せでぃのブログ

ブログ初心者おいどんのどうでもいい愚痴やどうでもいい愚痴やどうでもいいマメ知識などを披露するチラシの裏です。

bind10で権威サーバ設定

bind10.1.2

b10-authの設定

 権威サーバはオプション扱いなので、追加する。これだけでも結構苦労する。コンポーネントの名前がバージョンによって異なるのだ。10.1.2.0だとinitという名前だった。


 何はともあれ、本体を起動しておく。

# /usr/local/sbin/bind10 -u named &


 なんだか昔のcisco iosとかアライドテレシスの高級機をいじってる懐かしい記憶が蘇る。なんでまたこんなセンスの欠片もないコマンドを使わなきゃいかんのだ。tab補完も何もねぇくせにちょっと間違うとエラーで怒られる。

# bindctl
> config add Init/components b10-auth
> config set Init/components/b10-auth/special auth
> config set Init/components/b10-auth/kind needed
> config set Init/components/b10-auth/priority 10
> config commit


2016-04-15 22:14:01.996 INFO  [b10-init.init/5080] BIND10_CONFIGURATOR_RECONFIGURE reconfiguring running components
2016-04-15 22:14:01.999 INFO  [b10-init.init/5080] BIND10_COMPONENT_START component b10-auth is starting
2016-04-15 22:14:02.001 INFO  [b10-init.init/5080] BIND10_STARTING_PROCESS starting process b10-auth
> 2016-04-15 22:14:03.759 INFO  [b10-auth.auth/5514] AUTH_SERVER_CREATED server created
2016-04-15 22:14:03.762 INFO  [b10-auth.auth/5514] AUTH_DATASRC_CLIENTS_BUILDER_STARTED data source builder thread started
2016-04-15 22:14:03.793 INFO  [b10-init.init/5080] BIND10_SOCKET_GET requesting socket [::]:53 of type TCP from the creator
2016-04-15 22:14:03.795 INFO  [b10-init.init/5080] BIND10_SOCKET_CREATED successfully created socket 20
2016-04-15 22:14:03.802 INFO  [b10-init.init/5080] BIND10_SOCKET_GET requesting socket [::]:53 of type UDP from the creator
2016-04-15 22:14:03.804 INFO  [b10-init.init/5080] BIND10_SOCKET_CREATED successfully created socket 22
2016-04-15 22:14:03.810 INFO  [b10-init.init/5080] BIND10_SOCKET_GET requesting socket [0.0.0.0]:53 of type TCP from the creator
2016-04-15 22:14:03.811 INFO  [b10-init.init/5080] BIND10_SOCKET_CREATED successfully created socket 23
2016-04-15 22:14:03.817 INFO  [b10-init.init/5080] BIND10_SOCKET_GET requesting socket [0.0.0.0]:53 of type UDP from the creator
2016-04-15 22:14:03.819 INFO  [b10-init.init/5080] BIND10_SOCKET_CREATED successfully created socket 24
2016-04-15 22:14:03.838 INFO  [b10-auth.auth/5514] AUTH_SERVER_STARTED server started
2016-04-15 22:14:03.839 INFO  [b10-auth.auth/5514] AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_STARTED data source reconfiguration started
2016-04-15 22:14:03.902 WARN  [b10-auth.datasrc_memory/5514] DATASRC_MEMORY_CHECK_WARNING BIND./CH: zone BIND/CH: NS has no address records (A or AAAA)
2016-04-15 22:14:03.939 WARN  [b10-auth.datasrc/5514] DATASRC_SQLITE_SETUP setting up new SQLite3 database in '/tmp/bind10-1.2.0/local.zone.sqlite3'
2016-04-15 22:14:04.025 INFO  [b10-auth.auth/5514] AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_SUCCESS data source reconfiguration completed successfully

ゾーンの設定

 SQLiteはわからないので、zoneファイルを作り直す感じでいく。

[root@centos bind10-1.2.0]# bindctl
WARNING: The Python readline module isn't available, so some command line
         editing features (including command history management) will not
         work.  See the BIND 10 guide for more details.

