목차 1. 시작하며 간단한소개 설치...3 1) MySQL 설치...3 2) BIND RPM 설치...3 3) BIND 소스다운로드및설치...3 4) BIND 동작확인...5 5) 설정 스키마생성및테스트도메인입력 na

[365 TIP 18 호 ] BIND MySQL 연동 (DLZ) 작성일자 : 2010-05-04 작성자 : slowlygo@net-farm.com ( 주 ) 넷팜 http://www. 365managed.com

목차 1. 시작하며...1 2. 간단한소개...2 3. 설치...3 1) MySQL 설치...3 2) BIND RPM 설치...3 3) BIND 소스다운로드및설치...3 4) BIND 동작확인...5 5) 설정...7 4. 스키마생성및테스트도메인입력...12 5. named.conf 설정...15 6. 질의테스트...18 7. 마치며...19

1. 시작하며 안녕하세요. 벌써 5월의초입입니다. 아직은아침, 저녁은좀쌀쌀하기만, 낮에는따스하고화창해져서어디놀러가고싶어집니다. 이번호에서는 MySQL driver 을이용해서 BIND DLZ(Dynamically Loadable Zones) 을구현해보도록하겠습 니다. 혹시잘못된내용이나문의가있으신경우에는 http://community.365managed.com 커뮤니티를 이용하시거나혹은 slowlygo@net-farm.com 으로메일주시면감사하겠습니다. 문서에나오는예제들은 CentOS release 5.4 리눅스에서테스트되었습니다. 그럼시작해보도록하겠습니다. -1-

2. 간단한소개 아시겠지만보통 BIND 같은경우, 텍스트파일로되어있어실수하기쉽고시작시에 Zone 파일들을구문분석하기때문에시간도오래걸리며변경된내용을적용을위해서는 BIND를 Reload 하거나 Restart 해야합니다. 이를보완하기 (?) 위해나온것이 DLZ(Dynamically Loadable Zones) 이라고하는데, 데이타베이스에존데이타를저장하고이를변경했을시 BIND 의 Reload 나 Restart 없이즉각적용됩니다. 아래이미지는 http://bind-dlz.sourceforge.net/perf_tests.html 에서제공하는 Queries Per Second (QPS) 결과입니다. 자세한설명은해당 URL 을참고하시기바랍니다. -2-

3. 설치 설정파일을구성하는번거러움을없애기위해 설치는기존 Bind RPM 에덮어쓰는형식으로진행해보도록하겠습니다. 1) MySQL 설치 MySQL 은간단하게 RPM 으로설치하도록하겠습니다. [root@study ~]# yum install mysql-server [root@study ~]# yum install mysql-devel 2) BIND RPM 설치 [root@study src]# yum install caching-nameserver ------------------------------------- Installing for dependencies: bind bind-libs ------------------------------------- * caching-nameserver를설치하면 dependencies가걸려 bind 패키지가설치가됩니다. * 설정의번거러움을없애기위해 bind-chroot는설치하지않습니다. 3) BIND 소스다운로드및설치 Bind 최신버전을다운받습니다. - 다운로드 : http://www.isc.org/software/bind 참고로해당문서에서는 bind 9.7.0-P1 최신버전을다운받았습니다. [root@study src]# wget http://ftp.isc.org/isc/bind9/9.7.0-p1/bind-9.7.0-p1.tar.gz -3-

[root@study src]# tar zxvf bind-9.7.0-p1.tar.gz [root@study src]# cd bind-9.7.0-p1 [root@study bind-9.7.0-p1]# mysql_config Usage: /usr/lib64/mysql/mysql_config [OPTIONS] Options: --cflags [-I/usr/include/mysql -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstackprotector --param=ssp-buffer-size=4 -m64 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -fno-strict-aliasing -fwrapv] --include [-I/usr/include/mysql] --libs [-rdynamic -L/usr/lib64/mysql -lmysqlclient -lz -lcrypt -lnsl -lm -L/usr/lib64 -lssl -lcrypto] --libs_r [-rdynamic -L/usr/lib64/mysql -lmysqlclient_r -lz -lpthread -lcrypt -lnsl -lm -lpthread -L/usr/lib64 -lssl -lcrypto] --socket [/var/lib/mysql/mysql.sock] --port [0] --version [5.0.77] --libmysqld-libs [-rdynamic -L/usr/lib64/mysql -lmysqld -lz -lpthread -lcrypt -lnsl -lm -lpthread -lrt -L/usr/lib64 -lssl -lcrypto] [root@study bind-9.7.0-p1]#./configure --with-dlz-mysql... 중략... checking for Postgres DLZ driver... no checking for MySQL DLZ driver... using mysql from /usr/lib64/mysql and /usr/include/mysql checking for Berkeley DB DLZ driver... no checking for file system DLZ driver... no checking for LDAP DLZ driver... no checking for ODBC DLZ driver... no checking for stub DLZ driver... no checking for DLZ... yes... 중략... [root@study bind-9.7.0-p1]# make * 여기서간단하게필요한바이너리만복사해넣도록하겠습니다. [root@study bind-9.7.0-p1]# mv /usr/sbin/named /usr/sbin/named.ori `/usr/sbin/named' -> `/usr/sbin/named.ori' -4-

