AIX 5.2 DNS setting
2010.05.11 10:58
원문 : http://www.ischo.net -- 조인상 // 시스템 엔지니어
Writer : http://www.ischo.net -- ischo // System Engineer in Replubic Of Korea
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
AIX 5.2 DNS setting
1. bind 는 OS 인스톨 되면서 설치가 되어 진다
확인
[root@p615 /usr/sbin]# ls -al named*
lrwxrwxrwx 1 root system 16 Dec 12 21:41 named -> /usr/sbin/named9
lrwxrwxrwx 1 root system 21 Oct 8 01:45 named-xfer -> /usr/sbin/named4-xfer
-r-sr-xr-- 1 root system 330978 Jul 9 22:19 named4
-r-xr-xr-- 1 root system 32378 Jul 9 22:19 named4-xfer
-r-sr-xr-- 1 root system 648318 Jul 10 03:15 named8
-r-xr-xr-- 1 root system 189512 Jul 10 03:15 named8-xfer
-r-sr-xr-- 1 root system 480354 Jul 9 22:22 named9
위처럼 보이면 bind 4 8 9 모두가 설치가 된것이다.
그래서 위에 named 명령어가 처음에는 namd4에 링크가 되어 있는데 이것을 사용할
dameon 으로 링크를 시켜주면 된다.
[root@p615 /usr/sbin]# ln -s /usr/sbin/named9 /usr/sbin/named
2. rndc-key값 설정
bind 9을 사용하기 위해서는 rndc-key값을 설정을 해줘야 하는데
모든 명령어는 /usr/sbin에 있다 아래 순서처럼 하나씩 설정해 주면 된다.
[root@p615 /usr/sbin]# ./rndc-confgen > /etc/rndc.conf
[root@p615 /usr/sbin]# ./dnssec-keygen -a hmac-md5 -b 128 -n HOST kjulove
Kkjulove.+157+49844
[root@p615 /usr/sbin]# ls *kju*
Kkjulove.+157+49844.key Kkjulove.+157+49844.private
[root@p615 /usr/sbin]# cat Kkjulove.+157+49844.key
kjulove. IN KEY 512 3 157 FXFrGhw8/U4BP8lCjyzJUg==
FXFrGhw8/U4BP8lCjyzJUg== 이 값을 /etc/rdnc.conf 입력을 해주면 된다.
3. 설정 파일 생성
vi /etc/named.conf
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
include "/etc/rndc.key";
zone "aprosystem.org" IN {
type master;
file "aprosystem.zone";
allow-update { none; };
};
zone "255.34.61.in-addr.arpa" IN {
type master;
file "aprosystem.zone.rev";
allow-update { none; };
};
vi /var/named/aprosystem.zone
$TTL 10M
@ IN SOA aprosystem.org. root.aprosystem.org. (
2004101801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS aprosystem.org.
IN MX 10 mail.aprosystem.org.
aprosystem.org. IN A 61.34.255.81
ns IN A 61.34.255.81
www IN A 61.34.255.81
mail IN A 61.34.255.81
vi aprosystem.zone.rev
$TTL 10M
@ IN SOA aprosystem.org. root.aprosystem.org. (
2004101801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS aprosystem.org.
81 IN PTR aprosystem.org.
81 IN PTR ns.aprosystem.org.
81 IN PTR www.aprosystem.org.
81 IN PTR mail.aprosystem.org.
vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
그리고 마지막으로
vi named.ca
[root@p615 /var/named]# cat named.ca
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
;
; last update: Nov 5, 2002
; related version of root zone: 2002110501
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by IANA
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
4. 데몬 start stop
startsrc -s namd
stopsrc -s named
5. 로그보기
syslog 설정
/etc/syslog.conf *.notic /var/spool/syslog
stopsrc -s syslogd
startsrc -s syslogd
6. 시스템 시작시 named 데몬 실행
스크립트를 만든후
vi dns.start ( /script/dns.start)
startsrc -s named
chmod 755 /scriptdns.start
/etc/inittab 파일에
myscript:2:wait:/script/dns.start > /dev/console 2>&1
또는
vi /etc/rc.tcpip
# Start up Domain Name daemon
#start /usr/sbin/named "$src_running"
위에 항목 #을 제거해 준다.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
AIX 5.2 DNS setting
1. bind 는 OS 인스톨 되면서 설치가 되어 진다
확인
[root@p615 /usr/sbin]# ls -al named*
lrwxrwxrwx 1 root system 16 Dec 12 21:41 named -> /usr/sbin/named9
lrwxrwxrwx 1 root system 21 Oct 8 01:45 named-xfer -> /usr/sbin/named4-xfer
-r-sr-xr-- 1 root system 330978 Jul 9 22:19 named4
-r-xr-xr-- 1 root system 32378 Jul 9 22:19 named4-xfer
-r-sr-xr-- 1 root system 648318 Jul 10 03:15 named8
-r-xr-xr-- 1 root system 189512 Jul 10 03:15 named8-xfer
-r-sr-xr-- 1 root system 480354 Jul 9 22:22 named9
위처럼 보이면 bind 4 8 9 모두가 설치가 된것이다.
그래서 위에 named 명령어가 처음에는 namd4에 링크가 되어 있는데 이것을 사용할
dameon 으로 링크를 시켜주면 된다.
