
* file, with a new random key, and appropriate fil...
* ...
* The /etc/rc.d/named script in the base will do b...
* ...
********************************************************...
===> Compressing manual pages for bind99-9.9.2.1
===> Registering installation for bind99-9.9.2.1
===> SECURITY REPORT:
This port has installed the following files which ...
servers and may therefore pose a remote security r...
/usr/local/sbin/named-journalprint
/usr/local/sbin/named
/usr/local/sbin/rndc-confgen
/usr/local/sbin/dnssec-verify
/usr/local/sbin/ddns-confgen
/usr/local/sbin/dnssec-dsfromkey
/usr/local/bin/host
/usr/local/sbin/nsec3hash
/usr/local/sbin/dnssec-signzone
/usr/local/bin/nsupdate
/usr/local/sbin/rndc
/usr/local/sbin/lwresd
/usr/local/bin/dig
/usr/local/sbin/dnssec-revoke
/usr/local/sbin/dnssec-keygen
/usr/local/sbin/named-checkzone
/usr/local/sbin/dnssec-keyfromlabel
/usr/local/sbin/named-checkconf
/usr/local/bin/nslookup
/usr/local/sbin/dnssec-settime
If there are vulnerabilities in these programs the...
risk to the system. FreeBSD makes no guarantee abo...
ports included in the Ports Collection. Please typ...
to deinstall the port if this is a concern.
For more information, and contact details about th...
status of this software, see the following webpage:
https://www.isc.org/software/bind
===> Cleaning for bind99-9.9.2.1
rndc.key を再生成する。
http://linux.kororo.jp/cont/server/bind_src.php
# /usr/local/sbin/rndc-confgen -a -b 512 -k rndckey
上記コマンドを実行したら、/etc/namedb/rndc.key というファ...
続いて、/etc/rc.conf に以下の一文を追加。
[/etc/rc.conf]
named_program="/usr/local/sbin/named"
# /usr/local/sbin/named -t /var/named -u bind
# ps ax | grep named
877 ?? Ss 0:02.38 /usr/sbin/syslogd -l /var/run/...
98235 ?? Ss 0:10.87 /usr/local/sbin/named -t /var/...
6680 0 S+ 0:00.00 grep named
*the working directory is not writable [#a4178455]
Mar 14 10:44:06 ns1 named[825]: starting BIND 9.9.2-P1 -...
Mar 14 10:44:06 ns1 named[825]: ------------------------...
Mar 14 10:44:06 ns1 named[825]: BIND 9 is maintained by ...
Mar 14 10:44:06 ns1 named[825]: Inc. (ISC), a non-profit...
Mar 14 10:44:06 ns1 named[825]: corporation. Support an...
Mar 14 10:44:06 ns1 named[825]: available at https://www...
Mar 14 10:44:06 ns1 named[825]: ------------------------...
Mar 14 10:44:07 ns1 named[825]: command channel listenin...
Mar 14 10:44:07 ns1 named[825]: the working directory is...
Mar 14 10:46:36 ns1 named[825]: the working directory is...
Mar 14 10:46:36 ns1 named[825]: all zones loaded
Mar 14 10:46:36 ns1 named[825]: running
Mar 14 11:00:48 ns1 named[825]: the working directory is...
Mar 14 11:00:49 ns1 named[825]: all zones loaded
Mar 14 11:00:49 ns1 named[825]: running
http://d.hatena.ne.jp/tama0905/20110729/1311934233
/etc/mtree/BIND.chroot.distの「/set type=dir uname=root g...
http://www.geocities.jp/yasasikukaitou/rndc2.html
***バージョンを見る [#ya82173d]
root@ns1:/root # named -v
BIND 9.8.3-P4
と、OSバンドルバージョンが表示される。
root@ns1:/root # rndc status
だと、portsで入れたバージョンが表示される。
WARNING: key file (/etc/namedb/rndc.key) exists, but usi...
version: 9.9.2-P1
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 39
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
*named.conf 構文チェック † [#o842f201]
BIND 9 で named.conf を変更した後などに、 設定に文法上の...
# named-checkconf
*ゾーンファイルのチェック [#kca782a0]
# named-checkzone [ ゾーン名 ] [ ゾーンファイル ]
*rndc reload するとWARNING! [#e68f1ff2]
https://lists.isc.org/pipermail/bind-users/2010-October/0...
root@ns1:/root # rndc reload
WARNING: key file (/etc/namedb/rndc.key) exists, but usi...
server reload successful
というWARNINGをいただきますた。
mv /var/named/etc/namedb/rndc.conf /var/named/etc/namedb...
で、消えました。
*could not listen on UDP socket: permission denied [#e287...
参考URL
[[BIND 9 のエラー対策(2):http://d.hatena.ne.jp/sillywalk7...
Apr 4 11:02:44 theseus kernel: Apr 4 11:02:44 theseus ...