[root@study bind-9.7.0-p1]# mv /usr/sbin/named-checkconf /usr/sbin/named-checkconf.ori `/usr/sbin/named-checkconf' -> `/usr/sbin/named-checkconf.ori' [root@study bind-9.7.0-p1]# mv /usr/sbin/named-checkzone /usr/sbin/named-checkzone.ori `/usr/sbin/named-checkzone' -> `/usr/sbin/named-checkzone.ori' [root@study bind-9.7.0-p1]# mv bin/named/named /usr/sbin/ `bin/named/named' -> `/usr/sbin/named' [root@study bind-9.7.0-p1]# mv bin/check/named-checkconf /usr/sbin/ `bin/check/named-checkconf' -> `/usr/sbin/named-checkconf' [root@study bind-9.7.0-p1]# mv bin/check/named-checkzone /usr/sbin/ `bin/check/named-checkzone' -> `/usr/sbin/named-checkzone' 4) BIND 동작확인 [root@study bind-9.7.0-p1]# /etc/init.d/named start [root@study bind-9.7.0-p1]# /etc/init.d/named stop [root@study bind-9.7.0-p1]# vi /var/log/messages 1 Apr 30 13:06:52 study syslogd 1.4.1: restart. 2 Apr 30 13:06:52 study kernel: klogd 1.4.1, log source = /proc/kmsg started. 3 Apr 30 13:07:03 study named[11700]: starting BIND 9.7.0-P1 -u named -c /etc/named.cachingnameserver.conf -t /var/named/chroot 4 Apr 30 13:07:03 study named[11700]: built with '--with-dlz-mysql' 5 Apr 30 13:07:03 study named[11700]: using up to 4096 sockets 6 Apr 30 13:07:03 study named[11700]: loading configuration from '/etc/named.cachingnameserver.conf' 7 Apr 30 13:07:03 study named[11700]: using default UDP/IPv4 port range: [1024, 65535] 8 Apr 30 13:07:03 study named[11700]: using default UDP/IPv6 port range: [1024, 65535] 9 Apr 30 13:07:03 study named[11700]: no IPv6 interfaces found 10 Apr 30 13:07:03 study named[11700]: listening on IPv4 interface lo, 127.0.0.1#53 11 Apr 30 13:07:03 study named[11700]: generating session key for dynamic DNS 12 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: 127.IN- ADDR.ARPA 13 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: 254.169.IN- ADDR.ARPA 14 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: 2.0.192.IN -5-

ADDR.ARPA 15 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: 255.255.255.255.IN-ADDR.ARPA 16 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA 17 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA 18 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: D.F.IP6.ARPA 19 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: 8.E.F.IP6.ARPA 20 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: 9.E.F.IP6.ARPA 21 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: A.E.F.IP6.ARPA 22 Apr 30 13:07:03 study named[11700]: automatic empty zone: view localhost_resolver: B.E.F.IP6.ARPA 23 Apr 30 13:07:03 study named[11700]: command channel listening on 127.0.0.1#953 24 Apr 30 13:07:03 study named[11700]: the working directory is not writable 25 Apr 30 13:07:03 study named[11700]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 26 Apr 30 13:07:03 study named[11700]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 27 Apr 30 13:07:03 study named[11700]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 28 Apr 30 13:07:03 study named[11700]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700 29 Apr 30 13:07:03 study named[11700]: zone localdomain/in/localhost_resolver: loaded serial 42 30 Apr 30 13:07:03 study named[11700]: zone localhost/in/localhost_resolver: loaded serial 42 31 Apr 30 13:07:03 study named[11700]: running 32 Apr 30 13:08:49 study named[11700]: received control channel command 'stop' 33 Apr 30 13:08:49 study named[11700]: shutting down: flushing changes 34 Apr 30 13:08:49 study named[11700]: stopping command channel on 127.0.0.1#953 35 Apr 30 13:08:49 study named[11700]: no longer listening on 127.0.0.1#53 36 Apr 30 13:08:49 study named[11700]: exiting -6-

