- 追加された行はこの色です。
- 削除された行はこの色です。
#freeze
|[[FrontPage]]|[[BIND 1]]|[[BIND 2]]|[[BIND 3]]|
#contents
*bind9-9.3.5.2 [#g5d1f945]
DNSの入れ替えを企むので、もう一度BND9のおさらい
*bind9 を最新のモノに入れ替える [#n2b8599b]
#portinstall dns/bind9
%%portでBIND9をインストールすると、もともと有った/etc/namedb -> /var/named/etc/namedb へのリンクが無くなる場合がります。%%
&ref(BIND9_Conf.gif);オプション指定で、もともとのBINDを入れ替えることにする。
#clear
&ref(bind.png);オプション指定で、もともとのBINDを入れ替えることにする。
いきなりエラー!?
make: don't know how to make /usr/ports/dns/bind9/work/.build_done.bind9._usr_local. Stop
*** Error code 2
Stop in /usr/ports/dns/bind9.
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portinstall20100217-64536-10phvg0-0 env make
** Fix the problem and try again.
** Listing the failed packages (-:ignored / *:skipped / !:failed)
! dns/bind9 (unknown build error)
やりなお~し
flora# cd /usr/ports/dns/bind9
flora# make install
===> Found saved configuration for bind9-9.3.6.1.1
=> bind-9.3.6-P1.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from ftp://ftp.isc.org/isc/bind9/9.3.6-P1/.
bind-9.3.6-P1.tar.gz 5% of 5583 kB 6085 Bps 14m45s
*************************************************************************
* _ _____ _____ _____ _ _ _____ ___ ___ _ _ *
* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | *
* / _ \ | | | | | _| | \| | | | | | | | | \| | *
* / ___ \| | | | | |___| |\ | | | | | |_| | |\ | *
* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| *
* *
* If you are running BIND 9 in a chroot environment, make *
* sure that there is a /dev/random device in the chroot. *
* *
* BIND 9 also requires configuration of rndc, including a *
* "secret" key. The easiest, and most secure way to configure *
* rndc is to run 'rndc-confgen -a' to generate the proper conf *
* file, with a new random key, and appropriate file permissions. *
* *
* The /etc/rc.d/named script in the base will do both for you. *
* *
===> Compressing manual pages for bind9-9.3.5.2
===> Registering installation for bind9-9.3.5.2
*************************************************************************
* *
* Please note: BIND 9.3.6 has been classified as "End of Life" *
* as of 1 December 2008 by the ISC. The port will be supported *
* through the lifetime of the RELENG_6 branch, currently *
* scheduled to be supported through 30 November 2010. *
* *
*************************************************************************
===> Compressing manual pages for bind9-base-9.3.6.1.1
===> Registering installation for bind9-base-9.3.6.1.1
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/named
/usr/local/sbin/rndc-confgen
/usr/local/bin/host
/usr/local/sbin/dnssec-signzone
/usr/local/bin/nsupdate
/usr/local/sbin/rndc
/usr/local/sbin/lwresd
/usr/local/bin/dig
/usr/local/sbin/dnssec-keygen
/usr/local/sbin/named-checkzone
/usr/local/sbin/named-checkconf
/usr/local/bin/nslookup
/usr/sbin/rndc-confgen
/usr/sbin/named-checkconf
/usr/sbin/dnssec-keygen
/usr/sbin/rndc
/usr/sbin/lwresd
/usr/bin/nsupdate
/usr/bin/dig
/usr/sbin/named
/usr/bin/host
/usr/sbin/dnssec-signzone
/usr/bin/nslookup
/usr/sbin/named-checkzone
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
