Skip to content

조회 수 23623 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
예제로 보는 named.conf

 

logging 설정시 Bind버전에 따라 제공되는 옵셥값들이 다릅니다.

일부버전(BIND 9.2.4 등)은  없는 옵션이 있을떄 오류가 생겨 데몬이 안뜨니 주의하세요!!

logging때문에 데몬이 안뜰시 logging관련 옵션에러 나오는것을 삭제하고 데몬을 띠워주시면됩니다.

BIND 9.3.4-P1 은 데몬은 잘뜸.  특정로그는 버전에 따라 틀려 로그가 남지 않습니다.  ignore됨

 

1. named.conf 설정예제 - logging부분은 필요시만 설정하세요

 

[@ns2 etc]$ more named.conf

// Set up our ACLs

acl "xfer" {

        none;   // Allow no transfers. If we have other

                        // name servers, place them here.

};

acl "trusted" {

        200.1.1.0/24;

        192.168.0.0/24;

        127.0.0.1;

};

 

options {

    directory "/var/named";

 //   pid-file "/var/named/named.pid";

//    statistics-file "/var/named/named.stats";

//    memstatistics-file "/var/named/named.memstats";

    //dump-file "/var/named/named.dump";

    version "No!!";

 

// query-source address * port 53;

    // Prevent DoS attacks by generating bogus zone transfer

    // requests.  This will result in slower updates to the

    // slave servers (e.g. they will await the poll interval

    // before checking for updates).

    notify no;

 

    // Generate more efficient zone transfers.  This will place

    // multiple DNS records in a DNS message, instead of one per

    // DNS message.

    transfer-format many-answers;

 

    // Set the maximum zone transfer time to something more

    // reasonable.  In this case, we state that any zone transfer

    // that takes longer than 60 minutes is unlikely to ever

    // complete.  WARNING:  If you have very large zone files,

    // adjust this to fit your requirements.

    max-transfer-time-in 60;

 

    // We have no dynamic interfaces, so BIND shouldn't need to

    // poll for interface state {UP|DOWN}.

    interface-interval 0;

 

    allow-transfer {

        // Zone tranfers limited to members of the

        // "xfer" ACL.

        xfer;

    };

 

    allow-query {

        // Accept queries from our "trusted" ACL.  We will

        // allow anyone to query our master zones below.

        // This prevents us from becoming a free DNS server

        // to the masses.

        //trusted;     // trusted 설정시 반드시 모든 도메인에 allow-query { any; }; 설정필요

        any;

    };

 

blackhole {

        // Deny anything from the bogon networks as   detailed in the "bogon" ACL.

    //    bogon;

        203.237.102.12;

    };

};

 

logging {

    channel "__default_syslog" {

        // Send most of the named messages to syslog.

        syslog local2;  // ( kern | user | mail | daemon | auth |

                        // syslog | lpr | new | uucp | cron |

                        // authpriv | ftp | local0 | local1 |

                        // local2 | local3 | local4 | local5 |

                        // local6 | local7 )

        severity debug; // ( critical | error | warning | notice |

                        // info | debug [ level ] | dynamic )

    };

 

 

        //

        // log channel list

        //

 

    channel ch_default_log {

        file "/var/named/log/ch_default.log";

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_config_log {

        file "/var/named/log/ch_config.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_parser_log {

        file "/var/named/log/ch_parser.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_queries_log {

        file "/var/named/log/ch_queries.log"  versions 5 size 30m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_lame-servers_log {

        file "/var/named/log/ch_lame-servers.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_statistics_log {

        file "/var/named/log/ch_statistics.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_panic_log {

        file "/var/named/log/ch_panic.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_update_log {

        file "/var/named/log/ch_update.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_ncache_log {

        file "/var/named/log/ch_ncache.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_xfer-in_log {

        file "/var/named/log/ch_xfer-in.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_xfer-out_log {

        file "/var/named/log/ch_xfer-out.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_db_log {

        file "/var/named/log/ch_db.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_eventlib_log {

        file "/var/named/log/ch_eventlib.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_packet_log {

        file "/var/named/log/ch_packet.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_notify_log {

        file "/var/named/log/ch_notify.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_cname_log {

        file "/var/named/log/ch_cname.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_security_log {

        file "/var/named/log/ch_security.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_os_log {

        file "/var/named/log/ch_os.log"  versions 3 size 20m;

        severity debug;
         print-category yes;

         print-severity yes;

         print-time yes;

     };

 

    channel ch_insist_log {
         file "/var/named/log/ch_insist.log"  versions 3 size 20m;

         severity debug;

         print-category yes;

         print-severity yes;

         print-time yes;

     };

 

    channel ch_maintenance_log {
         file "/var/named/log/ch_maintenance.log"  versions 3 size 20m;

         severity debug;

         print-category yes;

         print-severity yes;

         print-time yes;

     };

 

    channel ch_load_log {
         file "/var/named/log/ch_load.log"  versions 3 size 20m;

         severity debug;

         print-category yes;

         print-severity yes;

         print-time yes;

     };

 

    channel ch_response-checks_log {
         file "/var/named/log/ch_response-checks.log"  versions 3 size 20m;

         severity debug;

         print-category yes;

         print-severity yes;

         print-time yes;

     };

 

     category default { ch_default_log; };

     category config { ch_config_log; };

     category parser { ch_parser_log; };

     category queries { ch_queries_log; };

     category lame-servers { ch_lame-servers_log; };

     category statistics { ch_statistics_log; };

     category panic { ch_panic_log; };

     category update { ch_update_log; };

     category ncache { ch_ncache_log; };

     category xfer-in { ch_xfer-in_log; };

     category xfer-out { ch_xfer-out_log; };

     category db { ch_db_log; };

     category eventlib { ch_eventlib_log; };

     category packet { ch_packet_log; };

     category notify { ch_notify_log; };

     category cname { ch_cname_log; };

     category security { ch_security_log; };

     category os { ch_os_log; };

     category insist { ch_insist_log; };

     category maintenance { ch_maintenance_log; };

     category response-checks { ch_response-checks_log; };

     category load { ch_load_log; };

