|
Bind º¸¾È |
|---|
|
named.conf º¸¾È¼³Á¤ logging ¼³Á¤½Ã Bind¹öÀü¿¡ µû¶ó Á¦°øµÇ´Â ¿É¼Ê°ªµéÀÌ ´Ù¸¨´Ï´Ù. ÀϺιöÀü(BIND 9.2.4 µî)Àº ¾ø´Â ¿É¼ÇÀÌ ÀÖÀ»¶§ ¿À·ù°¡ »ý°Ü µ¥¸óÀÌ ¾È¶ß´Ï ÁÖÀÇÇϼ¼¿ä!! logging¶§¹®¿¡ µ¥¸óÀÌ ¾È¶ã½Ã logging°ü·Ã ¿É¼Ç¿¡·¯ ³ª¿À´Â°ÍÀ» »èÁ¦ÇÏ°í µ¥¸óÀ» ¶ì¿öÁֽøéµË´Ï´Ù. BIND 9.3.4-P1 Àº µ¥¸óÀº À߶ä. ƯÁ¤·Î±×´Â ¹öÀü¿¡ µû¶ó Ʋ·Á ·Î±×°¡ ³²Áö ¾Ê½À´Ï´Ù. ignoreµÊ
1. named.conf ¼³Á¤¿¹Á¦ - loggingºÎºÐÀº ÇÊ¿ä½Ã¸¸ ¼³Á¤Çϼ¼¿ä
[@ns2 etc]$ more named.conf // Set up our ACLs acl "xfer" { none; // Allow no transfers. If we have other // name servers, place them here. }; acl "trusted" { 200.1.1.0/24; 192.168.0.0/24; 127.0.0.1; };
options { directory "/var/named"; // pid-file "/var/named/named.pid"; // statistics-file "/var/named/named.stats"; // memstatistics-file "/var/named/named.memstats"; //dump-file "/var/named/named.dump"; version "No!!";
// query-source address * port 53; // Prevent DoS attacks by generating bogus zone transfer // requests. This will result in slower updates to the // slave servers (e.g. they will await the poll interval // before checking for updates). notify no;
// Generate more efficient zone transfers. This will place // multiple DNS records in a DNS message, instead of one per // DNS message. transfer-format many-answers;
// Set the maximum zone transfer time to something more // reasonable. In this case, we state that any zone transfer // that takes longer than 60 minutes is unlikely to ever // complete. WARNING: If you have very large zone files, // adjust this to fit your requirements. max-transfer-time-in 60;
// We have no dynamic interfaces, so BIND shouldn't need to // poll for interface state {UP|DOWN}. interface-interval 0;
allow-transfer { // Zone tranfers limited to members of the // "xfer" ACL. xfer; };
allow-query { // Accept queries from our "trusted" ACL. We will // allow anyone to query our master zones below. // This prevents us from becoming a free DNS server // to the masses. //trusted; // trusted ¼³Á¤½Ã ¹Ýµå½Ã ¸ðµç µµ¸ÞÀο¡ allow-query { any; }; ¼³Á¤ÇÊ¿ä any; };
blackhole { // Deny anything from the bogon networks as detailed in the "bogon" ACL. // bogon; 203.237.102.12; }; };
logging { channel "__default_syslog" { // Send most of the named messages to syslog. syslog local2; // ( kern | user | mail | daemon | auth | // syslog | lpr | new | uucp | cron | // authpriv | ftp | local0 | local1 | // local2 | local3 | local4 | local5 | // local6 | local7 ) severity debug; // ( critical | error | warning | notice | // info | debug [ level ] | dynamic ) };
// // log channel list //
channel ch_default_log { file "/var/named/log/ch_default.log"; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_config_log { file "/var/named/log/ch_config.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_parser_log { file "/var/named/log/ch_parser.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_queries_log { file "/var/named/log/ch_queries.log" versions 5 size 30m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_lame-servers_log { file "/var/named/log/ch_lame-servers.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_statistics_log { file "/var/named/log/ch_statistics.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_panic_log { file "/var/named/log/ch_panic.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_update_log { file "/var/named/log/ch_update.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_ncache_log { file "/var/named/log/ch_ncache.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_xfer-in_log { file "/var/named/log/ch_xfer-in.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_xfer-out_log { file "/var/named/log/ch_xfer-out.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_db_log { file "/var/named/log/ch_db.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_eventlib_log { file "/var/named/log/ch_eventlib.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_packet_log { file "/var/named/log/ch_packet.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_notify_log { file "/var/named/log/ch_notify.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_cname_log { file "/var/named/log/ch_cname.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_security_log { file "/var/named/log/ch_security.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_os_log { file "/var/named/log/ch_os.log" versions 3 size 20m; severity debug; print-severity yes; print-time yes; };
