«   2025/01   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Archives
Today
Total
관리 메뉴

VIDEOCUBE

[DNS] /var/named 폴더 경로 변경하기 본문

시스템

[DNS] /var/named 폴더 경로 변경하기

라떼청년 2017. 11. 20. 23:26

존 사설 DNS 편에서 설치 했던 DNS 기본 설치 항목에서 

/var/named 에 설치가 되어있다

기본 디렉토리를 이용하면 좋지만 /var 의 여유공간을 적게 잡았을 경우 작업 폴더를 옮겨야 하는 경우가 있을 수 있다.


작업 폴더를 /data 라는 공간으로 심볼링 링크를 걸어보았다.

lrwxrwxrwx.  1 root root    11 2017-11-20 21:33 named -> /data/named


현재 권한은 root 에서 작업을 하였기 때문에 root 로 지정이 되어 있다.


symbolic link 를 걸고 소유자를 변경해 보았다.

chown named:named /var/named > 전혀 소유자를 지정할 수 없었다.

lrwxrwxrwx.  1 root root    11 2017-11-20 21:33 named -> /data/named


Symbolic Link를 걸 때 소유자를 지정하는 옵션은

chown -h named:named /var/named 를 통해서 지정이 가능하다.

lrwxrwxrwx.  1 named named    11 2017-11-20 21:33 named -> /data/named


service named start > 실행행

named 시작 중: mount: block device /etc/named is write-protected, mounting read-only

mount: cannot mount block device /etc/named read-only

mount: block device /var/named is write-protected, mounting read-only

mount: cannot mount block device /var/named read-only

mount: block device /etc/named.conf is write-protected, mounting read-only

mount: cannot mount block device /etc/named.conf read-only

mount: block device /etc/named.rfc1912.zones is write-protected, mounting read-only

mount: cannot mount block device /etc/named.rfc1912.zones read-only

mount: block device /etc/rndc.key is write-protected, mounting read-only

mount: cannot mount block device /etc/rndc.key read-only

mount: block device /usr/lib64/bind is write-protected, mounting read-only

mount: cannot mount block device /usr/lib64/bind read-only

mount: block device /etc/named.iscdlv.key is write-protected, mounting read-only

mount: cannot mount block device /etc/named.iscdlv.key read-only

mount: block device /etc/named.root.key is write-protected, mounting read-only

mount: cannot mount block device /etc/named.root.key read-only

mount: block device /etc/services is write-protected, mounting read-only

mount: cannot mount block device /etc/services read-only

mount: block device /etc/protocols is write-protected, mounting read-only

mount: cannot mount block device /etc/protocols read-only

mount: block device /lib64/libnss_files-2.12.so is write-protected, mounting read-only

mount: cannot mount block device /lib64/libnss_files-2.12.so read-only


Error in named configuration:

isc_dir_chroot: permission denied

                                                           [실패]

실패가 발생했다..

DNS 는 실행 시 mount 를 하여 작업을 하는데 심볼릭으로 처리를 하게 되면 

permission denined 를 얻게 되었다.


해서 정석대로 DNS named 폴더를 이동해 보기로 했다.

보통 vi /etc/named.conf 여기에서 수정을 하는 것처럼 보이는데. 실제로

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";


/var/named/chroot 가 Base 로서 

ㄴ /var/named/chroot/var/named 로 설정이 되는 것이다.


vi /etc/sysconfig/named


ㄴROOTDIR=/var/named/chroot

항목이 있다. ROOTDIR 을 변경해 보자

ROOTDIR=/data/named/chroot


named 시작 중: 

Error in named configuration:

zone localhost.localdomain/IN: loading from master file named.localhost failed: file not found

zone localhost.localdomain/IN: not loaded due to errors.

_default/localhost.localdomain/IN: file not found

zone localhost/IN: loading from master file named.localhost failed: file not found

zone localhost/IN: not loaded due to errors.

_default/localhost/IN: file not found

zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loading from master file named.loopback failed: file not found

zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: not loaded due to errors.

_default/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: file not found

zone 1.0.0.127.in-addr.arpa/IN: loading from master file named.loopback failed: file not found

zone 1.0.0.127.in-addr.arpa/IN: not loaded due to errors.

_default/1.0.0.127.in-addr.arpa/IN: file not found

zone 0.in-addr.arpa/IN: loading from master file named.empty failed: file not found

zone 0.in-addr.arpa/IN: not loaded due to errors.

_default/0.in-addr.arpa/IN: file not found

zone videocube.lab/IN: loading from master file videocube.lab.zone failed: file not found

zone videocube.lab/IN: not loaded due to errors.

_default/videocube.lab/IN: file not found

zone 1.168.192.in-addr.arpa/IN: loading from master file videocube.lab.rev failed: file not found

zone 1.168.192.in-addr.arpa/IN: not loaded due to errors.

_default/1.168.192.in-addr.arpa/IN: file not found

                                                           [실패]

File 을 찾을 수 없다고 한다.