https://www.isc.org/software/bind
でアップグレード完了。でも、936は本年までの寿命?なんだとか・・・・
既にBindは稼働中なので、以下は、
# cd /etc/namedb/
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
設定済みで、keyは作り直し
Feb 17 07:50:24 flora named[621]: starting BIND 9.3.6-P1 -t /var/named -u bind
Feb 17 07:50:24 flora named[621]: using up to 4096 sockets
Feb 17 07:50:24 flora named[621]: loading configuration from '/etc/namedb/named.conf'
Feb 17 07:50:24 flora named[621]: /etc/namedb/named.conf:37: unknown option 'key'
Feb 17 07:50:24 flora kernel: Feb 17 07:50:24 flora named[621]: /etc/namedb/named.conf:37: unknown option 'key'
Feb 17 07:50:24 flora named[621]: loading configuration: failure
Feb 17 07:50:24 flora kernel: Feb 17 07:50:24 flora named[621]: loading configuration: failure
Feb 17 07:50:24 flora named[621]: exiting (due to fatal error)
Feb 17 07:50:24 flora kernel: Feb 17 07:50:24 flora named[621]: exiting (due to fatal error)
仰せの通りファイルを編集してreboot
Feb 17 08:05:33 flora named[619]: starting BIND 9.3.6-P1 -t /var/named -u bind
Feb 17 08:05:33 flora named[619]: using up to 4096 sockets
Feb 17 08:05:33 flora named[619]: loading configuration from '/etc/namedb/named.conf'
Feb 17 08:05:34 flora named[619]: max open files (3405) is smaller than max sockets (4096)
Feb 17 08:05:34 flora named[619]: using default UDP/IPv4 port range: [49152, 65535]
Feb 17 08:05:34 flora named[619]: using default UDP/IPv6 port range: [49152, 65535]
Feb 17 08:05:34 flora named[619]: listening on IPv4 interface em0, 218.44.228.148#53
Feb 17 08:05:34 flora named[619]: listening on IPv4 interface lo0, 127.0.0.1#53
Feb 17 08:05:34 flora named[619]: command channel listening on 127.0.0.1#953
Feb 17 08:05:34 flora named[619]: the working directory is not writable
Feb 17 08:05:34 flora kernel: Feb 17 08:05:34 flora named[619]: the working directory is not writable
Feb 17 08:05:34 flora named[619]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2002040405
Feb 17 08:05:34 flora named[619]: zone 144.228.44.218.in-addr.arpa/IN: loaded serial 2007030700
Feb 17 08:05:34 flora named[619]: zone kuji-clinic.info/IN: loaded serial 2007030701
Feb 17 08:05:34 flora named[619]: zone thousand-winds.jp/IN: loaded serial 2010021700
Feb 17 08:05:34 flora named[619]: zone localhost/IN: loaded serial 2002040402
Feb 17 08:05:34 flora named[619]: running
Feb 17 08:05:34 flora named[619]: zone 144.228.44.218.in-addr.arpa/IN: sending notifies (serial 2007030700)
Feb 17 08:05:34 flora named[619]: zone kuji-clinic.info/IN: sending notifies (serial 2007030701)
Feb 17 08:05:34 flora named[619]: zone thousand-winds.jp/IN: sending notifies (serial 2010021700)
Feb 17 08:05:34 flora kernel: Setting date via ntp.
Feb 17 08:05:34 flora named[619]: host unreachable resolving 'pns.ocn.ad.jp/AAAA/IN': 2001:dc2::1#53
Feb 17 08:05:34 flora named[619]: host unreachable resolving 'ddns1.interlink.or.jp/A/IN': 2001:240::53#53
Feb 17 08:05:34 flora named[619]: host unreachable resolving 'ddns1.interlink.or.jp/AAAA/IN': 2001:240::53#53
***rndc設定 [#x29b7bac]
# mv /etc/namedb/named.conf /etc/namedb/named.conf.org
# rndc-confgen -a
wrote key file "/etc/namedb/rndc.key"
