¿ì¸® ȸ»ç¿¡¼´Â ¸®´ª½º¸¦ DNS ¼¹ö·Î »ç¿ëÇϰí ÀÖ´Ù. ¼º´ÉÀº »ó»óÀÌ»óÀ¸·Î ¶Ù¾î³ª´Ù. ÀÌ ¼½¼Ç¿¡¼´Â ·¹µåÇÞ ¹èÆ÷ÆÇ¿¡¼ Ç¥ÁØÀ¸·Î µû¶ó¿À´Â BIND 8.x ¸¦ ÀÌ¿ëÇÏ¿© µµ¸ÞÀÎ ³×ÀÓ ¼ºñ½º¸¦ ÇÒ ¼ö ÀÖµµ·Ï DNS Å×À̺íÀ» ¼³Á¤ÇÏ´Â ¹æ¹ýÀ» ´Ù·é´Ù.
Note: ÁÖÀÇ: ·¹µåÇÞ 5.1 °ú ±× ÀÌÀü ¹öÀüÀº BIND 4.x ÆÐŰÁö¸¦ »ç¿ëÇÏ¿´´Âµ¥ ¿©±â¼ »ç¿ëµÇ¾ú´ø ¼³Á¤ ÆÄÀÏÀº ¾à°£ ´Ù¸¥ Çü½ÄÀ¸·Î µÇ¾îÀÖ´Ù. BIND 8.x ´Â BIND 4.x º¸´õ ´õ ¸¹Àº ±â´ÉÀ» Á¦°øÇÏ°í °Ô´Ù°¡ BIND 4.x Àº ´õ ÀÌ»ó °³¹ßµÇÁö ¾Ê±â ¶§¹®¿¡ BIND ÆÐŰÁö´Â ÃÖ±Ù ¹öÀüÀ¸·Î ¾÷±×·¹À̵åÇÏ´Â °ÍÀ» °í·ÁÇÏ¿©¾ß ÇÒ °ÍÀÌ´Ù. ÀÌ·² ¶§¿¡´Â ±×³É BIND RPM ÆÐŰÁö¸¦ (RPM À¯Æ¿¸®Æ¼¿¡ ´ëÇÑ »ó¼¼ÇÑ ³»¿ëÀº ·¹µåÇÞ ÆÐÁöÁö °ü¸®ÀÚ (RPM) »ç¿ëÇϱ⠼½¼Ç - Á¦ 10 Àå À» ÂüÁ¶ÇϽÿä) ¼³Ä¡ÇÏ°í ¼³Á¤ ÆÄÀÏÀ» »õ·Î¿î Çü½ÄÀ¸·Î ¹Ù²Ù¾î Áֱ⸸ ÇÏ¸é µÈ´Ù.
´ÙÇàÈ÷µµ, ±âÁ¸ÀÇ BIND 4.x ¼³Á¤ ÆÄÀÏÀ» BIND 8.x ¿¡ ¸ÂÃç ¹Ù²Ù´Â °ÍÀº ½±´Ù! BIND ¿¡ µþ·Á¼ Á¦°øµÇ´Â ¹®¼ µð·ºÅ丮 (¿¹¸¦ µé¾î, BIND ¹öÀü 8.1.2 ÀÇ °æ¿ì¿¡´Â ``/usr/doc/bind-8.1.2/'') ¿¡´Â ``named-bootconf.pl'' ¶ó´Â ½ÇÇà°¡´ÉÇÑ ÆÞ ÇÁ·Î±×·¥ÀÌ ÀÖ´Ù. ½Ã½ºÅÛ¿¡ ÆÞÀÌ ÀÌ¹Ì ¼³Ä¡µÇ¾î ÀÖ´Ù°í °¡Á¤ÇÑ´Ù¸é, ¼³Á¤ ÆÄÀÏÀ» º¯È¯Çϱâ À§ÇÏ¿© ±×³É ÀÌ ÇÁ·Î±×·¥À» ÀÌ¿ëÇÏ¸é µÈ´Ù. ÀÌ ÇÁ·Î±×·¥À» ÀÌ¿ëÇÏ´Â ¹æ¹ýÀº (·çÆ®·Î¼) ´ÙÀ½°ú °°ÀÌ Å¸ÀÌÇÎÇÏ¸é µÈ´Ù:
cd /usr/doc/bind-8.1.2 ./named-bootconf.pl < /etc/named.boot > /etc/named.conf mv /etc/named.boot /etc/named.boot-obsoleteÀÌÁ¦ ``/etc/named.conf'' ¶ó´Â ÆÄÀÏÀ» °®°Ô µÇ¾ú´Âµ¥ ÀÌ ÆÄÀÏÀº BIND 8.x ¿Í "¾Æ¹«·± ¼öÁ¤¾øÀÌ" Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù. DNS Å×À̺íÀÇ Çü½ÄÀº º¯ÇÏÁö ¾Ê¾Ò±â ¶§¹®¿¡, ±âÁ¸ÀÇ DNS Å×À̺íÀº »õ ¹öÀüÀÇ BIND ¿Í ÇöÀç ±×´ë·Î µ¿ÀÛÇÑ´Ù.