5) 설정 기본 caching-nameserver 패키지에서제공해주는것을수정해서사용하도록하겠습니다. 이는단지설정파일을만들고디렉토리구조를생성하는번거러움을덜기위해서입니다. 기본설정파일을보면다음과같습니다. // // named.caching-nameserver.conf // // Provided by Red Hat caching-nameserver package to configure the // ISC BIND named(8) DNS server as a caching only nameserver // (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // DO NOT EDIT THIS FILE - use system-config-bind or an editor // to create named.conf - edits to this file will be lost on // caching-nameserver package upgrade. // options { listen-on port 53 { 127.0.0.1; listen-on-v6 port 53 { ::1; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { localhost; allow-query-cache { localhost; logging { -7-

channel default_debug { file "data/named.run"; severity dynamic; view localhost_resolver { match-clients { localhost; match-destinations { localhost; recursion yes; include "/etc/named.rfc1912.zones"; * 참고로 caching-nameserver 패키지가설치된상태에서는로컬전용이며 0.0.127.in-addr.arpa, the localhost 외에는어떤권한 ( 권위 ) 를가지고있지않습니다. 그냥간단히 0.0.127.in-addr.arpa, the localhost 외에는 caching 전용입니다. 일반적으로메일서버로이용될경우, 설치해서운용하면 DNS 외부질의를줄일수있습니다. 정말캐싱이되는지간단히 tcpdump 를이용해서보면 [root@study ~]# tcpdump port 53 & [2] 12662 [root@study ~]# tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes [root@study ~]# nslookup daum.net localhost 00:59:41.163677 IP xxx.xxx.xxx.59.44139 > c.gtld-servers.net.domain: 35452 [1au] A? daum.net. (37) 00:59:41.164234 IP xxx.xxx.xxx.59.52482 > kns2.kornet.net.domain: 23609+ PTR? 30.92.26.192.inaddr.arpa. (43) 00:59:41.168250 IP kns2.kornet.net.domain > xxx.xxx.xxx.59.52482: 23609 1/7/8 (343) 00:59:41.168786 IP xxx.xxx.xxx.59.40154 > kns2.kornet.net.domain: 15550+ PTR? 59.27.180.58.inaddr.arpa. (43) 00:59:41.229755 IP kns2.kornet.net.domain > xxx.xxx.xxx.59.40154: 15550 NXDomain 0/1/0 (101) 00:59:41.230392 IP xxx.xxx.xxx.59.55154 > kns2.kornet.net.domain: 29235+ PTR? 2.63.126.168.inaddr.arpa. (43) 00:59:41.234254 IP kns2.kornet.net.domain > xxx.xxx.xxx.59.55154: 29235 1/2/0 (110) 00:59:41.451388 IP c.gtld-servers.net.domain > xxx.xxx.xxx.59.44139: 35452-0/5/6 (206) -8-

Server: localhost Address: 127.0.0.1#53 Non-authoritative answer: Address: 211.115.115.211 Address: 211.115.115.212 Address: 211.115.77.211 Address: 211.115.77.212 Address: 211.115.77.213 Address: 211.115.77.214 00:59:41.453647 IP xxx.xxx.xxx.59.45609 > ns5.daum.net.domain: 59798 [1au] A? daum.net. (37) 00:59:41.455099 IP ns5.daum.net.domain > xxx.xxx.xxx.59.45609: 59798* 6/5/6 A 211.115.77.211, A[ domain] 00:59:41.455510 IP xxx.xxx.xxx.59.43397 > kns2.kornet.net.domain: 48044+ PTR? 240.253.172.211.inaddr.arpa. (46) 00:59:41.458923 IP kns2.kornet.net.domain > xxx.xxx.xxx.59.43397: 48044 1/5/5 (237) 00:59:41.474531 IP xxx.xxx.xxx.59.39195 > kns2.kornet.net.domain: 36051+ PTR? 211.77.115.211.inaddr.arpa. (45) 00:59:41.477807 IP kns2.kornet.net.domain > xxx.xxx.xxx.59.39195: 36051 NXDomain 0/1/0 (105) [root@study ~]# nslookup daum.net localhost Server: localhost Address: 127.0.0.1#53 Non-authoritative answer: Address: 211.115.77.214 Address: 211.115.115.211-9-

