シンプルなdjbdnsで作るDNSサーバー

以下のテキストは、執筆時当時の情報を元に書いたものであり、 現在の情勢にそぐわないことを含む場合があるので注意されたい。 また、テキストは最終提出原稿で校正を経る前のものなので、実際にUNIXUSER 本誌に記載されたものとは異なる。誤字脱字等そのままである。

致命的な誤り以外は加筆修正等は行なわないので情報の鮮度に気をつけつつ 利用して欲しい。

目次


Part 3 djbdns




djbdns



djbdns


BIND(http://www.isc.org/products/BIND/)sendmail
BINDdjbdns
DNS
Web
(BIND)djbdns 

DJB

djbdns


  

  
  
  
  
  BINDBIND
  3
  named 
---[ ]------------------------------------------------------------
CA-2000-20, CA-1999-14, CA-1998-05 
----------------------------------------------------------------------

  
  
  BIND
  20024 Part2 
  
  
  
  

	()
	

  
  
  
  ()
  
  BIND
  djbdns

  

  
  BINDdjbdns
  BIND
  
  named.confC
  

  named(
  )
  

	* 
	* ()
	    {}?
	* named
	* DNS
	  
	  !
	  

  
  
  
  djbdns

djbdns

djbdns
(tinydns)


BINDnamed

djbdns


 tinydns 


tinydns

	=www.ymzk.org:210.254.106.28:

(=)IP(A)
IP(PTR)

tinydns
(add-* )


	# ./add-ns newdomain.example.net 10.9.8.7
	# ./add-ns 8.9.10.in-addr.arpa 10.9.8.7
	# make

SOA
?


	.newdomain.example.net:10.9.8.7:a:259200
	.8.9.10.in-addr.arpa:10.9.8.7:a:259200




djbdns

djbdns/

IPdjbdns
daemontoolsdaemontoolsdjbdns
UNIX 
daemontools
Part2daemontools
djbdns


djbdns

  djbdns djbdns 1.05 
  http://cr.yp.to/djbdns/djbdns-1.05.tar.gz CDROM
  
  

	# gzip -dc djbdns-1.05.tar.gz | tar vxpf -
	# cd djbdns-1.05
	# make
	# make setup check

  djbdns /usr/local/bin 
   make 
   conf-home 

  djbdns /usr/local/bin 
  PATH




djbdns


1


DNS
UNIX 
Web



2

1 ----------------------+
|     Computer
|   +-----------+
|   |           |
|   |           |  (www.example.net 
|   |           |   
|   +-+-------+-+   )
|     |     |
|  /~~~~~~~~~\
|   www.example.net
+-------------------------------------------+
2 --------------------------+
|  
|   +-----------+
|   |           |
|   |           |  (
|   |           |   )
|   +-+-------+-+   +---+ +---+ +---+ +---+ 
|     |       |     |   | |   | |   | |   | 
|  /~~~~~~~~~~~~~\  +---+ +---+ +---+ +---+ 
|                   [...] [...] [...] [...] 
+-------------------------------------------+

LAN
UNIX
LAN






DNS





djbdns
root
http://cr.yp.to/djb.html 
 dnscache,  dnslog 
 `dns' 


---[Solaris, NetBSD, OpenBSD, Linux]------------------
	# groupadd dns
	# useradd -g dns -d /var/dns/dnscache dnscache
	# useradd -g dns -d /var/dns dnslog
---[FreeBSD]------------------
	# pw groupadd dns
	# pw useradd dnscache -d /var/dns/dnscache -g dns
	# pw useradd dnslog -d /var/dns -g dns


dnscache-conf 
dnscache-conf 

	# dnscache-conf  \
		  [IP]




	# dnscache-conf dnscache dnslog /var/dnscache

 /var/dnscache 
chroot


daemontools 
(1MB)
 /var/dnscache 

/var/dnscache 
 run 

--------------------------------------------------
# cd /var/dnscache
# ls -lF
total 5
drwxr-sr-x  2 root  wheel  512 Apr 24 13:42 env/
drwxr-sr-x  3 root  wheel  512 Apr 24 13:42 log/
drwxr-sr-x  4 root  wheel  512 Apr 24 13:42 root/
-rwxr-xr-x  1 root  wheel  148 Apr 24 13:42 run*
-rw-------  1 root  wheel  128 Apr 24 13:42 seed
# cat run
#!/bin/sh
exec 2>&1
exec <seed
exec envdir ./env sh -c '
  exec envuidgid dnscache softlimit -o250 -d "$DATALIMIT" /usr/local/bin/dnscache
'
--------------------------------------------------

djbdnsdaemontools
runrun
daemontools  envdir, envuidgid, softlimit 
run daemontools 
$PATH

