반응형
우분투 22.04에서 BIND9를 설치하고 설정하는 방법
테스트 환경
$ lsb_release -d
Description: Ubuntu 22.04.2 LTSBIND9 설치
패키지 목록 업데이트
sudo apt updateBIND9 및 유틸리티 설치
sudo apt install -y bind9 bind9-dnsutils bind9-utils우분투BIND9
named -vBIND 9.18.30-0ubuntu0.22.04.2-Ubuntu (Extended Support Version) <id:>더보기
---
named -VBIND 9.18.30-0ubuntu0.22.04.2-Ubuntu (Extended Support Version) <id:>
running on Linux x86_64 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-AB1uwX/bind9-9.18.30=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.4.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.43.0
linked to libuv version: 1.43.0
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP---
BIND9 기본 설정
- /etc/bind/named.conf : 메인 설정 파일
- /etc/bind/named.conf.options : 서버 동작 옵션
- /etc/bind/named.conf.local : 로컬 존(zone) 정의
named.conf 설정
vim /etc/bind/named.confinclude "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.logging.conf";named.conf.options 설정
vim /etc/bind/named.conf.optionsoptions {
listen-on { any; };
listen-on-v6 { any; };
directory "/var/cache/bind";
allow-transfer { none; };
allow-update { none; };
allow-query { any; };
recursion yes;
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-validation auto;
};로깅 활성화
named.logging.conf 설정
vim /etc/bind/named.logging.conf더보기
---
logging {
channel "default_syslog" {
// Send most of the named messages to syslog.
syslog local2;
severity debug;
};
channel "default_syslog" {
file "/var/log/named/default.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "general_syslog" {
file "/var/log/named/general.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "database_syslog" {
file "/var/log/named/database.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "security_syslog" {
file "/var/log/named/security.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "config_syslog" {
file "/var/log/named/config.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "resolver_syslog" {
file "/var/log/named/resolver.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "xfer-in_syslog" {
file "/var/log/named/xfer-in.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "xfer-out_syslog" {
file "/var/log/named/xfer-out.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "notify_syslog" {
file "/var/log/named/notify.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "client_syslog" {
file "/var/log/named/client.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "unmatched_syslog" {
file "/var/log/named/unmatched.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "network_syslog" {
file "/var/log/named/network.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "update_syslog" {
file "/var/log/named/update.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "update-security_syslog" {
file "/var/log/named/update-security.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "queries_syslog" {
file "/var/log/named/queries.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "query-errors_syslog" {
file "/var/log/named/query-errors.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "dispatch_syslog" {
file "/var/log/named/dispatch.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "dnssec_syslog" {
file "/var/log/named/dnssec.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "lame-servers_syslog" {
file "/var/log/named/lame-servers.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "delegation-only_syslog" {
file "/var/log/named/delegation-only.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel "edns-disabled_syslog" {
file "/var/log/named/edns-disabled.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category default { default_syslog; };
category general { general_syslog; };
category database { database_syslog; };
category security { security_syslog; };
category config { config_syslog; };
category resolver { resolver_syslog; };
category xfer-in { xfer-in_syslog; };
category xfer-out { xfer-out_syslog; };
category notify { notify_syslog; };
category client { client_syslog; };
category unmatched { unmatched_syslog; };
category network { network_syslog; };
category update { update_syslog; };
category update-security { update-security_syslog; };
category queries { queries_syslog; };
category query-errors { query-errors_syslog; };
category dispatch { dispatch_syslog; };
category dnssec { dnssec_syslog; };
category lame-servers { lame-servers_syslog; };
category delegation-only { delegation-only_syslog; };
category edns-disabled { edns-disabled_syslog; };
};---
로그 디렉토리 생성 및 권한 설정
sudo mkdir /var/log/named
sudo chown bind:bind /var/log/named
sudo chmod 755 /var/log/named728x90
존 파일 생성
정방향 존 파일(db.example.com)
더보기
---
sudo vim /etc/bind/db.example.com$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
2025050901 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
;
IN NS ns1.example.com.
IN A 192.168.1.100
ns1 IN A 192.168.1.100
www IN A 192.168.1.100---
역방향 존 파일(db.192.168.1)
더보기
---
sudo vim /etc/bind/db.192.168.1$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
2025050901 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
;
IN NS ns1.example.com.
100 IN PTR ns1.example.com.
100 IN PTR www.example.com.---
파일 권한 및 소유자 확인
sudo chown bind:bind /etc/bind/db.example.com /etc/bind/db.192.168.1
sudo chmod 644 /etc/bind/db.example.com /etc/bind/db.192.168.1설정 파일 검증
구문 검사
sudo named-checkconf /etc/bind/named.conf존 파일 검사
sudo named-checkzone example.com /etc/bind/db.example.comBIND9 서비스 시작 및 활성화
부팅 시 자동 시작
sudo systemctl enable --now named서비스 재시작
sudo systemctl restart named상태 확인
sudo systemctl status namedDNS 서버 테스트
로컬 테스트
dig @127.0.0.1 example.com클라이언트 테스트
nslookup example.com
우분투 22.04에서 BIND9를 설치하고 기본 DNS 서버로 설정할 수 있습니다.
참고URL
- ISC Documentation > BIND 9 : ISC Packages for BIND 9
반응형
'네임서버' 카테고리의 다른 글
| BIND9에 뷰를 설정하는 방법 (0) | 2025.05.09 |
|---|---|
| CentOS 7에서 Unbound를 설치하고 DNSSEC을 활성화하여 사용하는 방법 (2) | 2024.10.05 |
| BIND에서 nsupdate 명령을 사용하여 동적으로 존을 변경하는 방법 (0) | 2024.05.29 |
| 우분투에 BIND를 컴파일하고 설치하는 방법 (0) | 2024.05.13 |
| Caching DNS와 Cache-Only DNS의 차이점 및 Bind를 사용하여 구현하는 방법 (0) | 2023.10.27 |