# cat /etc/namedb/rndc.key > /etc/namedb/rndc.conf
# cat /etc/namedb/rndc.key > /etc/namedb/named.conf
# rm /etc/namedb/rndc.key
# cat /etc/namedb/rndc.key >> /etc/namedb/named.conf 書き加える?
# rm /etc/namedb/rndc.key してない
# vi /etc/namedb/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
↓すでにあるオプション行に追加
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Server 127.0.0.1 {
key "rndc-key";
};
# chmod 400 /etc/namedb/rndc.conf
# chmod 600 /etc/namedb/named.conf
# chown bind:wheel /etc/namedb/named.conf
***named.conf編集 [#ccacfdb2]
# vi /etc/namedb/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
};
↓最終行に下記を記入
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
version "unknown";
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on-v6 { none; };
listen-on { localhost; localnets; };
allow-query { localhost; localnets; };
allow-recursion { localhost; localnets; };
allow-transfer { localhost; localnets; };
forwarders { xxx.xxx.xxx.xx1; xxx.xxx.xxx.xx2; };
};
view "internal"{
match-clients { localnets; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa";
};
zone "3.168.192.in-addr.arpa" {
type master;
file "3.168.192.in-addr.arpa";
};
zone "freebsd.orz" {
type master;
file "freebsd.orz.local";
};
};
※黄色い部分は環境に合わせて変更してください。~
※xxx.xxx.xxx.xx1 はプロバイダのプライマリDNSサーバーのIPアドレスです。~
※xxx.xxx.xxx.xx2 はプロバイダのセカンダリDNSサーバーのIPアドレスです。~
***named.conf編集 (固定IPの場合) [#h1028d28]
# vi /etc/namedb/named.conf
↓最終行に下記を記入
view "external"{
match-clients { any; };
recursion no;
zone "freebsd.orz" {
type master;
file "freebsd.orz.zone";
allow-transfer { yyy.yyy.yyy.yyy; };
};
};
※黄色い部分は環境に合わせて変更してください~
※yyy.yyy.yyy.yyy はセカンダリDNSサーバーのIPアドレスです。
***localhost逆引き [#ubfa6c88]
# vi /etc/namedb/0.0.127.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
1 IN PTR localhost.
※黄色い部分は環境に合わせて変更してください。
***内部正引き [#dfc20194]
# vi /etc/namedb/freebsd.orz.local
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
IN MX 10 mail.freebsd.orz.
@ IN A 192.168.3.10
* IN A 192.168.3.10
mail IN A 192.168.3.10
***内部逆引き [#ia4bef52]
# vi /etc/namedb/3.168.192.in-addr.arpa
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS freebsd.orz.
10 IN PTR freebsd.orz.
***外部正引き (固定IPの場合) [#dc32c08e]
# vi /etc/namedb/freebsd.orz.zone
↓下記を記入
$TTL 86400
@ IN SOA ns1.freebsd.orz. root.freebsd.orz. (
2007052900 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum
)
IN NS ns1.freebsd.orz.
IN MX 10 mail.freebsd.orz.
@ IN A zzz.zzz.zzz.zzz
* IN A zzz.zzz.zzz.zzz
mail IN A zzz.zzz.zzz.zzz
freebsd.orz. IN TXT "v=spf1 a mx ~all"
***ルートゾーン最新化 [#gebedcee]
# dig . ns @128.63.2.53 > /etc/namedb/named.ca
***resolv.conf編集 [#k39434c2]
# echo 'nameserver 127.0.0.1' > /etc/resolv.conf
***BIND起動 [#o6fb6ff3]
# vi /etc/rc.conf
named_enable="YES" ←追加(named起動)
# /etc/rc.d/named start
**Bind [#f989fb97]
Oct 8 07:05:37 vaio_ns1 kernel: Oct 8 07:05:37 vaio_ns1 named[1075]: isc_log_open '/var/log/named/named.log' failed: file not found
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or directory
vaio_ns1# touch /var/log/named/update.log
touch: /var/log/named/update.log: No such file or directory
vaio_ns1# mkdir /var/log/named
vaio_ns1# chown bind:bind /var/log/named
http://hazyinfo.net/wiki/index.php?FreeBSD%2FBIND9
http://www.kishiro.com/FreeBSD/bind.html
http://freebsd.server-manual.com/bind.html
https://www.dns-oarc.net/oarc/services/dnsentropy
----
#counter([total|today|yesterday]);
&lastmod;
----