¸®´ª½º¿¡¼ DNS ¼ºñ½º¸¦ ¼³Á¤Çϴµ¥¿¡´Â ´ÙÀ½°ú °°Àº °úÁ¤À» ¹â°Ô µÈ´Ù:
DNS ¼ºñ½º°¡ ÀÛµ¿ÇÏ°Ô ÇÏ·Á¸é ``/etc/host.conf'' ÆÄÀÏÀÌ ´ÙÀ½°ú °°ÀÌ µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù:
# Lookup names via /etc/hosts first, then by DNS query order hosts, bind # We don't have machines with multiple addresses multi on # Check for IP address spoofing nospoof on # Warn us if someone attempts to spoof alert on |
½ºÇªÇΠŽÁö ±â´ÉÀ» Ãß°¡Çϸé DNS ÂüÁ¶ÇÒ ¶§ ¼º´É»óÀÇ ¾à°£ÀÇ (ºñ·Ï ¹«½ÃÇÒ ¼ö ÀÖ´Â ¼öÁØÀÌÁö¸¸) ÀúÇϸ¦ °¡Á®¿Â´Ù. µû¶ó¼, ÀÌ·± °ÍÀ» Å©°Ô °ÆÁ¤ÇÏÁö ¾Ê´Â´Ù¸é "nospoof" °ú "alert" Ç׸ñÀº »ç¿ëÇÏÁö ¾Êµµ·Ï ÇÏ¿©µµ µÈ´Ù.
``/etc/hosts'' ÆÄÀÏÀ» Çʿ信 µû¶ó ¼³Á¤ÇÑ´Ù. ÀüÇüÀûÀÎ °æ¿ì¿¡ ¿©±â¿¡ ¸¹Àº Ç׸ñÀ» ³ÖÀ» ÇÊ¿ä´Â ¾ø´Ù. ÇÏÁö¸¸ ¼º´ÉÀÇ Çâ»óÀ» À§Çؼ (·ÎÄà ¼¹ö¿Í °°ÀÌ) ÀÚÁÖ ¿¢¼¼½ºµÇ´Â È£½ºÆ®´Â DNS ÂüÁ¶¸¦ ÇÏÁö ¾Êµµ·Ï Ç׸ñÀ» Ãß°¡ÇÒ ¼ö ÀÖ´Ù.
``/etc/named.conf'' ÆÄÀÏÀº ¾Æ·¡ÀÇ ¿¹¿¡¼µµ º¼ ¼ö ÀÖµíÀÌ DNS Å×À̺íÀ» °¡¸®Å°µµ·Ï ¼³Á¤µÇ¾î¾ß ÇÑ´Ù.
Note: (ÁÖÀÇ: ¿©±â¿¡¼ ¿¹·Î µç IP ÁÖ¼Ò´Â ¾îµð±îÁö³ª ¿¹½ÃÀÏ »ÓÀÌ¸ç ¹Ýµå½Ã ´ç½ÅÀÌ ¾²´Â ÁÖ¼Ò·Î ¹Ù²Ù¾îÁÖ¾î¾ß ÇÑ´Ù!):
options {
// DNS tables are located in the /var/named directory
directory "/var/named";
// Forward any unresolved requests to our ISP's name server
// (this is an example IP address only -- do not use!)
forwarders {
123.12.40.17;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
// Enable caching and load root server info
zone "named.root" {
type hint;
file "";
};
// All our DNS information is stored in /var/named/mydomain_name.db
// (eg. if mydomain.name = foobar.com then use foobar_com.db)
zone "mydomain.name" {
type master;
file "mydomain_name.db";
allow-transfer { 123.12.41.40; };
};
// Reverse lookups for 123.12.41.*, .42.*, .43.*, .44.* class C's
// (these are example Class C's only -- do not use!)