 /var/dnscache daemontools 
 /service 
svscan

  # ln -s /var/dnscache /service

5dnscachelocalhost
/etc/resolv.conf  nameserver 

--[/etc/resolv.conf]-----------------------------------------------
nameserver	127.0.0.1
-------------------------------------------------------------------

Web

/var/dnscache/log/main/current 


	# tail -f /var/dnscache/log/main/current | tai64nlocal

tai64nlocal 




dnscache-conf 
IP

	# dnscache-conf dnscache dnslog /var/dnscachex 10.9.8.7

 /var/dnscachex 


  # ln -s /var/dnscachex /service

svscan5

IP 
/var/dnscachex/root/ip 

  # touch /var/dnscachex/root/ip/10.0.1.24

 IP  10.0.1.24 DNS

  # touch /var/dnscachex/root/ip/10.0.2

10.0.2.x (x)IPDNS
touch





dnscache



 dnscache  
"root/servers/<>" 
example.co.jp(10.1.0.0/16)  10.1.1.1 


  # echo 10.1.1.1 > /var/dnscachex/root/servers/example.co.jp	   ()
  # echo 10.1.1.1 > /var/dnscachex/root/servers/1.10.in-addr.arpa  ()



dnscache-conf 


  * env

  
  
  PATH
   "env/PATH" 

  * log

  
  supervise  run 

  * supervise

  supervise

  * run

  
  envdir
  

env


  * env/CACHESIZE
  1000000

  * env/DATALIMIT
   datasize 
  softlimit 3000000
  env/CACHESIZE

  * env/IP
  dnscachelistenIPIP
  

  * env/IPSEND
  0.0.0.0

  * env/ROOT
  

dnscache 
(TTL)
CACHESIZE

(log/main/current) stats  
stats 

 # grep -w stats /var/dnscachex/log/main/current \
     | tai64nlocal | tail -1

24 stats stats


   2002-04-24 14:03:53.744378500 stats 79081 105360 3 0
                                             ~~~~~~
   2002-04-25 14:15:34.542646500 stats 7153 326252 1 0
                                            ~~~~~~

stats2
 326252-105360=220892 
7
102000000CACHESIZE
DATALIMIT

  # echo 2000000 > /var/dnscachex/env/CACHESIZE
  # echo 2097152 > /var/dnscachex/env/DATALIMIT
  # svc -t /service/dnscachex






()tinydns
"tiny" 
 "great" 

 Part2
 daemontools 


tinydns

tinysdns
 tinydns 

---[Solaris, NetBSD, OpenBSD, Linux]------------------
	# groupadd dns
	# useradd -g dns -d /var/dns dnslog
	()
	# useradd -g dns -d /var/dns/tinydns tinydns
---[FreeBSD]------------------
	# pw groupadd dns
	# pw useradd dnslog -d /var/dns -g dns 
	()
	# pw useradd tinydns -d /var/dns/tinydns -g dns

 tinydns-conf 

	# tinydns-conf tinydns dnslog /var/tinydns 172.16.1.53

 /var/tinydns  172.16.1.53 
LAN
IP
IP

 /var/tinydns/root 
data
BIND named.conf 
named.conf 
tinydns
data

 "data" 

data

<timestamp>:<lo> 

  add-ns
  
  
    ./add-ns <fqdn> <ip>
  
   <fqdn> ANSSOA
  data
  
  	.<fqdn>:<ip>:a:259200
  
  data
  
  
  	.<fqdn>:<ip>:<x>:<ttl>:<timestamp>:<lo>
  
  <fqdn>NS <x>.<fqdn>  <x> 
   <x> 
  A <ip> 
  
	hostmaster@<fqdn>

  
  RFC2142 
   "hostmaster" 
  
  
  add-host
  IP
  
    ./add-host <fqdn> <ip>
  
   <fqdn> AIP <ip>
   <ip> PTR <fqdn> 
  
  
  	=<fqdn>:<ip>:86400
  
  (=)
  
  	=<fqdn>:<ip>:<ttl>:<timestamp>:<lo>
  
  
  
  add-alias
  IP
  
    ./add-alias <fqdn> <ip>
  
   <fqdn> AIP <ip>
  
  
  