Address: 211.115.115.212 Address: 211.115.77.211 Address: 211.115.77.212 Address: 211.115.77.213 네. 위에서보듯이 2번째쿼리부터는캐쉬된데이타를사용한다는것은대충알수있습니다. * view에관해간단히말씀드리면 match-clients, match-destinations에따라옵션및같은도메인이라할지라도다른아이피를지정할수있습니다. 여기서 match-clients는아시겠지만, match-destinations은약간혼란스럽습니다. 예제를하나보도록하겠습니다. 우선 listen-on port 53 { 127.0.0.1; -> listen-on port 53 { any; 로변경합니다. 서버에는 2개의아이피가세팅되어있습니다. 아이피는 xxx.xxx.xxx 로표시하였습니다. tcp 0 0 xxx.xxx.xxx.56:53 0.0.0.0:* LISTEN 13010/named tcp 0 0 xxx.xxx.xxx.59:53 0.0.0.0:* LISTEN 13010/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13010/named view 를추가로 2 개더생성하였고각 view 마다다른존파일을가지는 test.com 존을설정하였습니다. view localhost_resolver { match-clients { localhost; match-destinations { 127.0.0.1; recursion yes; include "/etc/named.rfc1912.zones"; zone "test.com" IN { type master; file "test.zone"; allow-update { none; -10-

view test1 { match-clients { localhost; match-destinations { xxx.xxx.xxx.59; recursion yes; include "/etc/named.rfc1912.zones"; zone "test.com" IN { type master; file "test1.zone"; allow-update { none; view test2 { match-clients { localhost; match-destinations { xxx.xxx.xxx.56; recursion yes; include "/etc/named.rfc1912.zones"; zone "test.com" IN { type master; file "test2.zone"; allow-update { none; 각각존파일에는아래와같이설정되어있습니다. test.zone test.com IN A 0.0.0.0 test1.zone test.com IN A 1.1.1.1 test2.zone test.com IN A 2.2.2.2 자 bind 를재시작후질의를해보면 [root@study named]# nslookup test.com xxx.xxx.xxx.59 Server: xxx.xxx.xxx.59 Address: xxx.xxx.xxx.59#53-11-

Name: test.com Address: 1.1.1.1 [root@study named]# nslookup test.com xxx.xxx.xxx.56 Server: xxx.xxx.xxx.56 Address: xxx.xxx.xxx.56#53 Name: test.com Address: 2.2.2.2 [root@study named]# nslookup test.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: test.com Address: 0.0.0.0 결국 match-clients 는클라이언트아이피에따라제어를하지만, match-destinations 는목적지아이피에따라제어가됩니다. 본론으로돌아가겠습니다. 4. 스키마생성및테스트도메인입력 스키마를꼭이렇게할필요는없지만최대한표준문서에따르도록하겠습니다. create database dns; grant all privileges on dns.* to dns@localhost identified by 'dns'; create table dns_records ( zone text, host text, `type` text, data text, -12-

); ttl int(11), mx_priority, refresh int(11), retry int(11), expire int(11), minimum int(11), serial bigint(20), resp_person text, primary_ns text create table xfr_table ( zone text, `client` text ); alter table dns_records add INDEX host_index (host(20)); alter table dns_records add INDEX zone_index (zone(30)); alter table dns_records add INDEX type_index (type(8)); alter table xfr_table add INDEX zone_client_index (zone(30),client(20)); # 테스트는위해필요한테이타를입력합니다. 간단히아래존파일의내용을입력해보겠습니다. $TTL 50 @ IN SOA ns.test.com. root.test.com. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400) ; Minimum @ 50 IN NS ns.test.com. @ 50 IN MX 10 mail.test.com. @ 50 IN TXT "v=spf1 ip4:3.3.3.3 ~all" ns 50 IN A 3.3.3.3 @ 50 IN A 4.4.4.4-13-