zone "12.123.IN-ADDR.ARPA" {
type master;
file "123_12.rev";
allow-transfer { 123.12.41.40; };
};
// Reverse lookups for 126.27.18.*, .19.*, .20.* class C's
// (these are example Class C's only -- do not use!)
zone "27.126.IN-ADDR.ARPA" {
type master;
file "126_27.rev";
allow-transfer { 123.12.41.40; };
}; |
Tip: ÆÁ: À§ÀÇ ³»¿ë Áß¿¡¼ allow-transfer ¿É¼Ç¿¡ ÁÖ¸ñÇϱ⠹ٶõ´Ù. ÀÌ´Â DNS ¿µ¿ªÀÇ Àü´ÞÀ» ÁÖ¾îÁø IP ÁÖ¼Ò·Î Á¦ÇÑÇÑ´Ù. ¾ÕÀÇ ¿¹¿¡¼, ¿ì¸®´Â 123.12.41.40 ¿¡ ÀÖ´Â (¾Æ¸¶ ¿ì¸® µµ¸ÞÀÎÀÇ º¸Á¶ DNS ¼¹ö) È£½ºÆ®¿¡°Ô¸¸ ¿µ¿ª Àü´ÞÀ» Çã¿ëÇϰí ÀÖ´Ù. ¸¸¾à ÀÌ ¿É¼ÇÀ» »©¸Ô´Â´Ù¸é, ÀÎÅͳݿ¡ ÀÖ´Â ÀÓÀÇÀÇ »ç¿ëÀÚ°¡ ±×·¯ÇÑ Àü´ÞÀ» ¿äûÇÒ ¼ö ÀְԵȴÙ. ÀÌ·¸°Ô ÇØ¼ Á¦°øµÇ´Â Á¤º¸´Â ½ºÆÔ ¸ÞÀÏÀ» º¸³»´Â »ç¶÷À̳ª IP ½ºÇªÇÎÀ» ÇÏ´Â »ç¶÷µé¿¡ ÀÇÇÏ¿© ¾Ç¿ëµÉ ¼ö ÀÖÀ¸¹Ç·Î, ¿µ¿ª Àü´ÞÀº º¸Á¶ DNS ¼¹ö ¾Æ´Ï¸é ·çÇÁ¹é ÁÖ¼Ò ``127.0.0.1'' ·Î¸¸ Á¦ÇÑÇÒ °ÍÀ» °·ÂÈ÷ ÃßõÇÑ´Ù.
ÀÌÁ¦ ``var/named/'' µð·ºÅ丮¿¡ ÀÖ´Â DNS Å×À̺íÀ» ¼¼¹øÂ° ´Ü°è¿¡¼ ``/etc/named.conf'' ÆÄÀÏ¿¡ ¼³Á¤ÇÑ ³»¿ë¿¡ µû¶ó ¼Â¾÷ÇÒ ¼ö ÀÖ´Ù. DNS µ¥ÀÌÅͺ£À̽º¸¦ óÀ½À¸·Î ¼³Á¤ÇÏ´Â ¸·ÁßÇÑ ÀϷμ ÀÌ ¹®¼ÀÇ ¹üÀ§¸¦ ³Ñ¾î¼±´Ù. ÂüÁ¶ÇÒ ¸¸ÇÑ °¡À̵å¶óÀÎÀÌ ¿Â¶óÀÎÀ̳ª ÀμâµÈ Ã¥À¸·Î ¸î°¡Áö ÀÖ´Ù. ¾î·µç ¾Æ·¡¿¡ ¸î°¡ÁöÀÇ ¿¹¸¦ Á¦½ÃÇÏ¿´´Ù.
``/var/named/mydomain_name.db'' Àü´Þ ÂüÁ¶ ÆÄÀÏ¿¡ µé¾î ÀÖ´Â Ç׸ñÀÇ ¿¹:
; This is the Start of Authority (SOA) record. Contains contact
; & other information about the name server. The serial number
; must be changed whenever the file is updated (to inform secondary
; servers that zone information has changed).
@ IN SOA mydomain.name. postmaster.mydomain.name. (
19990811 ; Serial number
3600 ; 1 hour refresh
300 ; 5 minutes retry
172800 ; 2 days expiry
43200 ) ; 12 hours minimum
; List the name servers in use. Unresolved (entries in other zones)
; will go to our ISP's name server isp.domain.name.com
IN NS mydomain.name.
IN NS isp.domain.name.com.