["login success"] login as root
> config show all



tsig_keys/keys	[]	list	(default)
data_sources/classes/CH[0]/type	"MasterFiles"	string	(default)
data_sources/classes/CH[0]/params	{"BIND": "/usr/local/share/bind10/static.zone"}	any	(default)
data_sources/classes/CH[0]/cache-enable	true	boolean	(default)
data_sources/classes/CH[0]/cache-zones	[]	list	
data_sources/classes/CH[0]/name	null	string	
data_sources/classes/CH[0]/cache-type	"local"	string	(default)
data_sources/classes/IN[0]/type	"sqlite3"	string	(default)
data_sources/classes/IN[0]/params	{"database_file": "/usr/local/var/bind10/zone.sqlite3"}	any	(default)
data_sources/classes/IN[0]/cache-enable	false	boolean	(default)
data_sources/classes/IN[0]/cache-zones	[]	list	
data_sources/classes/IN[0]/name	null	string	
data_sources/classes/IN[0]/cache-type	"local"	string	(default)
Init/components/b10-auth/special	"auth"	string	
Init/components/b10-auth/process	null	string	
Init/components/b10-auth/kind	"needed"	string	
Init/components/b10-auth/address	null	string	
Init/components/b10-auth/params	[]	list	
Init/components/b10-auth/priority	10	integer	
Init/components/b10-stats/special	null	string	
Init/components/b10-stats/process	null	string	
Init/components/b10-stats/kind	"dispensable"	string	
Init/components/b10-stats/address	"Stats"	string	
Init/components/b10-stats/params	[]	list	
Init/components/b10-stats/priority	null	integer	
Init/components/b10-cmdctl/special	"cmdctl"	string	
Init/components/b10-cmdctl/process	null	string	
Init/components/b10-cmdctl/kind	"needed"	string	
Init/components/b10-cmdctl/address	null	string	
Init/components/b10-cmdctl/params	[]	list	
Init/components/b10-cmdctl/priority	null	integer	
Logging/loggers	[]	list	(default)
Cmdctl/key_file	"/usr/local/etc/bind10/cmdctl-keyfile.pem"	string	(default)
Cmdctl/cert_file	"/usr/local/etc/bind10/cmdctl-certfile.pem"	string	(default)
Cmdctl/accounts_file	"/usr/local/etc/bind10/cmdctl-accounts.csv"	string	(default)
Stats/poll-interval	60	integer	(default)
Auth/database_file	"/usr/local/var/bind10/zone.sqlite3"	string	(default)
Auth/datasources	[]	list	(default)
Auth/listen_on[0]/address	"::"	string	(default)
Auth/listen_on[0]/port	53	integer	(default)
Auth/listen_on[1]/address	"0.0.0.0"	string	(default)
Auth/listen_on[1]/port	53	integer	(default)
Auth/tcp_recv_timeout	5000	integer	(default)
> quit

Exit from bindctl



# ls /usr/local/share/bind10
auth.spec       dhcp6.spec           static.zone          stats.spec
cmdctl.spec     dhcpdb_create.mysql  staticzone.backup    xfrin.spec
config_plugins  dhcpdb_create.pgsql  stats-httpd-xml.tpl  xfrout.spec
ddns.spec       init.spec            stats-httpd-xsd.tpl  zonemgr.spec
dhcp-ddns.spec  memmgr.spec          stats-httpd-xsl.tpl
dhcp4.spec      msgq.spec            stats-httpd.spec
# touch /usr/local/share/bind10/orenchi.local
# vi /usr/local/share/bind10/orenchi.local
$ORIGIN orenchi.local.
$TTL 1h
orenchi.local. IN SOA centos.orenchi.local. root.orenchi.local. ( 2016042101
                         172800 900 1209600 3600 )
orenchi.local. IN NS       centos.orenchi.local.
@            IN A        192.168.5.99
centos       IN A        192.168.5.99
athlone      IN A        192.168.5.100
www          IN CNAME    centos.orenchi.local.