  	+<fqdn>:<ip>:86400
  
  86400ttl
  
  add-mx
  (MX)
  
    ./add-mx <fqdn> <ip>
  
   <fqdn> MX
  IP <ip> 
  
  
  	@<fqdn>:<ip>:a::86400
  
  @MX
  
  	@<fqdn>:<ip>:<x>:<dist>:<ttl>:<timestamp>:<lo>
  
  <fqdn> MX <x>.<fqdn> 
  A <ip>  <x> 
   <x> MX<dist> 
  preferenceadd-mx 0
  preferencedata
  
  
  add-childns
  
  
    ./add-childns <fqdn> <ip>
  
   <fqdn>  NS, A 
  
  
  	&<fqdn>:<ip>:a:259200
  
  &
  
  	&<fqdn>:<ip>:<x>:<ttl>
  
  SOA(add-ns)
  


datadata
data

http://cr.yp.to/djbdns/tinydns-data.html 


tinydns

 ./add-* 

DNS

	* TXT

	  

	  '<fqdn>:<s>:<ttl>:<timestamp>:<lo>

	  <fqdn>TXT<s><s>
	   \xxx (xxx8) 
	  (:) \072 

	* PTR

	  (^)

	  ^<fqdn>:<p>:<ttl>:<timestamp>:<lo>

	  <fqdn>PTR<p>
	  IPCNAME
	  x.y.z.a 
	  IP
	  

	  a.z.y.x.in-addr.arpa   CNAME  a.a.z.y.x.in-addr.arpa
	  b.z.y.x.in-addr.arpa   CNAME  b.a.z.y.x.in-addr.arpa
	  c.z.y.x.in-addr.arpa   CNAME  c.a.z.y.x.in-addr.arpa
		:
		:
	  
	  ac

	  ()
	  # .a.z.y.x.in-addrNSSOA
	  .a.z.y.x.in-addr.arpa::ns.example.net:86400
	  #PTR
	  ^a.a.z.y.x.in-addr.arpa:network.example.net::
	  ^b.a.z.y.x.in-addr.arpa:host-b.example.net::
	  ^c.a.z.y.x.in-addr.arpa:host-c.example.net::

	* SOA

	  Z

Z<fqdn>:<mname>:<rname>:<ser>:<ref>:<ret>:<exp>:<min>:<ttl>:<timestamp>:<lo>

	  <fqdn>SOAdjbdns
	  SOA
	  Z
	  <mname>
	  
	  (16384)(2048)expire(1048576)
	  (2560)(
	  )


	* 

	  

	  :<fqdn>:<n>:<rdata>:<ttl>:<timestamp>:<lo>

	  <fqdn><n><rdata>
	  



IP
%12
IP

	%in:192.168
	%in:10.0.1
	%ex

192.168.*.*, 10.0.1.*  "in" 

%ex %in


+www.xxxx.yyy:10.8.50.1:::in
+www.xxxx.yyy:192.168.1.1:::ex

 in  10.8.50.1 
 192.168.1.1 
LANIP


tinydns

tinydnsdnscache env 



  * env/IP
  tinydnslistenIP

  * env/ROOT
  data

IP





Unix
djbdns

DNS add-host 

make

djbdns


	* 2
	  - foo.ymzk.org

	* ()
	  - bar.captor.org





  
   "data" 
   data 
  
   Makefile 
  

  ---[ Makefile ]-------------------------------------------------------
  DOMAINS = foo.ymzk.org bar.captor.org

  data.cdb:	data
	/usr/local/bin/tinydns-data

  data:	${DOMAINS}
	cat ${DOMAINS} > data
  ----------------------------------------------------------------------

  
  

  * foo.ymzk.org ()

  dnbdns
  

	# echo "=newhost.foo.ymzk.org:10.0.2.50" > foo.ymzk.org
	# make

  tinydns-data 

	# ./add-host newhost.foo.ymzk.org 10.0.2.50

  ./data 
   foo.ymzk.org 

	# tail -1 data > foo.ymzk.org

  

  * bar.captor.org ()

  djbdnsBIND
  djbdnsscp
  rsync()
  BINDBIND
  

  djbdnsaxfr-get
  ucspi-tcp  tcpclient 
  

	# tcpclient  53 axfr-get   

   bar.captor.org  ns.bar.captor.org 
  

	# tcpclient ns.bar.captor.org 53 axfr-get bar.captor.org \
		    bar.captor.org tmpfile

  2 bar.captor.org 
  make
   Makefile 

  ---[ Makefile  ]------------------------------------------------
  TCPC  = /usr/local/bin/tcpclient
  AXGET = /usr/local/bin/axfr-get

  bar.captor.org:
	${TCPC} ns.bar.captor.org 53 ${AXGET} $@ $@ tmpfile
  ----------------------------------------------------------------------

