作成したファイルを配置してゆこう、順番に以下のようにしてゆこう。
nyan:/var/named# cd /etc/
nyan:/etc# ls -l | grep named
nyan:/etc# cp /home/mm/a_inst/named.conf .
nyan:/etc# ls -l | grep named
-rw-r--r-- 1 root root 2472 Sep 1 22:58 named.conf
nyan:/etc# cd /var/named/
nyan:/var/named# ls -R
.:
local/ run/
./local:
./run:
nyan:/var/named# cp /home/mm/a_inst/localhost.* .
nyan:/var/named# cp /home/mm/a_inst/bcnet.hosts* .
nyan:/var/named# cp /home/mm/a_inst/root.hints .
nyan:/var/named# ls -l
total 28
-rw-r--r-- 1 root root 508 Sep 1 22:59 bcnet.hosts
-rw-r--r-- 1 root root 468 Sep 1 22:59 bcnet.hosts.rev
drwxr-xr-x 2 root root 4096 Aug 30 18:13 local/
-rw-r--r-- 1 root root 427 Sep 1 22:58 localhost.rev
-rw-r--r-- 1 root root 273 Sep 1 22:58 localhost.zone
-rw-r--r-- 1 root root 2517 Sep 1 22:59 root.hints
drwxr-xr-x 2 root root 4096 Apr 6 2003 run/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~配置は一応完了した、次は named.conf で 決められていた named.pid を 作成 しておこう、
nyan:/var/named# cat /etc/named.conf | grep pid
pid-file "/var/run/named/named.pid";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nyan:/var/named# mkdir /var/run/named
nyan:/var/named# touch /var/run/named/named.pid
nyan:/var/named# ls -R /var/run
/var/run:
atd.pid inet1-scheme inetd.pid klogd.pid named/ \
sshd.pid syslogd.pid utmp
/var/run/named:
named.pid
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~検討してゆこう まず道具はどこにあるのか?何があるのか?以前唐突にnamed-checkconf何ぞを使ってみたがこれをヒントにして
nyan:/var/named# find / -name named-checkconf
/usr/local/sbin/named-checkconf
/usr/local/src/bind-9.2.3/bin/check/named-checkconf
を見ると”/usr/local/sbin/”にあるらしい。
nyan:/var/named# cd /usr/local/sbin/
nyan:/usr/local/sbin# ls
dnssec-keygen* lwresd* rndc*
dnssec-makekeyset* named* rndc-confgen*
dnssec-signkey* named-checkconf*
dnssec-signzone* named-checkzone*
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~使用してみよう 参考;ちなみに ”named.conf”が 無い場合は こんなことになる。
nyan:/usr/local/sbin# named-checkconf
none:0: open: /etc/named.conf: file not found配置が終わってるので
nyan:/usr/local/sbin# named-checkconf
/etc/named.conf:83: open: /etc/rndc.key: file not found
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nyan:/usr/local/sbin# cat -n /etc/named.conf | grep 83
83 include "/etc/rndc.key";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~これは ”rndc.key”が 無いよーということであるので作成しよう
nyan:/usr/local/sbin# rndc-confgen -a -b 512 nyan:/usr/local/sbin# named-checkconf
できてるのであろう
nyan:/usr/local/sbin# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "PI1AKWHTTegVjf/xpOO3uvYDaTjoQVVzWNsKTe\
TSEcPnjb0C+EJZXUlJSK6zIevtx7/5ifyNfNTjrG/C0YWPfQ==";
};
nyan:/usr/local/sbin# rndc-confgen -a -b 512
nyan:/usr/local/sbin# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "/VC6r5j68LzuUU2Mj407KEdt1UMPRrkoTAXlfTk\
uH/HmZGUVj3XVt6kKHAwZxwkgB9cUQI9P1n+qoZQ5KQuomQ==";
};
作成する毎に番号が変わる。zone file を 見てゆこう
nyan:/usr/local/sbin# named-checkzone bcnet.hosts /var/named/bcnet.hosts zone bcnet.hosts/IN: loaded serial 20030121 OK nyan:/usr/local/sbin# named-checkzone bcnet.hosts.rev /var/named/bcnet.hosts.rev zone bcnet.hosts.rev/IN: loaded serial 20030121 OK nyan:/usr/local/sbin# named-checkzone localhost.zone /var/named/localhost.zone zone localhost.zone/IN: loaded serial 20030121 OK nyan:/usr/local/sbin# named-checkzone localhost.rev /var/named/localhost.rev zone localhost.rev/IN: loaded serial 20030121 OK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
動かして見よう /var/log//var/log/messages の 抜粋を 付記
nyan:/usr/local/sbin# named Sep 2 00:10:35 nyan named[577]: starting BIND 9.2.3 Sep 2 00:10:35 nyan named[577]: using 1 CPU Sep 2 00:10:36 nyan named[577]: loading configuration from '/etc/named.conf' Sep 2 00:10:36 nyan named[577]: no IPv6 interfaces found Sep 2 00:10:36 nyan named[577]: listening on IPv4 interface lo, 127.0.0.1#53 Sep 2 00:10:36 nyan named[577]: listening on IPv4 interface eth0, 192.168.0.5#53 Sep 2 00:10:36 nyan named[577]: command channel listening on 127.0.0.1#953 Sep 2 00:10:36 nyan named[577]: zone 0.0.127.in-addr.arpa/IN: \ loaded serial 20030121 Sep 2 00:10:36 nyan named[577]: zone 0.168.192.in-addr.arpa/IN: \ loaded serial 20030121 Sep 2 00:10:36 nyan named[577]: zone bcnet.ne.jp/IN: loaded serial 20030121 Sep 2 00:10:36 nyan named[577]: zone localhost/IN: loaded serial 20030121 Sep 2 00:10:36 nyan named[577]: running ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