[root@centos ~]# bindctl
WARNING: The Python readline module isn't available, so some command line
         editing features (including command history management) will not
         work.  See the BIND 10 guide for more details.

["login success"] login as root
> config remove data_sources/classes CH
> config commit
> config show all



Cmdctl/key_file	"/usr/local/etc/bind10/cmdctl-keyfile.pem"	string	(default)
Cmdctl/cert_file	"/usr/local/etc/bind10/cmdctl-certfile.pem"	string	(default)
Cmdctl/accounts_file	"/usr/local/etc/bind10/cmdctl-accounts.csv"	string	(default)
Stats/poll-interval	60	integer	(default)
Init/components/b10-cmdctl/special	"cmdctl"	string	
Init/components/b10-cmdctl/process	null	string	
Init/components/b10-cmdctl/kind	"needed"	string	
Init/components/b10-cmdctl/address	null	string	
Init/components/b10-cmdctl/params	[]	list	
Init/components/b10-cmdctl/priority	null	integer	
Init/components/b10-stats/special	null	string	
Init/components/b10-stats/process	null	string	
Init/components/b10-stats/kind	"dispensable"	string	
Init/components/b10-stats/address	"Stats"	string	
Init/components/b10-stats/params	[]	list	
Init/components/b10-stats/priority	null	integer	
Init/components/b10-auth/special	"auth"	string	
Init/components/b10-auth/process	null	string	
Init/components/b10-auth/kind	"needed"	string	
Init/components/b10-auth/address	null	string	
Init/components/b10-auth/params	[]	list	
Init/components/b10-auth/priority	10	integer	
data_sources/classes/IN[0]/type	"sqlite3"	string	
data_sources/classes/IN[0]/params	{"database_file": "/usr/local/var/bind10/zone.sqlite3"}	any	
data_sources/classes/IN[0]/cache-enable	false	boolean	(default)
data_sources/classes/IN[0]/cache-zones	[]	list	
data_sources/classes/IN[0]/name	null	string	
data_sources/classes/IN[0]/cache-type	"local"	string	(default)
Auth/database_file	"/usr/local/var/bind10/zone.sqlite3"	string	(default)
Auth/datasources	[]	list	(default)
Auth/listen_on[0]/address	"::"	string	(default)
Auth/listen_on[0]/port	53	integer	(default)
Auth/listen_on[1]/address	"0.0.0.0"	string	(default)
Auth/listen_on[1]/port	53	integer	(default)
Auth/tcp_recv_timeout	5000	integer	(default)
Logging/loggers	[]	list	(default)
tsig_keys/keys	[]	list	(default)



> config add data_sources/classes/IN
> config set data_sources/classes/IN[1]/type MasterFiles
> config set data_sources/classes/IN[1]/cache-enable true
> config set data_sources/classes/IN[1]/params { "orenchi.local.": "/usr/local/share/bind10/orenchi.local" }
> config commit
> config show all



