bind10で権威サーバ設定
b10-authの設定
権威サーバはオプション扱いなので、追加する。これだけでも結構苦労する。コンポーネントの名前がバージョンによって異なるのだ。10.1.2.0だとinitという名前だった。
何はともあれ、本体を起動しておく。
# /usr/local/sbin/bind10 -u named &
なんだか昔のcisco iosとかアライドテレシスの高級機をいじってる懐かしい記憶が蘇る。なんでまたこんなセンスの欠片もないコマンドを使わなきゃいかんのだ。tab補完も何もねぇくせにちょっと間違うとエラーで怒られる。
# bindctl > config add Init/components b10-auth > config set Init/components/b10-auth/special auth > config set Init/components/b10-auth/kind needed > config set Init/components/b10-auth/priority 10 > config commit 2016-04-15 22:14:01.996 INFO [b10-init.init/5080] BIND10_CONFIGURATOR_RECONFIGURE reconfiguring running components 2016-04-15 22:14:01.999 INFO [b10-init.init/5080] BIND10_COMPONENT_START component b10-auth is starting 2016-04-15 22:14:02.001 INFO [b10-init.init/5080] BIND10_STARTING_PROCESS starting process b10-auth > 2016-04-15 22:14:03.759 INFO [b10-auth.auth/5514] AUTH_SERVER_CREATED server created 2016-04-15 22:14:03.762 INFO [b10-auth.auth/5514] AUTH_DATASRC_CLIENTS_BUILDER_STARTED data source builder thread started 2016-04-15 22:14:03.793 INFO [b10-init.init/5080] BIND10_SOCKET_GET requesting socket [::]:53 of type TCP from the creator 2016-04-15 22:14:03.795 INFO [b10-init.init/5080] BIND10_SOCKET_CREATED successfully created socket 20 2016-04-15 22:14:03.802 INFO [b10-init.init/5080] BIND10_SOCKET_GET requesting socket [::]:53 of type UDP from the creator 2016-04-15 22:14:03.804 INFO [b10-init.init/5080] BIND10_SOCKET_CREATED successfully created socket 22 2016-04-15 22:14:03.810 INFO [b10-init.init/5080] BIND10_SOCKET_GET requesting socket [0.0.0.0]:53 of type TCP from the creator 2016-04-15 22:14:03.811 INFO [b10-init.init/5080] BIND10_SOCKET_CREATED successfully created socket 23 2016-04-15 22:14:03.817 INFO [b10-init.init/5080] BIND10_SOCKET_GET requesting socket [0.0.0.0]:53 of type UDP from the creator 2016-04-15 22:14:03.819 INFO [b10-init.init/5080] BIND10_SOCKET_CREATED successfully created socket 24 2016-04-15 22:14:03.838 INFO [b10-auth.auth/5514] AUTH_SERVER_STARTED server started 2016-04-15 22:14:03.839 INFO [b10-auth.auth/5514] AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_STARTED data source reconfiguration started 2016-04-15 22:14:03.902 WARN [b10-auth.datasrc_memory/5514] DATASRC_MEMORY_CHECK_WARNING BIND./CH: zone BIND/CH: NS has no address records (A or AAAA) 2016-04-15 22:14:03.939 WARN [b10-auth.datasrc/5514] DATASRC_SQLITE_SETUP setting up new SQLite3 database in '/tmp/bind10-1.2.0/local.zone.sqlite3' 2016-04-15 22:14:04.025 INFO [b10-auth.auth/5514] AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_SUCCESS data source reconfiguration completed successfully
ゾーンの設定
SQLiteはわからないので、zoneファイルを作り直す感じでいく。
[root@centos bind10-1.2.0]# bindctl WARNING: The Python readline module isn't available, so some command line editing features (including command history management) will not work. See the BIND 10 guide for more details. ["login success"] login as root > config show all tsig_keys/keys [] list (default) data_sources/classes/CH[0]/type "MasterFiles" string (default) data_sources/classes/CH[0]/params {"BIND": "/usr/local/share/bind10/static.zone"} any (default) data_sources/classes/CH[0]/cache-enable true boolean (default) data_sources/classes/CH[0]/cache-zones [] list data_sources/classes/CH[0]/name null string data_sources/classes/CH[0]/cache-type "local" string (default) data_sources/classes/IN[0]/type "sqlite3" string (default) data_sources/classes/IN[0]/params {"database_file": "/usr/local/var/bind10/zone.sqlite3"} any (default) data_sources/classes/IN[0]/cache-enable false boolean (default) data_sources/classes/IN[0]/cache-zones [] list data_sources/classes/IN[0]/name null string data_sources/classes/IN[0]/cache-type "local" string (default) Init/components/b10-auth/special "auth" string Init/components/b10-auth/process null string Init/components/b10-auth/kind "needed" string