이전 블로그에서 

/var/named/chroot


├── dev

│   ├── null

│   ├── random

│   └── zero

├── etc

│   ├── localtime

│   ├── named

│   └── pki

│       └── dnssec-keys

├── lib64

├── usr

│   └── lib64

│       └── bind

└── var

    ├── log

    ├── named

    ├── run

    │   └── named

    └── tmp



출처: http://videocube.tistory.com/entry/사설-DNS-구축해-보기 [VIDEOCUBE]


/var/named/chroot 하위에 var 폴더를 data 로 수정 한다


vi /etc/named.conf


파일에서 


directory "/data/named";

dump-file "/data/named/data/cache_dump.db";

        statistics-file "/data/named/data/named_stats.txt";

        memstatistics-file "/data/named/data/named_mem_stats.txt";

pid-file "/data/run/named/named.pid";

session-keyfile "/data/run/named/session.key";

managed-keys-directory "/data/named/dynamic";


변경하였다. pid-file, session-keyfile 은 별도로 지정하지 않으면, 

/data/named/chroot/var/run 으로 생성이 된다


vi /etc/init.d/named

PIDFILE="/data/run/named/named.pid"


ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /data/named /etc/named.conf

/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key

/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /etc/named.root.key

/etc/services /etc/protocols'


service named start 

root@dns:/data/named/chroot/data> service named start

named 시작 중:                                             [  OK  ]


정상적으로 동작하며, 

cd /var/run/

lrwxrwxrwx. 1 root  root    43 2017-11-20 23:20 named-sdb.pid -> /data/named/chroot/data/run/named/named.pid


정상적으로 pid 도 링크가 걸리는 것을 확인 할 수 있다


root@dns:/var/run> dig @192.168.1.6 google.com any


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> @192.168.1.6 google.com any

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10109

;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 4, ADDITIONAL: 0


;; QUESTION SECTION:

;google.com. IN ANY


;; ANSWER SECTION:

google.com. 146556 IN NS ns4.google.com.

google.com. 146556 IN NS ns1.google.com.

google.com. 146556 IN NS ns3.google.com.

google.com. 146556 IN NS ns2.google.com.

google.com. 300 IN A 216.58.221.238

google.com. 300 IN AAAA 2404:6800:4005:800::200e

google.com. 3600 IN TXT "v=spf1 include:_spf.google.com ~all"

google.com. 600 IN MX 50 alt4.aspmx.l.google.com.

google.com. 600 IN MX 30 alt2.aspmx.l.google.com.

google.com. 600 IN MX 20 alt1.aspmx.l.google.com.

google.com. 600 IN MX 10 aspmx.l.google.com.

google.com. 600 IN MX 40 alt3.aspmx.l.google.com.

google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. 176323690 900 900 1800 60

google.com. 86400 IN CAA 0 issue "pki.goog"


;; AUTHORITY SECTION:

google.com. 146556 IN NS ns3.google.com.

google.com. 146556 IN NS ns1.google.com.

google.com. 146556 IN NS ns2.google.com.

google.com. 146556 IN NS ns4.google.com.


;; Query time: 1293 msec

;; SERVER: 192.168.1.6#53(192.168.1.6)

;; WHEN: Mon Nov 20 23:21:56 2017

;; MSG SIZE  rcvd: 429



별거 아니지만 chroot > mount /data/named 로 마운트 되는 과정을 확인 할 수 있다



/data/named 의 파일이 존재하는 것을 볼 수 있다.



service stop 시



├── data

│   ├── log

│   ├── named

│   ├── run

│   │   └── named

│   └── tmp

├── dev

│   ├── null

│   ├── random

│   └── zero

├── etc

│   ├── localtime

│   ├── named

│   └── pki

│       └── dnssec-keys

├── lib64

└── usr

    └── lib64

        └── bind





service start 시


├── data

│   ├── log

│   ├── named

│   │   ├── chroot

│   │   │   ├── data

│   │   │   │   ├── log

│   │   │   │   ├── named

│   │   │   │   ├── run

│   │   │   │   │   └── named

│   │   │   │   │       ├── named.pid

│   │   │   │   │       └── session.key

│   │   │   │   └── tmp

│   │   │   ├── dev

│   │   │   │   ├── null

│   │   │   │   ├── random

│   │   │   │   └── zero

│   │   │   ├── etc

│   │   │   │   ├── localtime

│   │   │   │   ├── named

│   │   │   │   ├── named.conf

│   │   │   │   ├── named.iscdlv.key

│   │   │   │   ├── named.rfc1912.zones

│   │   │   │   ├── named.root.key

│   │   │   │   ├── pki

│   │   │   │   │   └── dnssec-keys

│   │   │   │   ├── protocols

│   │   │   │   ├── rndc.key

│   │   │   │   └── services

│   │   │   ├── lib64

│   │   │   │   └── libnss_files.so.2

│   │   │   └── usr

│   │   │       └── lib64

│   │   │           └── bind

│   │   ├── data

│   │   │   └── named.run

│   │   ├── dynamic

│   │   │   ├── managed-keys.bind

│   │   │   └── managed-keys.bind.jnl

│   │   ├── named.ca

│   │   ├── named.empty

│   │   ├── named.localhost

│   │   ├── named.loopback

│   │   ├── slaves

│   │   ├── videocube.lab.rev

│   │   └── videocube.lab.zone

│   ├── run

│   │   └── named

│   │       ├── named.pid

│   │       └── session.key

│   └── tmp

├── dev

│   ├── null

│   ├── random

│   └── zero

├── etc

│   ├── localtime

│   ├── named

│   ├── named.conf

│   ├── named.iscdlv.key

│   ├── named.rfc1912.zones

│   ├── named.root.key

│   ├── pki

│   │   └── dnssec-keys

│   ├── protocols

│   ├── rndc.key

│   └── services

├── lib64

│   └── libnss_files.so.2

└── usr

    └── lib64

        └── bind

            └── ldap.so

반응형

'시스템' 카테고리의 다른 글

Python 서버 구축하기 [CGIHTTPServer]  (0) 2017.12.03
Nginx 설치하기  (0) 2017.11.25
GlusterFS 설치하기  (0) 2017.11.17
VirtualBox Guest 복사 삽질 일기  (0) 2017.11.16
Window 7 에서 Window 10 Update 삽질 일기  (0) 2017.11.13
Comments