[root@p615 /usr/sbin]# ln -s /usr/sbin/named9 /usr/sbin/named
2. rndc-key값 설정
bind 9을 사용하기 위해서는 rndc-key값을 설정을 해줘야 하는데
모든 명령어는 /usr/sbin에 있다 아래 순서처럼 하나씩 설정해 주면 된다.
[root@p615 /usr/sbin]# ./rndc-confgen > /etc/rndc.conf
[root@p615 /usr/sbin]# ./dnssec-keygen -a hmac-md5 -b 128 -n HOST kjulove
Kkjulove.+157+49844
[root@p615 /usr/sbin]# ls *kju*
Kkjulove.+157+49844.key Kkjulove.+157+49844.private
[root@p615 /usr/sbin]# cat Kkjulove.+157+49844.key
kjulove. IN KEY 512 3 157 FXFrGhw8/U4BP8lCjyzJUg==
FXFrGhw8/U4BP8lCjyzJUg== 이 값을 /etc/rdnc.conf 입력을 해주면 된다.
3. 설정 파일 생성
vi /etc/named.conf
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
include "/etc/rndc.key";
zone "aprosystem.org" IN {
type master;
file "aprosystem.zone";
allow-update { none; };
};
zone "255.34.61.in-addr.arpa" IN {
type master;
file "aprosystem.zone.rev";
allow-update { none; };
};
vi /var/named/aprosystem.zone
$TTL 10M
@ IN SOA aprosystem.org. root.aprosystem.org. (
2004101801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS aprosystem.org.
IN MX 10 mail.aprosystem.org.
aprosystem.org. IN A 61.34.255.81
ns IN A 61.34.255.81
www IN A 61.34.255.81
mail IN A 61.34.255.81
vi aprosystem.zone.rev
$TTL 10M
@ IN SOA aprosystem.org. root.aprosystem.org. (
2004101801 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS aprosystem.org.
81 IN PTR aprosystem.org.
81 IN PTR ns.aprosystem.org.
81 IN PTR www.aprosystem.org.
81 IN PTR mail.aprosystem.org.
vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
그리고 마지막으로
vi named.ca
[root@p615 /var/named]# cat named.ca
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
;
; last update: Nov 5, 2002
; related version of root zone: 2002110501
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by IANA
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
4. 데몬 start stop
startsrc -s namd
stopsrc -s named
5. 로그보기
syslog 설정
/etc/syslog.conf *.notic /var/spool/syslog
stopsrc -s syslogd
startsrc -s syslogd
6. 시스템 시작시 named 데몬 실행
스크립트를 만든후
vi dns.start ( /script/dns.start)
startsrc -s named
chmod 755 /scriptdns.start
/etc/inittab 파일에
myscript:2:wait:/script/dns.start > /dev/console 2>&1
또는
vi /etc/rc.tcpip
# Start up Domain Name daemon
#start /usr/sbin/named "$src_running"
위에 항목 #을 제거해 준다.
댓글 0
번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
---|---|---|---|---|
공지 | [공지] 게시자료 열람자유. 불펌금지입니다. | 조인상 | 2010.12.07 | 108879 |
191 | AIX에서 TCP wrapper 사용하기 | 조인상 | 2010.05.11 | 44328 |
190 | IBM 시스템-영업&기술 유용한 싸이트 모음 | 조인상 | 2010.05.11 | 17317 |
189 | [정욱이네] IBM AIX java 설치 하기. | 조인상 | 2010.05.11 | 32500 |
188 | MP 설치하기 | 조인상 | 2010.05.11 | 21823 |
187 | C/C++ 5.0, 6.0 설치하기 | 조인상 | 2010.05.11 | 24601 |
186 | Tomcat 설치하기 | 조인상 | 2010.05.11 | 16781 |
185 | AIX 5.1 ML-4 Overland 네오4000 백업장치 붙히는 방법 | 조인상 | 2010.05.11 | 17350 |
184 | 설치시 CAPP/EAL4+ 옵션에 대하여 | 조인상 | 2010.05.11 | 12962 |
183 | NFS mount | 조인상 | 2010.05.11 | 28828 |
182 | syslog 떨어 뜨리는 방법 | 조인상 | 2010.05.11 | 19026 |
181 | java heap memory 관련에러 | 조인상 | 2010.05.11 | 20505 |
180 | AIX ssh 설치하기 | 조인상 | 2010.05.11 | 51034 |
179 | cpu clock 확인하는 방법 | 조인상 | 2010.05.11 | 25788 |
178 | 메뉴얼 링크 [1] | 조인상 | 2010.05.11 | 19607 |
177 | 보안 점검 시 유용한 명령어 모음 | 조인상 | 2010.05.11 | 15737 |
176 | OS 변경 후 이전 유저 환경 유지시키려면.. | 조인상 | 2010.05.11 | 12375 |
175 | 네트웍 관련 (IP 세팅, 라우팅 세팅, 속도 세팅) [1] | 조인상 | 2010.05.11 | 20236 |
174 | IBM Ess800 storage 관련 | 조인상 | 2010.05.11 | 13875 |
» | AIX 5.2 DNS setting | 조인상 | 2010.05.11 | 24597 |
172 | root 패스워드 잊어 버렸을때 지우는 방법 | 조인상 | 2010.05.11 | 14570 |