Aimless

BIND10を起動してみた。

DNS

先週の脆弱性を受けて、自ドメインのBINDをBIND 9.9.2にアップデートしました。その際「いっそのこと開発中のBIND10にするか?」と悩んだのですが、上手く行く気がしなかったので自宅の仮想マシン(CentOS6.3)で色々試してみました。まずは権威DNS用のプロセスが起動するまでです。

インストールしてみる

 ISCからソースをダウンロードしてきて./configureしたものの一筋縄ではいかず、下記を追加インストールしました。

  1. gcc-c++をyumで
  2. Python3.3.0をソースから
  3. setproctitle-1.1.6をソースから
  4. Botan-1.10.3をソースから
  5. log4cplus-1.1.0をソースから
  6. boost.1.51.0をソースから
  7. sqlite-develをyumで

起動してみる

[root@centos6 bind10-devel-20120927]# bind10
Traceback (most recent call last):
  File "/usr/local/sbin/bind10", line 68, in <module>
    import isc.cc
  File "/usr/local/lib/python3.3/site-packages/isc/__init__.py", line 7, in <module>
    import isc.datasrc
  File "/usr/local/lib/python3.3/site-packages/isc/datasrc/__init__.py", line 33, in <module>
    from isc.datasrc.sqlite3_ds import *
  File "/usr/local/lib/python3.3/site-packages/isc/datasrc/sqlite3_ds.py", line 16, in <module>
    import sqlite3, re, random
  File "/usr/local/lib/python3.3/sqlite3/__init__.py", line 23, in <module>
    from sqlite3.dbapi2 import *
  File "/usr/local/lib/python3.3/sqlite3/dbapi2.py", line 26, in <module>
    from _sqlite3 import *
ImportError: No module named '_sqlite3'

 pythonがsqliteを読み込めてない模様。pythonを再度makeして再びbind10を起動してみる。

2012-10-13 22:58:18.593 INFO  [b10-stats.stats] STATS_STARTING starting
Traceback (most recent call last):
  File "/usr/local/libexec/bind10-devel/b10-cmdctl", line 36, in <module>
    import ssl, socket
  File "/usr/local/lib/python3.3/ssl.py", line 60, in <module>
    import _ssl             # if we can't import it, let the error propagate
ImportError: No module named '_ssl'

 pythonがsslを読み込めていない模様。openssl-develをyumでインストールしてpythonを再makeする。そして再びbind10を起動する。

[root@centos6 Python-3.3.0]# bind10 &
2012-10-13 23:12:07.689 INFO  [b10-boss.boss] BIND10_STARTING starting BIND10: bind10 20110223 (BIND 10 20120927)
2012-10-13 23:12:07.689 INFO  [b10-boss.boss] BIND10_CONFIGURATOR_START bind10 component configurator is starting up
2012-10-13 23:12:07.689 INFO  [b10-boss.boss] BIND10_COMPONENT_START component Socket creator is starting
2012-10-13 23:12:07.692 INFO  [b10-boss.boss] BIND10_SOCKCREATOR_INIT initializing socket creator parser
2012-10-13 23:12:07.692 INFO  [b10-boss.boss] BIND10_COMPONENT_START component msgq is starting
2012-10-13 23:12:07.692 INFO  [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-msgq
2012-10-13 23:12:07.797 INFO  [b10-boss.boss] BIND10_COMPONENT_START component cfgmgr is starting
2012-10-13 23:12:07.797 INFO  [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-cfgmgr
2012-10-13 23:12:07.874 INFO  [b10-cfgmgr.cfgmgr] CFGMGR_CONFIG_FILE Configuration manager starting with configuration file: /usr/local/var/bind10-devel/b10-config.db
2012-10-13 23:12:08.802 INFO  [b10-boss.boss] BIND10_STARTING_CC starting configuration/command session
2012-10-13 23:12:08.820 INFO  [b10-boss.boss] BIND10_READING_BOSS_CONFIGURATION reading boss configuration
2012-10-13 23:12:08.820 INFO  [b10-boss.boss] BIND10_CONFIGURATOR_RECONFIGURE reconfiguring running components
2012-10-13 23:12:08.820 INFO  [b10-boss.boss] BIND10_COMPONENT_START component b10-cmdctl is starting
2012-10-13 23:12:08.820 INFO  [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-cmdctl
2012-10-13 23:12:08.823 INFO  [b10-boss.boss] BIND10_COMPONENT_START component b10-stats is starting
2012-10-13 23:12:08.823 INFO  [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-stats
2012-10-13 23:12:08.829 INFO  [b10-boss.boss] BIND10_STARTUP_COMPLETE BIND 10 started
2012-10-13 23:12:08.991 INFO  [b10-stats.stats] STATS_STARTING starting