ftp 50 IN A 4.4.4.4 www 50 IN CNAME ftp mail 50 IN A 3.3.3.3 INSERT INTO `dns_records` VALUES ('test.com','@','soa','ns',50,null,28800,14400,3600000,86400,1997022700,'root','ns.test.com.'), ('test.com','@','ns','ns.test.com.',50,null,null,null,null,null,null,null,null), ('test.com','@','mx','mail.test.com.',50,'10',null,null,null,null,null,null,null), ('test.com','@','txt','v=spf1 ip4:3.3.3.3 ~all',50,null,null,null,null,null,null,null,null), ('test.com','ns','a','3.3.3.3',50,null,null,null,null,null,null,null,null), ('test.com','@','a','4.4.4.4',50,null,null,null,null,null,null,null,null), ('test.com','ftp','a','4.4.4.4',50,null,null,null,null,null,null,null,null), ('test.com','www','cname','ftp',50,null,null,null,null,null,null,null,null), ('test.com','mail','a','3.3.3.3',50,null,null,null,null,null,null,null,null); mysql> select * from dns_records; +----------+------+-------+-------------------------+------+-------------+---------+-------+---------+---------+------------+-------------+--------------+ zone host type data ttl mx_priority refresh retry expire minimum serial resp_person primary_ns +----------+------+-------+-------------------------+------+-------------+---------+-------+---------+---------+------------+-------------+--------------+ test.com @ soa ns 50 NULL 28800 14400 3600000 86400 1997022700 root ns.test.com. test.com @ NS ns.test.com. 50 NULL NULL NULL NULL NULL NULL NULL NULL test.com @ mx mail.test.com. 50 10 NULL NULL NULL NULL NULL NULL NULL test.com @ txt v=spf1 ip4:3.3.3.3 ~all 50 NULL NULL NULL NULL NULL NULL NULL NULL test.com ns A 3.3.3.3 50 NULL NULL NULL NULL NULL NULL NULL NULL test.com @ A 4.4.4.4 50 NULL NULL NULL NULL NULL NULL NULL NULL test.com ftp A 4.4.4.4 50 NULL NULL NULL NULL NULL NULL NULL NULL test.com www CNAME ftp 50 NULL NULL NULL NULL NULL NULL NULL NULL test.com mail A 3.3.3.3 50 NULL NULL NULL NULL NULL NULL NULL NULL +----------+------+-------+-------------------------+------+-------------+---------+-------+---------+---------+------------+-------------+--------------+ -14-

5. named.conf 설정 그냥 localhost_resolver 에추가하도록하겠습니다. 실제사용시는구분을위해 View 를하나만들어서하시는것이좋겠네요. view localhost_resolver { match-clients { localhost; match-destinations { localhost; recursion yes; include "/etc/named.rfc1912.zones"; dlz "Mysql zone" { database "mysql {host=localhost dbname=dns user=dns pass=dns} {select zone from dns_records where zone = '%zone%'} {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end from dns_records where zone = '%zone%' and host = '%record%' and not (type = 'SOA' or type = 'NS')} {select ttl, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and (type = 'SOA' or type='ns')} {select ttl, type, host, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and not (type = 'SOA' or type = 'NS')} {select zone from xfr_table where zone = '%zone%' and client = '%client%'}"; 위구문에대해간략히설명드리면, 각쿼리는아큐먼트값으로들어가기때문에순서를지켜야합니다. 기본은 findzone() 과 lookup() 쿼리만들어가도작동은합니다. 물론다르게변경해도무방하지만, 하나의 data값으로처리하기때문에출력값이맞게나오도록해야합니다. // dlz driver 사용 dlz "Mysql zone" { // MySQL databases 사용 database "mysql // 접속정보 {host=localhost dbname=dns user=dns pass=dns} -15-

