せでぃのブログ

ブログ初心者おいどんのどうでもいい愚痴やどうでもいい愚痴やどうでもいいマメ知識などを披露するチラシの裏です。

bind10の初期設定

bind10.1.2

社壊人エンジニア備忘録: BIND10スタートアップガイド(震え声) vol.1
 bind10は事例が本当に少なくて参る。

bindctl用のログインユーザ作成

 インストールの次にやるべきことは、bindctlコマンドらしいというのがわかったが、ログイン認証が出るもののbind10ガイドによるとデフォルトはroot/bind10で入れるとある。しかし入れない……。

# bindctl
WARNING: The Python readline module isn't available, so some command line
         editing features (including command history management) will not
         work.  See the BIND 10 guide for more details.


No stored password file found.

When the system is first set up you need to create at least one user account.
For information on how to set up a BIND 10 system, please check see the
BIND 10 Guide: 

http://bind10.isc.org/docs/bind10-guide.html#quick-start-auth-dns

If a user account has been set up, please check the b10-cmdctl log for other
information.

Username: 
Password: 
Error while sending login information: [Errno 111] Connection refused

 b10-cmdctl-usermgrというコマンドでユーザを作ればいいらしいが、これもエラーが出る。

# ls /usr/local/sbin
b10-cmdctl-usermgr  bind10
# /usr/local/sbin/b10-cmdctl-usermgr
Error: no command specified


#2848 (b10-cmdctl-usermgr unhelpful output if command missing) – Kea Development

# /usr/local/sbin/b10-cmdctl-usermgr add root bind10
Using accounts file: /usr/local/etc/bind10/cmdctl-accounts.csv

 あった!! コマンドのエラーが説明不十分だよねという書き込みが。しかし、csvファイルはできたが相変わらずログインできない。

システムユーザ作成

 しのごの言ってる間に、namedという名前のユーザとグループを作成する。/bin/falseというのはログイン不可ってことらしい。

# groupadd -g 709 named
# useradd -u709 -g 709 -d /var/named -s /bin/false named

 ファイルをコピーして、認証関係っぽいファイルの所有権も変えてしまう。

# cp /usr/local/etc/bind10/cmdctl-accounts.csv /etc/bind10/cmdctl-accounts.csv
# chgrp named /etc/bind10/cmdctl-certfile.pem
# chgrp named /etc/bind10/cmdctl-keyfile.pem

お、いけた

 namedユーザで起動してみよう。&はバックグラウンドで起動するという意味らしい。bindにフォアグラウンドで起動されても作業できねーっつーの。

# /usr/local/sbin/bind10 -u named &
# 2016-04-12 16:50:01.127 INFO  [b10-cfgmgr.cfgmgr/2729] CFGMGR_CONFIG_FILE Configuration manager starting with configuration file: /usr/local/var/bind10/b10-config.db
2016-04-12 16:50:01.846 INFO  [b10-init.init/2725] BIND10_STARTING starting BIND10: bind10 20110223 (BIND 10 1.2.0)
2016-04-12 16:50:01.849 INFO  [b10-init.init/2725] BIND10_CONFIGURATOR_START bind10 component configurator is starting up
2016-04-12 16:50:01.850 INFO  [b10-init.init/2725] BIND10_COMPONENT_START component Socket creator is starting
2016-04-12 16:50:01.851 INFO  [b10-init.init/2725] BIND10_SOCKCREATOR_INIT initializing socket creator parser
2016-04-12 16:50:01.852 INFO  [b10-init.init/2725] BIND10_SETGID setting GID to 709
2016-04-12 16:50:01.853 INFO  [b10-init/2725] BIND10_SETUID setting UID to 709
2016-04-12 16:50:01.854 INFO  [b10-init.init/2725] BIND10_COMPONENT_START component msgq is starting
2016-04-12 16:50:01.855 INFO  [b10-init.init/2725] BIND10_STARTING_PROCESS starting process b10-msgq
2016-04-12 16:50:01.856 INFO  [b10-init.init/2725] BIND10_COMPONENT_START component cfgmgr is starting
2016-04-12 16:50:01.856 INFO  [b10-init.init/2725] BIND10_STARTING_PROCESS starting process b10-cfgmgr
2016-04-12 16:50:01.856 INFO  [b10-init.init/2725] BIND10_STARTING_CC starting configuration/command session
2016-04-12 16:50:01.887 INFO  [b10-init.init/2725] BIND10_READING_INIT_CONFIGURATION reading b10-init configuration
2016-04-12 16:50:01.889 INFO  [b10-init.init/2725] BIND10_CONFIGURATOR_RECONFIGURE reconfiguring running components
2016-04-12 16:50:01.891 INFO  [b10-init.init/2725] BIND10_COMPONENT_START component b10-stats is starting
2016-04-12 16:50:01.892 INFO  [b10-init.init/2725] BIND10_STARTING_PROCESS starting process b10-stats
2016-04-12 16:50:01.900 INFO  [b10-init.init/2725] BIND10_COMPONENT_START component b10-cmdctl is starting
2016-04-12 16:50:01.900 INFO  [b10-init.init/2725] BIND10_STARTING_PROCESS starting process b10-cmdctl
2016-04-12 16:50:01.917 INFO  [b10-init.init/2725] BIND10_STARTUP_COMPLETE BIND 10 started
2016-04-12 16:50:02.666 INFO  [b10-stats.stats/2731] STATS_STARTING starting

#

 試しにbindctlしてみる。

# bindctl
WARNING: The Python readline module isn't available, so some command line
         editing features (including command history management) will not
         work.  See the BIND 10 guide for more details.

["login success"] login as root
> help

usage: <module name> <command name> [param1 = value1 [, param2 = value2]]
Type Tab character to get the hint of module/command/parameters.
Type "help(? h)" for help on bindctl.
Type "<module_name> help" for help on the specific module.
Type "<module_name> <command_name> help" for help on the specific command.

Available module names: 
    help        Get help for bindctl.
    config      Configuration commands.
    execute     Execute a given set of commands
    Stats       Stats daemon
    Msgq        The message queue
    Logging     Logging options
    Init        Init process
    tsig_keys   The TSIG keyring is stored here
    Cmdctl      Interface for command and control
    data_sources
            The sources of authoritative DNS data
> quit

Exit from bindctl
# ps aux | grep named
named     2725  0.0  1.3  20100  9968 pts/0    S    16:49   0:00 /usr/local/bin/python3.3 /usr/local/libexec/bind10/b10-init -u named
named     2727  0.0  1.2  37896  9008 pts/0    Sl   16:49   0:00 /usr/local/bin/python3.3 /usr/local/libexec/bind10/b10-msgq
named     2729  0.0  1.5  26132 11132 pts/0    S    16:50   0:00 /usr/local/bin/python3.3 /usr/local/libexec/bind10/b10-cfgmgr
named     2731  0.1  1.2  19520  9380 pts/0    S    16:50   0:00 /usr/local/bin/python3.3 /usr/local/libexec/bind10/b10-stats
named     2732  0.0  1.5  31116 11120 pts/0    Sl   16:50   0:00 /usr/local/bin/python3.3 /usr/local/libexec/bind10/b10-cmdctl
root      2801  0.0  0.1   5908   860 pts/0    S+   16:59   0:00 grep --color=auto named

 おー、ログインできた。ここまではOK。