 起動したっぽい。しかし、問い合わせに応答しない・・・。
[root@centos6 bind10-devel]# dig @127.0.0.1 -c CH -t TXT authors.bind

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.5 <<>> @127.0.0.1 -c CH -t TXT authors.bind
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

 ガイドを見ると、デフォルトでは特定のプロセスしか起動ないみたいなので、権威DNS用のプロセス(b10-auth)を別途起動させる。

The processes to be used can be configured for bind10 to start, with the exception of the required b10-sockcreator, b10-msgq and b10-cfgmgr components. The configuration is in the Boss/components section. Each element represents one component, which is an abstraction of a process.

BIND 10 Guide

[root@centos6 /]# /usr/local/libexec/bind10-devel/b10-auth &   
[2] 2620
[root@centos6 /]# 2012-10-13 23:57:03.313 INFO  [b10-auth.auth] AUTH_SERVER_CREATED server created
2012-10-13 23:57:03.320 INFO  [b10-boss.boss] BIND10_SOCKET_GET requesting socket [::]:53 of type TCP from the creator
2012-10-13 23:57:03.320 INFO  [b10-boss.boss] BIND10_SOCKET_CREATED successfully created socket 19
2012-10-13 23:57:03.321 INFO  [b10-boss.boss] BIND10_SOCKET_GET requesting socket [::]:53 of type UDP from the creator
2012-10-13 23:57:03.321 INFO  [b10-boss.boss] BIND10_SOCKET_CREATED successfully created socket 21
2012-10-13 23:57:03.322 INFO  [b10-boss.boss] BIND10_SOCKET_GET requesting socket [0.0.0.0]:53 of type TCP from the creator
2012-10-13 23:57:03.322 INFO  [b10-boss.boss] BIND10_SOCKET_CREATED successfully created socket 22
2012-10-13 23:57:03.323 INFO  [b10-boss.boss] BIND10_SOCKET_GET requesting socket [0.0.0.0]:53 of type UDP from the creator
2012-10-13 23:57:03.323 INFO  [b10-boss.boss] BIND10_SOCKET_CREATED successfully created socket 23
2012-10-13 23:57:03.328 INFO  [b10-auth.auth] AUTH_SERVER_STARTED server started

 改めて自身に問い合わせて見る。ちゃんと応答した。長かった・・・

[root@centos6 /]# dig @127.0.0.1 -c CH -t TXT version.bind

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.5 <<>> @127.0.0.1 -c CH -t TXT version.bind
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39377
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;version.bind.                  CH      TXT

;; ANSWER SECTION:
version.bind.           0       CH      TXT     "bind10-devel 20120927"

;; AUTHORITY SECTION:
bind.                   0       CH      NS      bind.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 13 23:57:39 2012
;; MSG SIZE  rcvd: 78

今後の予定

 次はゾーンファイルを食べさせる所ですね。DNSSECが動く所まで確認出来たら、自ドメインの権威DNSをbind10にしてしまおうと思います。

13 Oct 2012