普段は、Red Hat系OS(Fedora,Cent OS)を使っていて、apt-get コマンドは不慣れなのでメモ。
yum update = apt-get upgrade
yum list = apt-get update して apt-cache pkgnames または apt-cache search 文字列
yum install パッケージ名 = apt-get install パッケージ名
yum remove パッケージ名 = apt-get remove パッケージ名
DNS(キャッシュサーバ)、unboundをインストール
# apt-get update
ヒット http://jp.archive.ubuntu.com jaunty Release.gpg
# apt-cache search unbound
cl-plus - Common Lisp extensions for building some Debian CL packages
libocamlbricks-ocaml-dev - Miscellaneous utility functions in OCaml for Marionnet
libunbound-dev - static library, header files, and docs for libunbound
libunbound0 - library implementing DNS resolution and validation
python-gmpy - Interfaces GMP to Python for fast, unbound-precision computations
python-qwt4 - Python version of the Qwt technical widget library
python-qwt4-doc - Documentation for the Python-qwt library
python-qwt5-doc - Python version of the Qwt5 technical widget library
python-qwt5-qt3 - Python version of the Qwt5 technical widget library
python-qwt5-qt4 - Python version of the Qwt5 technical widget library
sword-text-tagalog - Tagalog translation of James and John Bible texts
unbound - validating, recursive, caching DNS resolver
unbound-host - reimplementation of the 'host' command
# apt-cache pkgnames | grep unbound
libunbound-dev
unbound
libunbound0
unbound-host
# apt-get install unbound
パッケージリストを読み込んでいます... 完了
依存関係ツリーを作成しています
状態情報を読み取っています... 完了
以下の特別パッケージがインストールされます:
libldns1
以下のパッケージが新たにインストールされます:
libldns1 unbound
アップグレード: 0 個、新規インストール: 2 個、削除: 0 個、保留: 0 個。
711kB のアーカイブを取得する必要があります。
この操作後に追加で 1712kB のディスク容量が消費されます。
続行しますか [Y/n]? y
取得:1 http://jp.archive.ubuntu.com jaunty/universe libldns1 1.4.0-1 [114kB]
取得:2 http://jp.archive.ubuntu.com jaunty/universe unbound 1.2.1-0ubuntu1 [597kB]
711kB を 0s で取得しました (725kB/s)
未選択パッケージ libldns1 を選択しています。
(データベースを読み込んでいます ... 現在 103020 個のファイルとディレクトリがインストールされています。)
(.../libldns1_1.4.0-1_i386.deb から) libldns1 を展開しています...
未選択パッケージ unbound を選択しています。
(.../unbound_1.2.1-0ubuntu1_i386.deb から) unbound を展開しています...
man-db のトリガを処理しています ...
libldns1 (1.4.0-1) を設定しています ...
unbound (1.2.1-0ubuntu1) を設定しています ...
* Starting recursive DNS server unbound [ OK ]
libc6 のトリガを処理しています ...
ldconfig deferred processing now taking place
# # apt-cache show unbound
Package: unbound
Priority: optional
Section: universe/net
Installed-Size: 1376
Maintainer: Ubuntu MOTU Developers
Original-Maintainer: Robert S. Edmonds
Architecture: i386
Version: 1.2.1-0ubuntu1
Depends: libc6 (>= 2.4), libldns1, libssl0.9.8 (>= 0.9.8f-5), adduser
Filename: pool/universe/u/unbound/unbound_1.2.1-0ubuntu1_i386.deb
Size: 597346
MD5sum: 2141d09b9741866c8cf8a62690b700b9
SHA1: 4c2f2eb8f871896ad182877ef2caf11704265cc2
SHA256: 1122230e17f92cc7470e290853d5d74f47d2b580c0dadd3e6f701a647045321c
Description: validating, recursive, caching DNS resolver
Unbound is a recursive-only caching DNS server which can optionally
perform DNSSEC validation of results. It implements only a minimum amount
of authoritative service to prevent leakage to the root nameservers:
forward lookups for localhost, reverse for 127.0.0.1 and ::1, and
NXDOMAIN for zones served by AS112. Stub and forward zones are supported.
.
Unbound implements a number of security features, including chrooting and
privilege dropping. The Debian init script will populate a chroot by default.
.
This package contains the unbound daemon.
Homepage: http://www.unbound.net/
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
#
# lsof -i:53
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
unbound 11484 unbound 3u IPv4 56525 UDP localhost:domain
unbound 11484 unbound 4u IPv4 56527 TCP localhost:domain (LISTEN)
root@alaska:~/.vnc# dig @127.1 www.google.com
; <<>> DiG 9.5.1-P2 <<>> @127.1 www.google.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8420
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 604784 IN CNAME www.l.google.com.
www.l.google.com. 284 IN A 66.249.89.99
www.l.google.com. 284 IN A 66.249.89.147
www.l.google.com. 284 IN A 66.249.89.104
# unbound-control status
[1240766356] unbound-control[11528:0] warning: control-enable is 'no' in the config file.
error: Error setting up SSL_CTX client key and cert
11528:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/var/lib/unbound/etc/unbound/unbound_control.pem','r')
11528:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
11528:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:470:
# grep control-enable /etc/unbound/unbound.conf
# control-enable: no
control-enable: yes
# unbound-control-setup
setup in directory /etc/unbound
generating unbound_server.key
Generating RSA private key, 1024 bit long modulus
..........++++++
.............................++++++
e is 65537 (0x10001)
generating unbound_control.key
Generating RSA private key, 1024 bit long modulus
...++++++
...............++++++
e is 65537 (0x10001)
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use
#
# /etc/init.d/unbound restart
* Restarting recursive DNS server unbound [ OK ]
# lsof -i:953
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
unbound 12018 unbound 5u IPv4 59685 TCP localhost:953 (LISTEN)
# unbound-control status
version: 1.2.1
verbosity: 1
threads: 1
modules: 2 [ validator iterator ]
uptime: 6 seconds
unbound (pid 12018) is running...
#
# unbound-control stats
thread0.num.queries=0
thread0.num.cachehits=0
thread0.num.cachemiss=0
thread0.num.recursivereplies=0
# unbound-control dump_cache | head -5
START_RRSET_CACHE
;rrset 86382 1 0 3 0
b.l.google.com. 86382 IN A 74.125.45.9
;rrset 86381 1 0 1 0
f.gtld-servers.net. 172781 IN A 192.35.51.30
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.