Cmdctl/key_file	"/usr/local/etc/bind10/cmdctl-keyfile.pem"	string	(default)
Cmdctl/cert_file	"/usr/local/etc/bind10/cmdctl-certfile.pem"	string	(default)
Cmdctl/accounts_file	"/usr/local/etc/bind10/cmdctl-accounts.csv"	string	(default)
Stats/poll-interval	60	integer	(default)
Init/components/b10-cmdctl/special	"cmdctl"	string	
Init/components/b10-cmdctl/process	null	string	
Init/components/b10-cmdctl/kind	"needed"	string	
Init/components/b10-cmdctl/address	null	string	
Init/components/b10-cmdctl/params	[]	list	
Init/components/b10-cmdctl/priority	null	integer	
Init/components/b10-stats/special	null	string	
Init/components/b10-stats/process	null	string	
Init/components/b10-stats/kind	"dispensable"	string	
Init/components/b10-stats/address	"Stats"	string	
Init/components/b10-stats/params	[]	list	
Init/components/b10-stats/priority	null	integer	
Init/components/b10-auth/special	"auth"	string	
Init/components/b10-auth/process	null	string	
Init/components/b10-auth/kind	"needed"	string	
Init/components/b10-auth/address	null	string	
Init/components/b10-auth/params	[]	list	
Init/components/b10-auth/priority	10	integer	
data_sources/classes/IN[0]/type	"sqlite3"	string	
data_sources/classes/IN[0]/params	{"database_file": "/usr/local/var/bind10/zone.sqlite3"}	any	
data_sources/classes/IN[0]/cache-enable	false	boolean	(default)
data_sources/classes/IN[0]/cache-zones	[]	list	
data_sources/classes/IN[0]/name	null	string	
data_sources/classes/IN[0]/cache-type	"local"	string	(default)
data_sources/classes/IN[1]/type	"MasterFiles"	string	
data_sources/classes/IN[1]/params	{"orenchi.local": "/usr/local/share/bind10/orenchi.local"}	any	
data_sources/classes/IN[1]/cache-enable	true	boolean	
data_sources/classes/IN[1]/cache-zones	[]	list	
data_sources/classes/IN[1]/name	null	string	
data_sources/classes/IN[1]/cache-type	"local"	string	(default)
Auth/database_file	"/usr/local/var/bind10/zone.sqlite3"	string	(default)
Auth/datasources	[]	list	(default)
Auth/listen_on[0]/address	"::"	string	(default)
Auth/listen_on[0]/port	53	integer	(default)
Auth/listen_on[1]/address	"0.0.0.0"	string	(default)
Auth/listen_on[1]/port	53	integer	(default)
Auth/tcp_recv_timeout	5000	integer	(default)
Logging/loggers	[]	list	(default)
tsig_keys/keys	[]	list	(default)


#

 よし来たな。AAのフラグが立ったった。

# dig +rec @127.0.0.1 centos.orenchi.local

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> +rec @127.0.0.1 centos.orenchi.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13695
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;centos.orenchi.local.		IN	A

;; ANSWER SECTION:
centos.orenchi.local.	3600	IN	A	192.168.5.99

;; AUTHORITY SECTION:
orenchi.local.		3600	IN	NS	centos.orenchi.local.

;; Query time: 23 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 水  4月 20 21:55:30 JST 2016
;; MSG SIZE  rcvd: 79

参考)
BIND 10: Authoritative DNS Server - Toki Winter

自動起動の登録を準備しなきゃだがうまくいかない

tire.retire: CentOS7で起動時にプログラムを実行する(rc.localからの置き換え)
 CentOS7になってサービスの操作が全く変わったらしく、/etc/systemd/systemにファイルを作らなきゃならないらしい。面倒臭いこって。まずは/var/log/messagesのエラー対応をしてみる。

centos systemd: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.

# chmod 0644 /usr/lib/systemd/system/ebtables.service
# chmod 0644 /usr/lib/systemd/system/wpa_supplicant.service
# chmod 0644 /usr/lib/systemd/system/auditd.service
# touch /etc/systemd/system/bind10.service
# chmod 0644 /etc/systemd/system/bind10.service
# vi /etc/systemd/system/bind10.service
[Unit]
Description=BIND10 Init Proccess
Wants=network.target
After=network.target

[Service]
User=named
Type=forking
PIDFile=/var/run/bind10.pid
#ExecStart=/tmp/bind10-1.2.0/src/bin/bind10/run_bind10.sh
ExecStart=/usr/local/sbin/bind10 &
ExecStop=/bin/kill $MAINPID
Restart=no
Environment=SYSTEMD_LOG_LEVEL=debug

[Install]
WantedBy=multi-user.target


# systemctl daemon-reload
# systemctl start bind10
# systemctl status bind10 -l
● bind10.service - BIND10 Init Proccess
   Loaded: loaded (/etc/systemd/system/bind10.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 水 2016-04-20 21:38:50 JST; 1min 2s ago
  Process: 2557 ExecStart=/usr/local/sbin/bind10 & (code=exited, status=1/FAILURE)