Init/components/b10-auth/address null string Init/components/b10-auth/params [] list Init/components/b10-auth/priority 10 integer Init/components/b10-stats/special null string Init/components/b10-stats/process null string Init/components/b10-stats/kind "dispensable" string Init/components/b10-stats/address "Stats" string Init/components/b10-stats/params [] list Init/components/b10-stats/priority null integer Init/components/b10-cmdctl/special "cmdctl" string Init/components/b10-cmdctl/process null string Init/components/b10-cmdctl/kind "needed" string Init/components/b10-cmdctl/address null string Init/components/b10-cmdctl/params [] list Init/components/b10-cmdctl/priority null integer Logging/loggers [] list (default) Cmdctl/key_file "/usr/local/etc/bind10/cmdctl-keyfile.pem" string (default) Cmdctl/cert_file "/usr/local/etc/bind10/cmdctl-certfile.pem" string (default) Cmdctl/accounts_file "/usr/local/etc/bind10/cmdctl-accounts.csv" string (default) Stats/poll-interval 60 integer (default) Auth/database_file "/usr/local/var/bind10/zone.sqlite3" string (default) Auth/datasources [] list (default) Auth/listen_on[0]/address "::" string (default) Auth/listen_on[0]/port 53 integer (default) Auth/listen_on[1]/address "0.0.0.0" string (default) Auth/listen_on[1]/port 53 integer (default) Auth/tcp_recv_timeout 5000 integer (default) > quit Exit from bindctl # ls /usr/local/share/bind10 auth.spec dhcp6.spec static.zone stats.spec cmdctl.spec dhcpdb_create.mysql staticzone.backup xfrin.spec config_plugins dhcpdb_create.pgsql stats-httpd-xml.tpl xfrout.spec ddns.spec init.spec stats-httpd-xsd.tpl zonemgr.spec dhcp-ddns.spec memmgr.spec stats-httpd-xsl.tpl dhcp4.spec msgq.spec stats-httpd.spec # touch /usr/local/share/bind10/orenchi.local # vi /usr/local/share/bind10/orenchi.local $ORIGIN orenchi.local. $TTL 1h orenchi.local. IN SOA centos.orenchi.local. root.orenchi.local. ( 2016042101 172800 900 1209600 3600 ) orenchi.local. IN NS centos.orenchi.local. @ IN A 192.168.5.99 centos IN A 192.168.5.99 athlone IN A 192.168.5.100 www IN CNAME centos.orenchi.local. [root@centos ~]# bindctl WARNING: The Python readline module isn't available, so some command line editing features (including command history management) will not work. See the BIND 10 guide for more details. ["login success"] login as root > config remove data_sources/classes CH > config commit > config show all Cmdctl/key_file "/usr/local/etc/bind10/cmdctl-keyfile.pem" string (default) Cmdctl/cert_file "/usr/local/etc/bind10/cmdctl-certfile.pem" string (default) Cmdctl/accounts_file "/usr/local/etc/bind10/cmdctl-accounts.csv" string (default) Stats/poll-interval 60 integer (default) Init/components/b10-cmdctl/special "cmdctl" string Init/components/b10-cmdctl/process null string Init/components/b10-cmdctl/kind "needed" string Init/components/b10-cmdctl/address null string Init/components/b10-cmdctl/params [] list Init/components/b10-cmdctl/priority null integer Init/components/b10-stats/special null string Init/components/b10-stats/process null string Init/components/b10-stats/kind "dispensable" string Init/components/b10-stats/address "Stats" string Init/components/b10-stats/params [] list Init/components/b10-stats/priority null integer Init/components/b10-auth/special "auth" string Init/components/b10-auth/process null string Init/components/b10-auth/kind "needed" string Init/components/b10-auth/address null string Init/components/b10-auth/params [] list Init/components/b10-auth/priority 10 integer data_sources/classes/IN[0]/type "sqlite3" string data_sources/classes/IN[0]/params {"database_file": "/usr/local/var/bind10/zone.sqlite3"} any data_sources/classes/IN[0]/cache-enable false boolean (default) data_sources/classes/IN[0]/cache-zones [] list data_sources/classes/IN[0]/name null string data_sources/classes/IN[0]/cache-type "local" string (default) Auth/database_file "/usr/local/var/bind10/zone.sqlite3" string (default) Auth/datasources [] list (default) Auth/listen_on[0]/address "::" string (default) Auth/listen_on[0]/port 53 integer (default) Auth/listen_on[1]/address "0.0.0.0" string (default) Auth/listen_on[1]/port 53 integer (default) Auth/tcp_recv_timeout 5000 integer (default) Logging/loggers [] list (default) tsig_keys/keys [] list (default) > config add data_sources/classes/IN > config set data_sources/classes/IN[1]/type MasterFiles > config set data_sources/classes/IN[1]/cache-enable true > config set data_sources/classes/IN[1]/params { "orenchi.local.": "/usr/local/share/bind10/orenchi.local" } > config commit > config show all Cmdctl/key_file "/usr/local/etc/bind10/cmdctl-keyfile.pem" string (default) Cmdctl/cert_file "/usr/local/etc/bind10/cmdctl-certfile.pem" string (default) Cmdctl/accounts_file "/usr/local/etc/bind10/cmdctl-accounts.csv" string (default) Stats/poll-interval 60 integer (default) Init/components/b10-cmdctl/special "cmdctl" string Init/components/b10-cmdctl/process null string Init/components/b10-cmdctl/kind "needed" string Init/components/b10-cmdctl/address null string Init/components/b10-cmdctl/params [] list Init/components/b10-cmdctl/priority null integer Init/components/b10-stats/special null string Init/components/b10-stats/process null string Init/components/b10-stats/kind "dispensable" string Init/components/b10-stats/address "Stats" string Init/components/b10-stats/params [] list Init/components/b10-stats/priority null integer Init/components/b10-auth/special "auth" string Init/components/b10-auth/process null string Init/components/b10-auth/kind "needed" string Init/components/b10-auth/address null string Init/components/b10-auth/params [] list Init/components/b10-auth/priority 10 integer data_sources/classes/IN[0]/type "sqlite3" string data_sources/classes/IN[0]/params {"database_file": "/usr/local/var/bind10/zone.sqlite3"} any data_sources/classes/IN[0]/cache-enable false boolean (default) data_sources/classes/IN[0]/cache-zones [] list data_sources/classes/IN[0]/name null string data_sources/classes/IN[0]/cache-type "local" string (default) data_sources/classes/IN[1]/type "MasterFiles" string data_sources/classes/IN[1]/params {"orenchi.local": "/usr/local/share/bind10/orenchi.local"} any data_sources/classes/IN[1]/cache-enable true boolean data_sources/classes/IN[1]/cache-zones [] list data_sources/classes/IN[1]/name null string data_sources/classes/IN[1]/cache-type "local" string (default) Auth/database_file "/usr/local/var/bind10/zone.sqlite3" string (default) Auth/datasources [] list (default) Auth/listen_on[0]/address "::" string (default) Auth/listen_on[0]/port 53 integer (default) Auth/listen_on[1]/address "0.0.0.0" string (default) Auth/listen_on[1]/port 53 integer (default) Auth/tcp_recv_timeout 5000 integer (default) Logging/loggers [] list (default) tsig_keys/keys [] list (default) #
よし来たな。AAのフラグが立ったった。
# dig +rec @127.0.0.1 centos.orenchi.local ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> +rec @127.0.0.1 centos.orenchi.local ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13695 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;centos.orenchi.local. IN A ;; ANSWER SECTION: centos.orenchi.local. 3600 IN A 192.168.5.99 ;; AUTHORITY SECTION: orenchi.local. 3600 IN NS centos.orenchi.local. ;; Query time: 23 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: 水 4月 20 21:55:30 JST 2016 ;; MSG SIZE rcvd: 79
自動起動の登録を準備しなきゃだがうまくいかない
tire.retire: CentOS7で起動時にプログラムを実行する(rc.localからの置き換え)
CentOS7になってサービスの操作が全く変わったらしく、/etc/systemd/systemにファイルを作らなきゃならないらしい。面倒臭いこって。まずは/var/log/messagesのエラー対応をしてみる。
centos systemd: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