channel ch_insist_log { severity debug; print-category yes; print-severity yes; print-time yes; };
channel ch_maintenance_log { severity debug; print-category yes; print-severity yes; print-time yes; };
channel ch_load_log { severity debug; print-category yes; print-severity yes; print-time yes; };
channel ch_response-checks_log { severity debug; print-category yes; print-severity yes; print-time yes; };
category default { ch_default_log; }; category config { ch_config_log; }; category parser { ch_parser_log; }; category queries { ch_queries_log; }; category lame-servers { ch_lame-servers_log; }; category statistics { ch_statistics_log; }; category panic { ch_panic_log; }; category update { ch_update_log; }; category ncache { ch_ncache_log; }; category xfer-in { ch_xfer-in_log; }; category xfer-out { ch_xfer-out_log; }; category db { ch_db_log; }; category eventlib { ch_eventlib_log; }; category packet { ch_packet_log; }; category notify { ch_notify_log; }; category cname { ch_cname_log; }; category security { ch_security_log; }; category os { ch_os_log; }; category insist { ch_insist_log; }; category maintenance { ch_maintenance_log; }; category response-checks { ch_response-checks_log; }; category load { ch_load_log; }; };
// a caching only nameserver config zone "." { type hint; file "master/db.cache"; };
zone "0.0.127.in-addr.arpa" IN { type master; file "master/db.127.0.0"; }; zone "175.103.210.in-addr.arpa" { type slave; file "slave/db.210.103.175"; // isp¿¡¼ transfer ÇÒ ¼ö ÀÖµµ·Ï ÇØ¾ß ÇÔ. // ÀÌ Å¬·¡½º¿¡ ´ëÇÑ À§ÀÓÀº isp±îÁö¸¸ µÇ¾î ÀÖ´Ù. allow-transfer { 203.255.112.34; 203.255.112.4; 200.1.1.1; };
notify yes; };
2. dns·Î±× ³²±â´Â µð·ºÅ丮 Ãß°¡Çϱâ
# cd /var/named/chroot/var/named
# service named restart
·ÎÄà ȣ½ºÆ® [root@ps2 root# chkconfig --list | grep nscd nscd 0:ÇØÁ¦ 1:ÇØÁ¦ 2:ÇØÁ¦ 3:ÇØÁ¦ 4:ÇØÁ¦ 5:ÇØÁ¦ 6:ÇØÁ¦
3. Centos 5.3 ¿¡ BIND 9.6.1-P1¿¡¼ÀÇ °¡´ÉÇÑ logging ¼³Á¤¿¹
channel "__default_syslog" { // Send most of the named messages to syslog. syslog local2; // ( kern | user | mail | daemon | auth | // syslog | lpr | new | uucp | cron | // authpriv | ftp | local0 | local1 | // local2 | local3 | local4 | local5 | // local6 | local7 ) severity debug; // ( critical | error | warning | notice | // info | debug [ level ] | dynamic ) };
// // log channel list //
channel ch_default_log { file "/var/named/log/ch_default.log"; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_config_log { file "/var/named/log/ch_config.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; };
channel ch_queries_log { file "/var/named/log/ch_queries.log" versions 5 size 30m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_lame-servers_log { file "/var/named/log/ch_lame-servers.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_statistics_log { file "/var/named/log/ch_statistics.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; };
file "/var/named/log/ch_update.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; };
file "/var/named/log/ch_xfer-in.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; channel ch_xfer-out_log { file "/var/named/log/ch_xfer-out.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; };
file "/var/named/log/ch_notify.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; };
file "/var/named/log/ch_security.log" versions 3 size 20m; severity debug; print-category yes; print-severity yes; print-time yes; }; category config { ch_config_log; }; category queries { ch_queries_log; }; category lame-servers { ch_lame-servers_log; }; category update { ch_update_log; }; category xfer-in { ch_xfer-in_log; }; category xfer-out { ch_xfer-out_log; }; category notify { ch_notify_log; }; category security { ch_security_log; }; }; |