Bind º¸¾È

named.conf º¸¾È¼³Á¤

logging ¼³Á¤½Ã Bind¹öÀü¿¡ µû¶ó Á¦°øµÇ´Â ¿É¼Ê°ªµéÀÌ ´Ù¸¨´Ï´Ù.

ÀϺιöÀü(BIND 9.2.4 µî)Àº  ¾ø´Â ¿É¼ÇÀÌ ÀÖÀ»¶§ ¿À·ù°¡ »ý°Ü µ¥¸óÀÌ ¾È¶ß´Ï ÁÖÀÇÇϼ¼¿ä!!

logging¶§¹®¿¡ µ¥¸óÀÌ ¾È¶ã½Ã logging°ü·Ã ¿É¼Ç¿¡·¯ ³ª¿À´Â°ÍÀ» »èÁ¦ÇÏ°í µ¥¸óÀ» ¶ì¿öÁֽøéµË´Ï´Ù.

BIND 9.3.4-P1 Àº µ¥¸óÀº Àß¶ä.  ƯÁ¤·Î±×´Â ¹öÀü¿¡ µû¶ó Ʋ·Á ·Î±×°¡ ³²Áö ¾Ê½À´Ï´Ù.  ignoreµÊ

 

1. named.conf ¼³Á¤¿¹Á¦ - loggingºÎºÐÀº ÇÊ¿ä½Ã¸¸ ¼³Á¤Çϼ¼¿ä

 

[@ns2 etc]$ more named.conf

// Set up our ACLs

acl "xfer" {

        none;   // Allow no transfers. If we have other

                        // name servers, place them here.

};

acl "trusted" {

        200.1.1.0/24;

        192.168.0.0/24;

        127.0.0.1;

};

 

options {

    directory "/var/named";

 //   pid-file "/var/named/named.pid";

//    statistics-file "/var/named/named.stats";

//    memstatistics-file "/var/named/named.memstats";

    //dump-file "/var/named/named.dump";

    version "No!!";

 

// query-source address * port 53;

    // Prevent DoS attacks by generating bogus zone transfer

    // requests.  This will result in slower updates to the

    // slave servers (e.g. they will await the poll interval

    // before checking for updates).

    notify no;

 

    // Generate more efficient zone transfers.  This will place

    // multiple DNS records in a DNS message, instead of one per

    // DNS message.

    transfer-format many-answers;

 

    // Set the maximum zone transfer time to something more

    // reasonable.  In this case, we state that any zone transfer

    // that takes longer than 60 minutes is unlikely to ever

    // complete.  WARNING:  If you have very large zone files,

    // adjust this to fit your requirements.

    max-transfer-time-in 60;

 

    // We have no dynamic interfaces, so BIND shouldn't need to

    // poll for interface state {UP|DOWN}.

    interface-interval 0;

 

    allow-transfer {

        // Zone tranfers limited to members of the

        // "xfer" ACL.

        xfer;

    };

 

    allow-query {

        // Accept queries from our "trusted" ACL.  We will

        // allow anyone to query our master zones below.

        // This prevents us from becoming a free DNS server

        // to the masses.

        //trusted;     // trusted ¼³Á¤½Ã ¹Ýµå½Ã ¸ðµç µµ¸ÞÀο¡ allow-query { any; }; ¼³Á¤ÇÊ¿ä

        any;

    };

 

blackhole {

        // Deny anything from the bogon networks as   detailed in the "bogon" ACL.

    //    bogon;

        203.237.102.12;

    };

};

 

logging {

    channel "__default_syslog" {

        // Send most of the named messages to syslog.

        syslog local2;  // ( kern | user | mail | daemon | auth |

                        // syslog | lpr | new | uucp | cron |

                        // authpriv | ftp | local0 | local1 |

                        // local2 | local3 | local4 | local5 |

                        // local6 | local7 )

        severity debug; // ( critical | error | warning | notice |

                        // info | debug [ level ] | dynamic )

    };

 

 

        //

        // log channel list

        //

 

    channel ch_default_log {

        file "/var/named/log/ch_default.log";

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_config_log {

        file "/var/named/log/ch_config.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_parser_log {

        file "/var/named/log/ch_parser.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_queries_log {

        file "/var/named/log/ch_queries.log"  versions 5 size 30m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_lame-servers_log {

        file "/var/named/log/ch_lame-servers.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_statistics_log {

        file "/var/named/log/ch_statistics.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_panic_log {

        file "/var/named/log/ch_panic.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_update_log {

        file "/var/named/log/ch_update.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_ncache_log {

        file "/var/named/log/ch_ncache.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_xfer-in_log {

        file "/var/named/log/ch_xfer-in.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_xfer-out_log {

        file "/var/named/log/ch_xfer-out.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_db_log {

        file "/var/named/log/ch_db.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_eventlib_log {

        file "/var/named/log/ch_eventlib.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_packet_log {

        file "/var/named/log/ch_packet.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_notify_log {

        file "/var/named/log/ch_notify.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_cname_log {

        file "/var/named/log/ch_cname.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_security_log {

        file "/var/named/log/ch_security.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_os_log {

        file "/var/named/log/ch_os.log"  versions 3 size 20m;

        severity debug;
         print-category yes;

         print-severity yes;

         print-time yes;