動いたみたいだ,停めてみよう
nyan:/usr/local/sbin# ps ax | grep named
577 ? S 0:00 named
580 pts/0 S 0:00 grep named
nyan:/usr/local/sbin# kill 577
nyan:/usr/local/sbin# ps ax | grep named
582 pts/0 S 0:00 grep named
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sep 2 00:12:37 nyan named[577]: shutting down
Sep 2 00:12:37 nyan named[577]: stopping command channel on 127.0.0.1#953
Sep 2 00:12:37 nyan named[577]: no longer listening on 127.0.0.1#53
Sep 2 00:12:37 nyan named[577]: no longer listening on 192.168.0.5#53
Sep 2 00:12:37 nyan named[577]: exiting
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~停止したようだ、簡易試験をしてみよう、まず ”/etc/resolv.conf”を 初期状態にする
nyan:/usr/local/sbin# cat /etc/resolv.conf
search frop.org
nyan:/usr/local/sbin# ps ax | grep named
643 pts/0 S 0:00 grep named
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~bind すなわち named の 停止確認
mm@nyan:~$ dig nyanta.no-ip.info
; <<>> DiG 9.2.3 <<>> nyanta.no-ip.info
;; global options: printcmd
;; connection timed out; no servers could be reached
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm@nyan:~$ nslookup nyanta.no-ip.info
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
;; connection timed out; no servers could be reached
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~”/etc/resolv.conf”の 変更
nyan:/usr/local/sbin# cat /etc/resolv.conf
nameserver 192.168.0.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm@nyan:~$ nslookup nyanta.no-ip.info
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 192.168.0.1
Address: 192.168.0.1#53
Name: nyanta.no-ip.info
Address: 218.221.26.182
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~これから考えられることは bind すなわち named の停止でも/etc/resolv.conf が 適切に設定されていれば 求めるサーバーの IP アドレスは 得ることが可能である。 即ち、 bind (named)なんぞ無くてもいいのである。クライアントである限は、そこで /etc/resolv.conf を 初期状態にして 別の試験をしてみよう、
nyan:/etc# cat resolv.conf
search frop.org
nyan:/usr/local/sbin# ps ax | grep named
663 pts/0 S 0:00 grep named
mm@nyan:~$ nslookup nyanta.no-ip.info
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
;; connection timed out; no servers could be reached
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~named を 起動すると
nyan:/usr/local/sbin# named
nyan:/usr/local/sbin# ps ax | grep named
666 ? S 0:00 named
669 pts/0 S 0:00 grep named
mm@nyan:~$ nslookup nyanta.no-ip.info
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: nyanta.no-ip.info
Address: 218.221.26.182
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~これらから類推するに /etc/resolv.conf が初期状態であっても named 起動で 名前の解決は可能である。もうひとつ確認しておこう、まず named の 停止
nyan:/usr/local/sbin# ps ax | grep named
666 ? S 0:00 named
687 pts/0 S 0:00 grep named
nyan:/usr/local/sbin# kill 666
nyan:/usr/local/sbin# ps ax | grep named
689 pts/0 S 0:00 grep named
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nyan:/etc# diff -s named.conf 003_named.conf
14c14
< recursion no;
---
> recursion yes;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~named.conf の 変更 文法を 検査
nyan:/usr/local/sbin# named-checkconf問題は無いようだ
mm@nyan:~/a_inst$ nslookup nyanta.no-ip.info
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
;; connection timed out; no servers could be reached
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~当然何も起こらない named の 起動 /var/log/messages の 抜粋付記
nyan:/usr/local/sbin# named
Sep 2 00:50:35 nyan named[703]: starting BIND 9.2.3
Sep 2 00:50:35 nyan named[703]: using 1 CPU
Sep 2 00:50:36 nyan named[703]: loading configuration from '/etc/named.conf'
Sep 2 00:50:36 nyan named[703]: no IPv6 interfaces found
Sep 2 00:50:36 nyan named[703]: listening on IPv4 interface lo, 127.0.0.1#53
Sep 2 00:50:36 nyan named[703]: listening on IPv4 interface eth0, 192.168.0.5#53
Sep 2 00:50:36 nyan named[703]: command channel listening on 127.0.0.1#953
Sep 2 00:50:36 nyan named[703]: zone 0.0.127.in-addr.arpa/IN: \
loaded serial 20030121
Sep 2 00:50:36 nyan named[703]: zone 0.168.192.in-addr.arpa/IN: \
loaded serial 20030121
Sep 2 00:50:36 nyan named[703]: zone bcnet.ne.jp/IN: loaded serial 20030121
Sep 2 00:50:36 nyan named[703]: zone localhost/IN: loaded serial 20030121
Sep 2 00:50:36 nyan named[703]: running