# chmod 0644 /usr/lib/systemd/system/ebtables.service # chmod 0644 /usr/lib/systemd/system/wpa_supplicant.service # chmod 0644 /usr/lib/systemd/system/auditd.service # touch /etc/systemd/system/bind10.service # chmod 0644 /etc/systemd/system/bind10.service # vi /etc/systemd/system/bind10.service [Unit] Description=BIND10 Init Proccess Wants=network.target After=network.target [Service] User=named Type=forking PIDFile=/var/run/bind10.pid #ExecStart=/tmp/bind10-1.2.0/src/bin/bind10/run_bind10.sh ExecStart=/usr/local/sbin/bind10 & ExecStop=/bin/kill $MAINPID Restart=no Environment=SYSTEMD_LOG_LEVEL=debug [Install] WantedBy=multi-user.target # systemctl daemon-reload # systemctl start bind10
# systemctl status bind10 -l ● bind10.service - BIND10 Init Proccess Loaded: loaded (/etc/systemd/system/bind10.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since 水 2016-04-20 21:38:50 JST; 1min 2s ago Process: 2557 ExecStart=/usr/local/sbin/bind10 & (code=exited, status=1/FAILURE) 4月 20 21:38:50 centos bind10[2557]: -p DATA_PATH, --data-path=DATA_PATH 4月 20 21:38:50 centos bind10[2557]: Directory to search for configuration files 4月 20 21:38:50 centos bind10[2557]: --cmdctl-port=CMDCTL_PORT 4月 20 21:38:50 centos bind10[2557]: Port of command control 4月 20 21:38:50 centos bind10[2557]: --pid-file=PID_FILE file to dump the PID of the BIND 10 process 4月 20 21:38:50 centos bind10[2557]: -w WAIT_TIME, --wait=WAIT_TIME 4月 20 21:38:50 centos systemd[1]: bind10.service: control process exited, code=exited status=1 4月 20 21:38:50 centos systemd[1]: Failed to start BIND10 Init Proccess. 4月 20 21:38:50 centos systemd[1]: Unit bind10.service entered failed state. 4月 20 21:38:50 centos systemd[1]: bind10.service failed. # tail -n 50 /var/log/messages Apr 20 21:42:39 centos systemd: Reloading. Apr 20 21:42:45 centos systemd: Starting BIND10 Init Proccess... Apr 20 21:42:46 centos bind10: Usage: b10-init [options] Apr 20 21:42:46 centos bind10: Options: Apr 20 21:42:46 centos bind10: --version show program's version number and exit Apr 20 21:42:46 centos bind10: -h, --help show this help message and exit Apr 20 21:42:46 centos bind10: -m MSGQ_SOCKET_FILE, --msgq-socket-file=MSGQ_SOCKET_FILE Apr 20 21:42:46 centos bind10: UNIX domain socket file the b10-msgq daemon will use Apr 20 21:42:46 centos bind10: -i, --no-kill do not send SIGTERM and SIGKILL signals to modules Apr 20 21:42:46 centos bind10: during shutdown Apr 20 21:42:46 centos bind10: -u USER, --user=USER Change user after startup (must run as root) Apr 20 21:42:46 centos bind10: -v, --verbose display more about what is going on Apr 20 21:42:46 centos bind10: --pretty-name=PRETTY_NAME Apr 20 21:42:46 centos bind10: Set the process name (displayed in ps, top, ...) Apr 20 21:42:46 centos bind10: -c CONFIG_FILE, --config-file=CONFIG_FILE Apr 20 21:42:46 centos bind10: Configuration database filename Apr 20 21:42:46 centos bind10: --clear-config Create backup of the configuration file and start with Apr 20 21:42:46 centos bind10: a clean configuration Apr 20 21:42:46 centos bind10: -p DATA_PATH, --data-path=DATA_PATH Apr 20 21:42:46 centos bind10: Directory to search for configuration files Apr 20 21:42:46 centos bind10: --cmdctl-port=CMDCTL_PORT Apr 20 21:42:46 centos bind10: Port of command control Apr 20 21:42:46 centos bind10: --pid-file=PID_FILE file to dump the PID of the BIND 10 process Apr 20 21:42:46 centos bind10: -w WAIT_TIME, --wait=WAIT_TIME Apr 20 21:42:46 centos bind10: Time (in seconds) to wait for config manager to start Apr 20 21:42:46 centos bind10: up Apr 20 21:42:46 centos systemd: bind10.service: control process exited, code=exited status=1 Apr 20 21:42:46 centos systemd: Failed to start BIND10 Init Proccess. Apr 20 21:42:46 centos systemd: Unit bind10.service entered failed state. Apr 20 21:42:46 centos systemd: bind10.service failed.
ダメだ。systemd経由の起動が必ず失敗するし、失敗理由もよくわからんなぁ。yum update systemdしても最新なんだよね。
DNSサーバ本体だけISPのDNSに向けてフォワーディングしたいんだけど、それもわからん。
参考)
Bug 1001695 – bindctl not working
Raspbian jessieでSystemdを使った自動起動 - Qiita