   

  ---[   Makefile ]---------------------------------------------
  DOMAINS = foo.ymzk.org bar.captor.org
  TCPC    = /usr/local/bin/tcpclient
  AXGET   = /usr/local/bin/axfr-get

  data.cdb:	data
	/usr/local/bin/tinydns-data

  data:	${DOMAINS}
	cat ${DOMAINS} > data
  bar.captor.org:
	${TCPC} ns.bar.captor.org 53 ${AXGET} $@ $@ tmpfile
  ----------------------------------------------------------------------

djbdns

  djbdns
  djbdns
  
  tinydns
  rsync  SSH 
  "rsync over ssh" djbdnsUnix
  
  
  SSH

  SSH OpenSSH 3.1p1 
  
  
  bar.captor.org 
   bar.captor.org ()

  

  ():
	1. DNS
	2. SSH
	3. 

  (djbdns):
	1. DNS
	2.  authorized_keys 
	3. 

  

  1. DNS
  -------------------------
   bardomain 
  

	(Solaris, NetBSD, OpenBSD, Linux)
	# useradd -m bardomain
	(FreeBSD)
	# pw useradd bardomain -m

  
  

  2. SSH
  -------------------------
  bardomain

  # su bardomain -c 'ssh-keygen -N "" -t rsa'
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Enter file in which to save the key (/home/bardomain/.ssh/id_rsa): [RET]
								     ~~~~~
  Your identification has been saved in /home/bardomain/.ssh/id_rsa.
  Your public key has been saved in /home/bardomain/.ssh/id_rsa.pub.
  The key fingerprint is:
  41:2d:ca:8b:d6:e0:ae:43:5e:98:d6:01:f9:52:92:fd dns@venus.baz.captor.org

  rsadsa
  

  3. 
  -----------------------------
  2 ~bardomain/.ssh/id_rsa.pub 
  cat
  &
  

	-	-

  ()

  1. DNS
  ------------------------

  
   baz.captor.org 
   bardomain 
  tinydns
  

	(Solaris, NetBSD, OpenBSD, Linux)
	# useradd -m -d /var/dns/tinydns/root/bardomain bardomain
	(FreeBSD)
	# pw useradd bardomain -m -d /var/dns/tinydns/root/bardomain

  2.  authorized_keys 
  ----------------------------------------------
  ~bardomain  .ssh 
   authorized_keys 

	# mkdir ~bardomain/.ssh
	# cp  ~bardomain/.ssh/authorized_keys
	# chmod -R og-rx ~bardomain/.ssh

  3. 
  -------------------------------------------
  (0)tinydns/root 
  

	# cd /var/dns/tinydns/root
	# touch bardomain/bar.captor.org
	# ln -s bardomain/bar.captor.org .
	# chown -R bardomain bardomain

   /var/dns/tinydns/root/Makefile make 
  data.cdb  bar.captor.org 
  (  )

   bardomain 
  
  SSH
   .ssh 
  ssh -v 

  SSH
  

	# su bardomain -c 'scp bar.captor.org ns.foo.ymzk.org:'

  rsync

	# su bardomain -c 'rsync -e ssh -az ~ ns.foo.ymzk.org:'

  

  ()cron tinydns/root 
   make  dns 
  setuid make  wrapper  bardomain 
  Unix
  

djbdns

djbdns


* tinydns/dnscache 

   ps
  (BIND) netstat 
  tinydns, dnscache IP
  UDP53axfrdns TCP53 
  env/IP djbdns
  

   run($PATH)

* LAN1dnscache

   dnscache/root/ip/ LANIP
  

   dnscache/env/IP LANIP
  

* tinydns

   tinydns/env/IP WANIP
  

* tinydns/dnscache 

  

DNSIP
UDP53TCP53





Dynamic DNS
BIND

djbdns 

djbdns



yuuji@gentei.org
Fingerprint16 = FF F9 FF CC E0 FE 5C F7 19 97 28 24 EC 5D 39 BA
HIROSE Yuuji - ASTROLOGY / BIKE / EPO / GUEST BOOK / YaTeX [Tweet]