// finezone() 쿼리 {select zone from dns_records where zone = '%zone%'} // lookup() 쿼리 {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end from dns_records where zone = '%zone%' and host = '%record%' and not (type = 'SOA' or type = 'NS')} // authority 쿼리 {select ttl, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and (type = 'SOA' or type='ns')} // allnodes() 쿼리 {select ttl, type, host, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '%zone%' and not (type = 'SOA' or type = 'NS')} // allowzonexfr() 쿼리 {select zone from xfr_table where zone = '%zone%' and client = '%client%'} // findzone() 쿼리후존재할경우카운트 {update data_count set count = count + 1 where zone ='%zone%'}"; - 구문에러는없는지 named restart 를통해확인합니다. [root@study ~]# /etc/init.d/named restart named를정지중 : [ OK ] May 3 17:38:33 study named[29888]: received control channel command 'stop' May 3 17:38:33 study named[29888]: shutting down: flushing changes May 3 17:38:33 study named[29888]: stopping command channel on 127.0.0.1#953 May 3 17:38:33 study named[29888]: no longer listening on 127.0.0.1#53 May 3 17:38:33 study named[29888]: no longer listening on xxx.xxx.xxx.59#53 May 3 17:38:33 study named[29888]: exiting named를시작중 : [ OK ] [root@study ~]# May 3 17:38:36 study named[29954]: starting BIND 9.7.0-P1 -u named -c /etc/named.caching-nameserver.conf May 3 17:38:36 study named[29954]: built with '--with-dlz-mysql' May 3 17:38:36 study named[29954]: using up to 4096 sockets May 3 17:38:36 study named[29954]: loading configuration from '/etc/named.caching-nameserver.conf' May 3 17:38:36 study named[29954]: reading built-in trusted keys from file '/etc/bind.keys' May 3 17:38:36 study named[29954]: using default UDP/IPv4 port range: [1024, 65535] -16-

May 3 17:38:36 study named[29954]: using default UDP/IPv6 port range: [1024, 65535] May 3 17:38:36 study named[29954]: no IPv6 interfaces found May 3 17:38:36 study named[29954]: listening on IPv4 interface lo, 127.0.0.1#53 May 3 17:38:36 study named[29954]: listening on IPv4 interface eth0, xxx.xxx.xxx.59#53 May 3 17:38:36 study named[29954]: generating session key for dynamic DNS May 3 17:38:36 study named[29954]: Loading 'Mysql zone' using driver mysql May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: 127.IN- ADDR.ARPA May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: 254.169.IN- ADDR.ARPA May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: 2.0.192.IN- ADDR.ARPA May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: 255.255.255.255.IN-ADDR.ARPA May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: D.F.IP6.ARPA May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: 8.E.F.IP6.ARPA May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: 9.E.F.IP6.ARPA May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: A.E.F.IP6.ARPA May 3 17:38:36 study named[29954]: automatic empty zone: view localhost_resolver: B.E.F.IP6.ARPA May 3 17:38:36 study named[29954]: command channel listening on 127.0.0.1#953 May 3 17:38:36 study named[29954]: the working directory is not writable May 3 17:38:36 study named[29954]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 May 3 17:38:36 study named[29954]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 May 3 17:38:36 study named[29954]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 May 3 17:38:36 study named[29954]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700 May 3 17:38:36 study named[29954]: zone localdomain/in/localhost_resolver: loaded serial 42 May 3 17:38:36 study named[29954]: zone localhost/in/localhost_resolver: loaded serial 42 May 3 17:38:36 study named[29954]: running -17-

6. 질의테스트 간단히몇가지만테스트해보도록하겠습니다. [root@study ~]# nslookup -type=ns test.com localhost Server: localhost Address: 127.0.0.1#53 test.com nameserver = ns.test.com. [root@study ~]# nslookup -type=mx test.com localhost Server: localhost Address: 127.0.0.1#53 test.com mail exchanger = 10 mail.test.com. [root@study ~]# nslookup -type=txt test.com localhost Server: localhost Address: 127.0.0.1#53 test.com text = "v=spf1 ip4:3.3.3.3 ~all" [root@study ~]# nslookup -type=a test.com localhost Server: localhost Address: 127.0.0.1#53 Name: test.com Address: 4.4.4.4 [root@study ~]# nslookup -type=a ns.test.com localhost Server: localhost Address: 127.0.0.1#53 Name: ns.test.com Address: 3.3.3.3-18-

[root@study ~]# nslookup -type=cname www.test.com localhost Server: localhost Address: 127.0.0.1#53 www.test.com canonical name = ftp.test.com. # 바로적용되는지확인을위해아이피를 4.4.4.4 로업데이트해보았습니다. [root@study ~]# echo "update dns_records set data='4.4.4.4' where zone='test.com' and host='@' and type='a'" mysql -udns -pdns -Ddns [root@study ~]# nslookup -type=a test.com localhost Server: localhost Address: 127.0.0.1#53 Name: test.com Address: 4.4.4.4 7. 마치며 이번호는이래저래많이늦어졌습니다. DLZ 같은경우, 알아두시면나름필요하실때유용하게써먹을수있을거라생각합니다. 다음호에서는더좋은내용으로찾아뵙겠습니다. -- 수고많이하셨습니다. -- [ 본문서의수정및재배포를금합니다.] -19-