 };

 

 

// a caching only nameserver config
 

zone "." {
 

     type hint;
 

     file "master/db.cache";
 

};
 

 

zone "0.0.127.in-addr.arpa" IN {
 

     type master;
 

     file "master/db.127.0.0";
 

};
 

zone "175.103.210.in-addr.arpa" {
 

        type slave;
 

        file "slave/db.210.103.175";
 

      // isp에서 transfer 할 수 있도록 해야 함.
 

        // 이 클래스에 대한 위임은 isp까지만 되어 있다.
 

        allow-transfer { 203.255.112.34; 203.255.112.4; 200.1.1.1; };
 

        notify yes;
 

};
 

 

2.  dns로그 남기는 디렉토리 추가하기

 

# cd /var/named/chroot/var/named
# mkdir log
#  chown named.named log

 

 

# service named restart

 

 

 

로컬 호스트
 

[root@ps2 root# chkconfig --list | grep nscd
 

nscd            0:해제  1:해제  2:해제  3:해제  4:해제  5:해제  6:해제
 

 

 

3.  Centos 5.3  에  BIND 9.6.1-P1에서의 가능한  logging  설정예

 


logging {

    channel "__default_syslog" {

        // Send most of the named messages to syslog.

        syslog local2;  // ( kern | user | mail | daemon | auth |

                        // syslog | lpr | new | uucp | cron |

                        // authpriv | ftp | local0 | local1 |

                        // local2 | local3 | local4 | local5 |

                        // local6 | local7 )

        severity debug; // ( critical | error | warning | notice |

                        // info | debug [ level ] | dynamic )

    };

 

 

        //

        // log channel list

        //

 

    channel ch_default_log {

        file "/var/named/log/ch_default.log";

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_config_log {

        file "/var/named/log/ch_config.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

 

    channel ch_queries_log {

        file "/var/named/log/ch_queries.log"  versions 5 size 30m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_lame-servers_log {

        file "/var/named/log/ch_lame-servers.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_statistics_log {

        file "/var/named/log/ch_statistics.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };


    channel ch_update_log {

        file "/var/named/log/ch_update.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };


    channel ch_xfer-in_log {

        file "/var/named/log/ch_xfer-in.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };

    channel ch_xfer-out_log {

        file "/var/named/log/ch_xfer-out.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };


    channel ch_notify_log {

        file "/var/named/log/ch_notify.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };


    channel ch_security_log {

        file "/var/named/log/ch_security.log"  versions 3 size 20m;

        severity debug;

        print-category yes;

        print-severity yes;

        print-time yes;

    };


 

 
     category default { ch_default_log; };

     category config { ch_config_log; };


     category queries { ch_queries_log; };

     category lame-servers { ch_lame-servers_log; };

 

     category update { ch_update_log; };


     category xfer-in { ch_xfer-in_log; };

     category xfer-out { ch_xfer-out_log; };

 

     category notify { ch_notify_log; };


     category security { ch_security_log; };

 

 

 };

 


List of Articles
번호 제목 글쓴이 날짜 조회 수
29 dnstop 설치 ADMINPLAY 2014.01.19 5270
28 [DNS] Bind 9.x 로 업그레이드 하기 ADMINPLAY 2013.09.09 7675
27 DNS 기본 동작 설명 2 file ADMINPLAY 2012.07.30 12214
26 DNS의 3가지 메시지 타입 1 ADMINPLAY 2012.07.30 9967
25 [Contents Networking] [문제의 답] Google DNS와 Akamai CDN ADMINPLAY 2012.07.30 9290
24 [DNS] 응답의 종류: Non-authoritative Answer ADMINPLAY 2010.09.02 22238
23 각 ISP 업체별 DNS 서버목록 입니다. ADMINPLAY 2010.03.10 17955
22 RedHat 8에 bind-9.3.2 소스설치 ADMINPLAY 2010.01.25 17937
21 DNS 포워더 설정 ADMINPLAY 2010.01.05 19346
20 DNS 싱크홀 (악성 봇 감염) file ADMINPLAY 2009.12.08 23665
19 DNS 의 Cache Poisoning 취약점 ADMINPLAY 2009.12.08 21131
18 lame server resoving ADMINPLAY 2009.12.08 17550
17 서브도메인 유출 방지방법 ADMINPLAY 2009.11.11 19146
16 DNS 개념을 위한 상식용어 ADMINPLAY 2009.11.04 30875
» bind 세부로그 남기기- named.conf logging설정 예제 ADMINPLAY 2009.10.31 23623
14 CentOS5,Fedora7 네임서버 설정법 file ADMINPLAY 2009.10.31 18811
13 'could not set file modification time' 와 같은 오류 메... file ADMINPLAY 2009.10.20 19894
12 네임서버 named.conf 파일과 zone파일 체크 방법 ADMINPLAY 2009.07.31 17962
11 DNS TCP53, UDP53 용도 ADMINPLAY 2009.06.04 18636
10 인버스 도메인 신청,위임 및 서브도메인 위임 ADMINPLAY 2009.03.29 17831
Board Pagination Prev 1 2 Next
/ 2

Copyright ADMINPLAY corp. All rights reserved.

abcXYZ, 세종대왕,1234

abcXYZ, 세종대왕,1234