 4月 20 21:38:50 centos bind10[2557]: -p DATA_PATH, --data-path=DATA_PATH
 4月 20 21:38:50 centos bind10[2557]: Directory to search for configuration files
 4月 20 21:38:50 centos bind10[2557]: --cmdctl-port=CMDCTL_PORT
 4月 20 21:38:50 centos bind10[2557]: Port of command control
 4月 20 21:38:50 centos bind10[2557]: --pid-file=PID_FILE   file to dump the PID of the BIND 10 process
 4月 20 21:38:50 centos bind10[2557]: -w WAIT_TIME, --wait=WAIT_TIME
 4月 20 21:38:50 centos systemd[1]: bind10.service: control process exited, code=exited status=1
 4月 20 21:38:50 centos systemd[1]: Failed to start BIND10 Init Proccess.
 4月 20 21:38:50 centos systemd[1]: Unit bind10.service entered failed state.
 4月 20 21:38:50 centos systemd[1]: bind10.service failed.


# tail -n 50 /var/log/messages
Apr 20 21:42:39 centos systemd: Reloading.
Apr 20 21:42:45 centos systemd: Starting BIND10 Init Proccess...
Apr 20 21:42:46 centos bind10: Usage: b10-init [options]
Apr 20 21:42:46 centos bind10: Options:
Apr 20 21:42:46 centos bind10: --version             show program's version number and exit
Apr 20 21:42:46 centos bind10: -h, --help            show this help message and exit
Apr 20 21:42:46 centos bind10: -m MSGQ_SOCKET_FILE, --msgq-socket-file=MSGQ_SOCKET_FILE
Apr 20 21:42:46 centos bind10: UNIX domain socket file the b10-msgq daemon will use
Apr 20 21:42:46 centos bind10: -i, --no-kill         do not send SIGTERM and SIGKILL signals to modules
Apr 20 21:42:46 centos bind10: during shutdown
Apr 20 21:42:46 centos bind10: -u USER, --user=USER  Change user after startup (must run as root)
Apr 20 21:42:46 centos bind10: -v, --verbose         display more about what is going on
Apr 20 21:42:46 centos bind10: --pretty-name=PRETTY_NAME
Apr 20 21:42:46 centos bind10: Set the process name (displayed in ps, top, ...)
Apr 20 21:42:46 centos bind10: -c CONFIG_FILE, --config-file=CONFIG_FILE
Apr 20 21:42:46 centos bind10: Configuration database filename
Apr 20 21:42:46 centos bind10: --clear-config        Create backup of the configuration file and start with
Apr 20 21:42:46 centos bind10: a clean configuration
Apr 20 21:42:46 centos bind10: -p DATA_PATH, --data-path=DATA_PATH
Apr 20 21:42:46 centos bind10: Directory to search for configuration files
Apr 20 21:42:46 centos bind10: --cmdctl-port=CMDCTL_PORT
Apr 20 21:42:46 centos bind10: Port of command control
Apr 20 21:42:46 centos bind10: --pid-file=PID_FILE   file to dump the PID of the BIND 10 process
Apr 20 21:42:46 centos bind10: -w WAIT_TIME, --wait=WAIT_TIME
Apr 20 21:42:46 centos bind10: Time (in seconds) to wait for config manager to start
Apr 20 21:42:46 centos bind10: up
Apr 20 21:42:46 centos systemd: bind10.service: control process exited, code=exited status=1
Apr 20 21:42:46 centos systemd: Failed to start BIND10 Init Proccess.
Apr 20 21:42:46 centos systemd: Unit bind10.service entered failed state.
Apr 20 21:42:46 centos systemd: bind10.service failed.

 ダメだ。systemd経由の起動が必ず失敗するし、失敗理由もよくわからんなぁ。yum update systemdしても最新なんだよね。
 DNSサーバ本体だけISPDNSに向けてフォワーディングしたいんだけど、それもわからん。

参考)
Bug 1001695 – bindctl not working
Raspbian jessieでSystemdを使った自動起動 - Qiita