     };

 

    channel ch_insist_log {
         file "/var/named/log/ch_insist.log"  versions 3 size 20m;

         severity debug;

         print-category yes;

         print-severity yes;

         print-time yes;

     };

 

    channel ch_maintenance_log {
         file "/var/named/log/ch_maintenance.log"  versions 3 size 20m;

         severity debug;

         print-category yes;

         print-severity yes;

         print-time yes;

     };

 

    channel ch_load_log {
         file "/var/named/log/ch_load.log"  versions 3 size 20m;

         severity debug;

         print-category yes;

         print-severity yes;

         print-time yes;

     };

 

    channel ch_response-checks_log {
         file "/var/named/log/ch_response-checks.log"  versions 3 size 20m;

         severity debug;

         print-category yes;

         print-severity yes;

         print-time yes;

     };

 

     category default { ch_default_log; };

     category config { ch_config_log; };

     category parser { ch_parser_log; };

     category queries { ch_queries_log; };

     category lame-servers { ch_lame-servers_log; };

     category statistics { ch_statistics_log; };

     category panic { ch_panic_log; };

     category update { ch_update_log; };

     category ncache { ch_ncache_log; };

     category xfer-in { ch_xfer-in_log; };

     category xfer-out { ch_xfer-out_log; };

     category db { ch_db_log; };

     category eventlib { ch_eventlib_log; };

     category packet { ch_packet_log; };

     category notify { ch_notify_log; };

     category cname { ch_cname_log; };

     category security { ch_security_log; };

     category os { ch_os_log; };

     category insist { ch_insist_log; };

     category maintenance { ch_maintenance_log; };

     category response-checks { ch_response-checks_log; };

     category load { ch_load_log; };

 };

 

 

// a caching only nameserver config
 

zone "." {
 

     type hint;
 

     file "master/db.cache";
 

};
 

 

zone "0.0.127.in-addr.arpa" IN {
 

     type master;
 

     file "master/db.127.0.0";
 

};
 

zone "175.103.210.in-addr.arpa" {
 

        type slave;
 

        file "slave/db.210.103.175";
 

      // isp¿¡¼­ transfer ÇÒ ¼ö ÀÖµµ·Ï ÇØ¾ß ÇÔ.
 

        // ÀÌ Å¬·¡½º¿¡ ´ëÇÑ À§ÀÓÀº isp±îÁö¸¸ µÇ¾î ÀÖ´Ù.
 

        allow-transfer { 203.255.112.34; 203.255.112.4; 200.1.1.1; };
 

        notify yes;
 

};
 

 

2.  dns·Î±× ³²±â´Â µð·ºÅ丮 Ãß°¡Çϱâ

 

# cd /var/named/chroot/var/named
# mkdir log
#  chown named.named log

 

 

# service named restart

 

 

 

·ÎÄà ȣ½ºÆ®
 

[root@ps2 root# chkconfig --list | grep nscd
 

nscd            0:ÇØÁ¦  1:ÇØÁ¦  2:ÇØÁ¦  3:ÇØÁ¦  4:ÇØÁ¦  5:ÇØÁ¦  6:ÇØÁ¦
 

 

 

3.  Centos 5.3  ¿¡  BIND 9.6.1-P1¿¡¼­ÀÇ °¡´ÉÇÑ  logging  ¼³Á¤¿¹

 


logging {

    channel "__default_syslog" {

        // Send most of the named messages to syslog.

        syslog local2;  // ( kern | user | mail | daemon | auth |

                        // syslog | lpr | new | uucp | cron |

                        // authpriv | ftp | local0 | local1 |

                        // local2 | local3 | local4 | local5 |

                        // local6 | local7 )

        severity debug; // ( critical | error | warning | notice |

                        // info | debug [ level ] | dynamic )

    };

 

 

        //

        // log channel list

        //

 

    channel ch_default_log {

        file "/var/named/log/ch_default.log";

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_config_log {

        file "/var/named/log/ch_config.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

 

    channel ch_queries_log {

        file "/var/named/log/ch_queries.log"  versions 5 size 30m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_lame-servers_log {

        file "/var/named/log/ch_lame-servers.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_statistics_log {

        file "/var/named/log/ch_statistics.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };


    channel ch_update_log {

        file "/var/named/log/ch_update.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };


    channel ch_xfer-in_log {

        file "/var/named/log/ch_xfer-in.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_xfer-out_log {

        file "/var/named/log/ch_xfer-out.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };


    channel ch_notify_log {

        file "/var/named/log/ch_notify.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };


    channel ch_security_log {

        file "/var/named/log/ch_security.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

 
     category default { ch_default_log; };

     category config { ch_config_log; };

     category queries { ch_queries_log; };

     category lame-servers { ch_lame-servers_log; };

     category update { ch_update_log; };

     category xfer-in { ch_xfer-in_log; };

     category xfer-out { ch_xfer-out_log; };

     category notify { ch_notify_log; };

     category security { ch_security_log; };

 };