Apr 4 11:02:44 theseus kernel: Apr 4 11:02:44 theseus ...
listen-on ステートメントは、複数の IP アドレスを持つホス...
アドレス範囲を指定するのは allow-query の方で、どの IP ア...
allow-query {
127.0.0.1;
192.168.X.0/24;
! 192.168.X.33;
};
*bind プロセスが2個起動する [#p8189568]
これが起こってて、エラーが延々でていた。(ーー;)
reboot すると/var/log/messages にbindを二回起動した記録が...
-r-xr-xr-x 1 root wheel 293 Mar 30 13:12 msgs
-r-xr-xr-x 1 root wheel 7569 Mar 30 13:12 named
-r-xr-xr-x 1 root wheel 3569 Mar 30 13:12 named-dist
-r-xr-xr-x 1 root wheel 780 Mar 30 13:12 natd
-r-xr-xr-x 1 root wheel 3891 Mar 30 13:12 netif
ってな具合に、念のためにとリネーム保存していたnamed-dist...
これを削除して、一見落着。
*[named]unexpected RCODE (REFUSED) resolving [#r66d5f6f]
Apr 5 11:38:10 theseus named[937]: error (unexpected RC...
Apr 5 11:38:10 theseus named[937]: error (unexpected RC...
named.ca に記載したホストのIPが有効でないという結果
*ルートゾーン最新化 [#k62b9cc8]
# dig . ns @128.63.2.53 > /etc/namedb/named.ca
*rndc による制御 [#w902e087]
[[rndc による制御:http://www.geocities.jp/yasasikukaitou/...
----
Total access &counter(total);:本日 &counter(today);:昨...
#counter([total|today|yesterday]);
終了行:
[[BIND9 20121215]]
最終更新 &lastmod;
----
#contents
----
*bind98 を bind99へ入れ替え [#fddab393]
2013-04-10 11:49:14
root@hotshot:/usr/ports/dns # cd bind98
root@hotshot:/usr/ports/dns/bind98 # make deinstall
===> Deinstalling for dns/bind98
===> Deinstalling bind98-9.8.4.2
root@hotshot:/usr/ports/dns/bind98 # portinstall dns/bin...
----
*OS同梱のbindをportsのものに入れ替える [#a598d102]
2013-03-14 08:19:57
http://www.yomaigoto.jp/archives/437
root@ns1:/root # named -v
BIND 9.8.3-P4
ports から最新のBIND をインストールする。このとき、make ...
なぜなら、freebsd-update を実行する度に BASE の BIND に戻...
root@ns1:/root # portinstall dns/bind99
オプションはデフォルトのまま
#ref(bind99_option.png)
********************************************************...
* _ _____ _____ _____ _ _ _____ ___ ___ _ ...
* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \...
* / _ \ | | | | | _| | \| | | | | | | | | ...
* / ___ \| | | | | |___| |\ | | | | | |_| | |...
* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_|...
* ...
* If you are running BIND 9 in a chroot environmen...
* sure that there is a /dev/random device in the c...
* ...
* BIND 9 also requires configuration of rndc, incl...
* "secret" key. The easiest, and most secure way ...
* rndc is to run 'rndc-confgen -a' to generate the...
* file, with a new random key, and appropriate fil...
* ...
* The /etc/rc.d/named script in the base will do b...
* ...
********************************************************...
===> Compressing manual pages for bind99-9.9.2.1
===> Registering installation for bind99-9.9.2.1
===> SECURITY REPORT:
This port has installed the following files which ...
servers and may therefore pose a remote security r...
/usr/local/sbin/named-journalprint
/usr/local/sbin/named
/usr/local/sbin/rndc-confgen
/usr/local/sbin/dnssec-verify
/usr/local/sbin/ddns-confgen
/usr/local/sbin/dnssec-dsfromkey
/usr/local/bin/host
/usr/local/sbin/nsec3hash
/usr/local/sbin/dnssec-signzone
/usr/local/bin/nsupdate
/usr/local/sbin/rndc
/usr/local/sbin/lwresd
/usr/local/bin/dig
/usr/local/sbin/dnssec-revoke
/usr/local/sbin/dnssec-keygen
/usr/local/sbin/named-checkzone
/usr/local/sbin/dnssec-keyfromlabel
/usr/local/sbin/named-checkconf
/usr/local/bin/nslookup
/usr/local/sbin/dnssec-settime
If there are vulnerabilities in these programs the...
risk to the system. FreeBSD makes no guarantee abo...
ports included in the Ports Collection. Please typ...
to deinstall the port if this is a concern.
For more information, and contact details about th...
status of this software, see the following webpage:
https://www.isc.org/software/bind
===> Cleaning for bind99-9.9.2.1
rndc.key を再生成する。
http://linux.kororo.jp/cont/server/bind_src.php
# /usr/local/sbin/rndc-confgen -a -b 512 -k rndckey
上記コマンドを実行したら、/etc/namedb/rndc.key というファ...
