2009. 12. 2. 07:37 COMPUTER
Linux Bind Setting Log

# /usr/local/sbin/rndc-confgen > /etc/rndc.conf

# cat /etc/rndc.conf

# Start of rndc.conf
key "rndc-key" {
 algorithm hmac-md5;
 secret "TEJ7NKwydCQWDOZSv8DgDg==";
};

options {
 default-key "rndc-key";
 default-server 127.0.0.1;
 default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#  algorithm hmac-md5;
#  secret "TEJ7NKwydCQWDOZSv8DgDg==";
# };
#
# controls {
#  inet 127.0.0.1 port 953
#   allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf


# vi /etc/rndc.key (자신의 서버의 rndc.conf파일의 내용으로 입력)
key "rndc-key" {
      algorithm hmac-md5;
      secret "TEJ7NKwydCQWDOZSv8DgDg==";
};


# vi /etc/named.conf (자신의 서버의 rndc.conf파일의 내용으로 입력)

controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
};

options {
        directory "/var/named";
};

zone "." IN {
        type hint;
        file "named.root";
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
};

zone "0.168.192.in-addr.arpa" IN { // 아이피주소가 192.168.0.1이면
        type master;
        file "named.rev";
};

zone "도메인.co.kr"     IN { type master; file "zone-도메인.co.kr";     };     
zone "도메인.co.kr"     IN { type master; file "zone-도메인.co.kr";     };
zone "도메인.co.kr"     IN { type master; file "zone-도메인.co.kr";     };



named 계정 생성
# useradd -u 25 -r -d /var/named -M -s /bin/false named

named 관련파일 퍼미션 조정
# chmod 640 /etc/rndc.key
# chmod 640 /etc/rndc.conf
# chmod 640 /etc/named.conf
# chown root.named rndc.key
# chown root.named rndc.conf
# chown root.named named.conf

# mkdir /var/named
# chown named.root /var/named
# dig @168.126.63.1 . > /var/named/named.root

# touch /var/log/named.log
# chown named.named /var/log/named.log

# named-checkconf -z (설정파일들 체크)

댓글을 달아 주세요

최근에 올라온 글

최근에 달린 댓글