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm@nyan:~/a_inst$ nslookup nyanta.no-ip.info
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
*** Can't find nyanta.no-ip.info: No answer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm@nyan:~/a_inst$ dig nyanta.no-ip.info
; <<>> DiG 9.2.3 <<>> nyanta.no-ip.info
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38687
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
;; QUESTION SECTION:
;nyanta.no-ip.info. IN A
;; AUTHORITY SECTION:
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 2 00:52:16 2004
;; MSG SIZE rcvd: 251
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~これが recursion no; と recursion yes; の 違いである。
nyan:/etc# diff -s named.conf 003_named.conf
14c14
< recursion no;
---
> recursion yes;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~一方 プライベートネットワークに対しては”recursion no;”であっても
mm@nyan:~/a_inst$ nslookup nyan
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
*** Can't find nyan: No answer
mm@nyan:~/a_inst$ nslookup nyan.bcnet.ne.jp
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: nyan.bcnet.ne.jp
Address: 192.168.0.5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm@nyan:~/a_inst$ nslookup nl
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
*** Can't find nl: No answer
mm@nyan:~/a_inst$ nslookup nl.bcnet.ne.jp
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: nl.bcnet.ne.jp
Address: 192.168.0.8
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~条件により 解答が得られる。これらから ”recursion no;”と”recursion yes;”の相違がより具体的になる。named を 停止しよう
nyan:/usr/local/sbin# ps ax | grep named
703 ? S 0:00 named
737 pts/0 S 0:00 grep named
nyan:/usr/local/sbin# kill 703
nyan:/usr/local/sbin# ps ax | grep named
739 pts/0 S 0:00 grep named
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~named を ”recursion yes;”の方に設定しよう。
nyan:/etc# cat named.conf | grep recursion
recursion yes;文法検査しよう
nyan:/usr/local/sbin# named-checkconf良いようだ named を 起動しよう /var/log/messages の 抜粋付記
nyan:/usr/local/sbin# named
Sep 2 01:08:19 nyan named[760]: starting BIND 9.2.3
Sep 2 01:08:19 nyan named[760]: using 1 CPU
Sep 2 01:08:19 nyan named[760]: loading configuration from '/etc/named.conf'
Sep 2 01:08:19 nyan named[760]: no IPv6 interfaces found
Sep 2 01:08:19 nyan named[760]: listening on IPv4 interface lo, 127.0.0.1#53
Sep 2 01:08:19 nyan named[760]: listening on IPv4 interface eth0, \
192.168.0.5#53
Sep 2 01:08:19 nyan named[760]: command channel listening on 127.0.0.1#953
Sep 2 01:08:19 nyan named[760]: zone 0.0.127.in-addr.arpa/IN: \
loaded serial 20030121
Sep 2 01:08:19 nyan named[760]: zone 0.168.192.in-addr.arpa/IN: \
loaded serial 20030121
Sep 2 01:08:19 nyan named[760]: zone bcnet.ne.jp/IN: loaded serial 20030121
Sep 2 01:08:19 nyan named[760]: zone localhost/IN: loaded serial 20030121
Sep 2 01:08:19 nyan named[760]: running
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~動いてまっせ
mm@nyan:~/a_inst$ nslookup nl
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
*** Can't find nl: No answer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm@nyan:~/a_inst$ nslookup nl.bcnet.ne.jp
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: nl.bcnet.ne.jp
Address: 192.168.0.8
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~さて問題の nyanta.no-ip.info を 探そう。
mm@nyan:~/a_inst$ nslookup nyanta.no-ip.info
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: nyanta.no-ip.info
Address: 218.221.26.182
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~探し出せた dig でも 見ておこう
mm@nyan:~/a_inst$ dig nyanta.no-ip.info
; <<>> DiG 9.2.3 <<>> nyanta.no-ip.info
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7709
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;nyanta.no-ip.info. IN A
;; ANSWER SECTION:
nyanta.no-ip.info. 60 IN A 218.221.26.182
;; AUTHORITY SECTION:
no-ip.info. 53384 IN NS nf2.no-ip.com.
no-ip.info. 53384 IN NS nf1.no-ip.com.
;; ADDITIONAL SECTION:
nf1.no-ip.com. 139828 IN A 63.215.241.225
nf2.no-ip.com. 139828 IN A 63.208.74.227
;; Query time: 2279 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 2 01:13:43 2004
;; MSG SIZE rcvd: 133
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~後は自動起動の設定と /etc/resolv.conf の 再調整を 行う 2004年 9月 2日 (木) 01:15:41 JST 本件ここまで。