続いて、/etc/rc.conf に以下の一文を追加。
[/etc/rc.conf]
named_program="/usr/local/sbin/named"
# /usr/local/sbin/named -t /var/named -u bind
# ps ax | grep named
877 ?? Ss 0:02.38 /usr/sbin/syslogd -l /var/run/...
98235 ?? Ss 0:10.87 /usr/local/sbin/named -t /var/...
6680 0 S+ 0:00.00 grep named
*the working directory is not writable [#a4178455]
Mar 14 10:44:06 ns1 named[825]: starting BIND 9.9.2-P1 -...
Mar 14 10:44:06 ns1 named[825]: ------------------------...
Mar 14 10:44:06 ns1 named[825]: BIND 9 is maintained by ...
Mar 14 10:44:06 ns1 named[825]: Inc. (ISC), a non-profit...
Mar 14 10:44:06 ns1 named[825]: corporation. Support an...
Mar 14 10:44:06 ns1 named[825]: available at https://www...
Mar 14 10:44:06 ns1 named[825]: ------------------------...
Mar 14 10:44:07 ns1 named[825]: command channel listenin...
Mar 14 10:44:07 ns1 named[825]: the working directory is...
Mar 14 10:46:36 ns1 named[825]: the working directory is...
Mar 14 10:46:36 ns1 named[825]: all zones loaded
Mar 14 10:46:36 ns1 named[825]: running
Mar 14 11:00:48 ns1 named[825]: the working directory is...
Mar 14 11:00:49 ns1 named[825]: all zones loaded
Mar 14 11:00:49 ns1 named[825]: running
http://d.hatena.ne.jp/tama0905/20110729/1311934233
/etc/mtree/BIND.chroot.distの「/set type=dir uname=root g...
http://www.geocities.jp/yasasikukaitou/rndc2.html
***バージョンを見る [#ya82173d]
root@ns1:/root # named -v
BIND 9.8.3-P4
と、OSバンドルバージョンが表示される。
root@ns1:/root # rndc status
だと、portsで入れたバージョンが表示される。
WARNING: key file (/etc/namedb/rndc.key) exists, but usi...
version: 9.9.2-P1
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 39
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
*named.conf 構文チェック † [#o842f201]
BIND 9 で named.conf を変更した後などに、 設定に文法上の...
# named-checkconf
*ゾーンファイルのチェック [#kca782a0]
# named-checkzone [ ゾーン名 ] [ ゾーンファイル ]
*rndc reload するとWARNING! [#e68f1ff2]
https://lists.isc.org/pipermail/bind-users/2010-October/0...
root@ns1:/root # rndc reload
WARNING: key file (/etc/namedb/rndc.key) exists, but usi...
server reload successful
というWARNINGをいただきますた。
mv /var/named/etc/namedb/rndc.conf /var/named/etc/namedb...
で、消えました。
*could not listen on UDP socket: permission denied [#e287...
参考URL
[[BIND 9 のエラー対策(2):http://d.hatena.ne.jp/sillywalk7...
Apr 4 11:02:44 theseus kernel: Apr 4 11:02:44 theseus ...
Apr 4 11:02:44 theseus kernel: Apr 4 11:02:44 theseus ...
listen-on ステートメントは、複数の IP アドレスを持つホス...
アドレス範囲を指定するのは allow-query の方で、どの IP ア...
allow-query {
127.0.0.1;
192.168.X.0/24;
! 192.168.X.33;
};
*bind プロセスが2個起動する [#p8189568]
これが起こってて、エラーが延々でていた。(ーー;)
reboot すると/var/log/messages にbindを二回起動した記録が...
-r-xr-xr-x 1 root wheel 293 Mar 30 13:12 msgs
-r-xr-xr-x 1 root wheel 7569 Mar 30 13:12 named
-r-xr-xr-x 1 root wheel 3569 Mar 30 13:12 named-dist
-r-xr-xr-x 1 root wheel 780 Mar 30 13:12 natd
-r-xr-xr-x 1 root wheel 3891 Mar 30 13:12 netif
ってな具合に、念のためにとリネーム保存していたnamed-dist...
これを削除して、一見落着。
*[named]unexpected RCODE (REFUSED) resolving [#r66d5f6f]
Apr 5 11:38:10 theseus named[937]: error (unexpected RC...
Apr 5 11:38:10 theseus named[937]: error (unexpected RC...
named.ca に記載したホストのIPが有効でないという結果
*ルートゾーン最新化 [#k62b9cc8]
# dig . ns @128.63.2.53 > /etc/namedb/named.ca
*rndc による制御 [#w902e087]
[[rndc による制御:http://www.geocities.jp/yasasikukaitou/...
----
Total access &counter(total);:本日 &counter(today);:昨...
#counter([total|today|yesterday]);
ページ名:
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