; This is the mail-exchanger. You can list more than one (if
; applicable), with the integer field indicating priority (lowest
; being a higher priority)
IN MX mail.mydomain.name.
; Provides optional information on the machine type & operating system
; used for the server
IN HINFO Pentium/350 LINUX
; A list of machine names & addresses
spock.mydomain.name. IN A 123.12.41.40 ; OpenVMS Alpha
mail.mydomain.name. IN A 123.12.41.41 ; Linux (main server)
kirk.mydomain.name. IN A 123.12.41.42 ; Windows NT (blech!)
; Including any in our other class C's
twixel.mydomain.name. IN A 126.27.18.161 ; Linux test machine
foxone.mydomain.name. IN A 126.27.18.162 ; Linux devel. kernel
; Alias (canonical) names
gopher IN CNAME mail.mydomain.name.
ftp IN CNAME mail.mydomain.name.
www IN CNAME mail.mydomain.name. |
``/var/named/123_12.rev'' ¿ª ÂüÁ¶ ÆÄÀÏÀÇ Ç׸ñ ¿¹:
; This is the Start of Authority record. Same as in forward lookup table.
@ IN SOA mydomain.name. postmaster.mydomain.name. (
19990811 ; Serial number
3600 ; 1 hour refresh
300 ; 5 minutes retry
172800 ; 2 days expiry
43200 ) ; 12 hours minimum
; Name servers listed as in forward lookup table
IN NS mail.mydomain.name.
IN NS isp.domain.name.com.
; A list of machine names & addresses, in reverse. We are mapping
; more than one class C here, so we need to list the class B portion
; as well.
40.41 IN PTR spock.mydomain.name.
41.41 IN PTR mail.mydomain.name.
42.41 IN PTR kirk.mydomain.name.
; As you can see, we can map our other class C's as long as they are
; under the 123.12.* class B addresses
24.42 IN PTR tsingtao.mydomain.name.
250.42 IN PTR redstripe.mydomain.name.
24.43 IN PTR kirin.mydomain.name.
66.44 IN PTR sapporo.mydomain.name.
; No alias (canonical) names should be listed in the reverse lookup
; file (for obvious reasons). |
´Ù¸¥ B Ŭ·¡½º (126.27.* °ú °°Àº) ÁÖ¼Ò¸¦ ¸ÅÇÎ ½Ã۱â À§Çؼ´Â Ãß°¡·Î ¿ª ÂüÁ¶ ÆÄÀÏÀ» ¸¸µé ¼ö ÀÖÀ¸¸ç ±× ³»¿ëÀº ¾Õ¿¡¼ º» °Í°ú À¯»çÇÏ´Ù.
named µ¥¸óÀÌ ½ÇÇàÁßÀÎÁö È®ÀÎÇÑ´Ù. ÀÌ µ¥¸óÀº ´ë°³ ½Ã½ºÅÛÀÌ ºÎÆÃÇÒ ¶§ ``/etc/rc.d/init.d/named'' ÆÄÀÏ¿¡¼ ½ÃÀ۵ȴÙ. ¼öÀÛ¾÷À¸·Î µ¥¸óÀº ½ÃÀÛ ¶Ç´Â ÁßÁö½Ãų ¼öµµ ÀÖ´Ù; À̸¦ À§ÇÏ¿©´Â °¢±â ``named start'' ¿Í ``named stop'' ¶ó°í ŸÀÌÇÎÇÏ¸é µÈ´Ù.
DNS Å×ÀÌºí¿¡ º¯È°¡ »ý±æ ¶§¸¶´Ù, DNS ¼¹ö´Â ``/etc/rc.d/init.d/named restart'' ¶ó°í ŸÀÌÇÎÇÏ¿© Àç½ÃÀ۵Ǿî¾ß ÇÑ´Ù. »õ·Î Ãß°¡Çϰųª º¯°æÇÑ ±â°è¿¡ ´ëÇÏ¿© Á¦´ë·Î µ¿ÀÛÇÏ´ÂÁö È®ÀÎÇϱâ À§Çؼ´Â "nslookup" ¿Í °°Àº ÅøÀ» »ç¿ëÇÏ¸é µÈ´Ù.
DNS ¼ºñ½º ¼³Á¤¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â http://metalab.unc.edu/Linux/HOWTO/DNS-HOWTO-5.html ¿¡ ÀÖ´Â ``DNS-HOWTO'' °¡À̵带 ÂüÁ¶ÇÏ¸é µÈ´Ù.