自宅サーバのディスクが飛んだので新装オープン(2007年12月1日〜)
| 予定 | TODO | Link |
|---|---|---|
|
|
|
Namazu for hns による簡易全文検索 詳しくは 詳細指定/ヘルプを参照して下さい |
||||||||||||||||||||||||||||||||||||||||||||||||
うどんの日
豊橋にいたころから長らく使い続け、研究室内の各種サーバだったDual Xeonなマシンが、油断していると止まる、という状況が頻発するようになったので、7年の稼働に感謝しつつ、各種サービスを他機に移すために設定ファイルなどのバックアップを行ってから止めた。
もともとそのつもりで買っておきながら2、3年(もっとか?)遊ばせていたNEC Express5800 110GcのFreeBSD/i386 8-STABLEに
すでに研究室のNAT/NAPTルータとして日の目を見るようになったSun Ultra2のSolaris 10
$ cat /etc/release
Solaris 10 8/07 s10s_u4wos_12b SPARC
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 16 August 2007
は、gatewayやipnatの仕事を静かに遂行中であるが、この際なので研究室のDNSサーバもやってもらうことにした。
$ wget -q -O - http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.5.tar.gz | gtar xvzf - $ cd nsd-3.2.5 $ CC="/opt/SUNWspro/bin/cc -m64" ./configure && gmake $ pfexec gmake install $ wget -q -O - http://unbound.nlnetlabs.nl/downloads/unbound-latest.tar.gz | gtar xvzf - $ CC="/opt/SUNWspro/bin/cc -m64" ./configure --disable-sha2 && gmake $ pfexec gmake installSolarisならでは、という点は、 sudoじゃなくてpfexecを使う ことぐらいだろうか。-m64を付けたのは、以前、pkgsrcでOpenSSLのライブラリをインストールしたときに64-bitでコンパイルしたからである。 *1
# ifconfig hme0 addif 192.168.xxx.yyy/24 plumb upこれでhme0:1ができたので、起動時にも自動的に設定されるように、/etc/hostname.hme0:1を用意した。当然、未確認である。(15:05現在)
nsd.confとunbound.confをそれぞれ以下のようにした。
# options for the nsd server server: ip-address: 192.168.xxx.aaa ip-address: 127.0.0.1 hide-version: no debug-mode: no ip4-only: no ip6-only: no database: "/var/db/nsd/nsd.db" identity: "unidentified server" server-count: 1 tcp-count: 10 tcp-query-count: 0 tcp-timeout: 120 pidfile: "/var/run/nsd.pid" port: 53 statistics: 3600 #chroot: "/etc/nsd" username: nsd zonesdir: "/etc/nsd" difffile: "/var/db/nsd/ixfr.db" verbosity: 1 zone: name: "4407.kankyo-u.ac.jp" zonefile: "/etc/nsd/d4407"
server: verbosity: 1 interface: 192.168.xxx.yyy port: 53 access-control: 192.168.111.0/24 allow local-zone: "111.168.192.in-addr.arpa." transparent stub-zone: name: "4407.kankyo-u.ac.jp" stub-addr: 192.168.xxx.aaa@53 forward-zone: name: "." forward-addr: 192.168.oo.oo
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type='manifest' name='nsd-server'>
<service
name='network/dns/nsd-server'
type='service'
version='1'>
<dependency
name='filesystem_minimal'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/filesystem/local' />
</dependency>
<dependency
name='loopback'
grouping='require_any'
restart_on='error'
type='service'>
<service_fmri value='svc:/network/loopback' />
</dependency>
<dependency
name='network'
grouping='optional_all'
restart_on='error'
type='service'>
<service_fmri value='svc:/milestone/network' />
</dependency>
<exec_method
type='method'
name='stop'
exec=':kill'
timeout_seconds='60' />
<exec_method
type='method'
name='refresh'
exec='/lib/svc/method/nsd-server %m %i'
timeout_seconds='60' />
<!--
In able to run multiple nsd(8) processes with their own
configuration file or properties each must have a unique
instance.
-->
<instance name='default' enabled='false' >
<exec_method
type='method'
name='start'
exec='/lib/svc/method/nsd-server %m %i'
timeout_seconds='60' >
<method_context>
<!--
privileges: (see privileges(5) and /etc/security/priv_names)
file_dac_read, file_dac_search:
Necessary for reading the configuration file
even it is restricted by the file permission.
net_privaddr:
Bind to a privileged port number.
sys_resource:
Permit the setting of resource limits (eg. stack
size).
proc_chroot:
Permit use of chroot(2).
-->
<method_credential
user='nsd'
group='nsd'
privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot' />
</method_context>
</exec_method>
<property_group name='general' type='framework'>
<!-- manage DNS server state -->
<propval name='action_authorization' type='astring'
value='solaris.smf.manage.nsd' />
<propval name='value_authorization' type='astring'
value='solaris.smf.manage.nsd' />
</property_group>
<!-- Default property settings for nsd(8) instance. -->
<property_group name='options' type='application'>
<!--
server: specifies an alternative server command. If
not specified the default /usr/local/sbin/nsd is used.
-->
<propval name='server' type='astring' value='' />
<!--
configuration_file: specifies an alternative
configuration file to be used. The property is similar
to nsd(8) command line option '-c'
-->
<propval name='configuration_file' type='astring' value='' />
<!--
ip_interfaces: specifies which IP transport NSD will
transmit on. Possible values are 'IPv4' or 'IPv6'. Any
other setting assumes 'all', the default.
Equivalent command line option '-4' or '-6'.
-->
<propval name='ip_interfaces' type='astring' value='all' />
<!--
listen_on_port: Specifies the default UDP and TCP port
which will be used to listen for DNS requests.
Equivalent command line option '-p <integer>'.
-->
<propval name='listen_on_port' type='integer' value='0' />
<!--
debug_level: Specifies the default debug level. The
default is 0; no debugging. The Higher the number the
more verbose debug information becomes.
Equivalent command line option '-V <integer>'.
-->
<propval name='debug_level' type='integer' value='0' />
<!--
chroot_dir: Change the root directory using chroot(2)
to directory after processing the command line
arguments, but before reading the configuration file.
Equivalent command line option '-t <pathname>'.
-->
<propval name='chroot_dir' type='astring' value='' />
</property_group>
</instance>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>
NDS DNS server
</loctext>
</common_name>
<documentation>
<manpage title='named' section='8'
manpath='/usr/local/share/man' />
</documentation>
</template>
</service>
</service_bundle>
<?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type='manifest' name='unbound'> <service name='network/dns/unbound' type='service' version='1'> <create_default_instance enabled='false' /> <single_instance /> <dependency name='usr' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/system/filesystem/minimal' /> </dependency> <!-- need /usr/local/etc/unbound/unbound.conf --> <dependency name='net' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/network/service' /> </dependency> <dependency name='config_data' grouping='require_all' restart_on='none' type='path'> <service_fmri value='file://localhost/usr/local/etc/unbound/unbound.conf' /> </dependency> <dependency name='loopback' grouping='require_any' restart_on='error' type='service'> <service_fmri value='svc:/network/loopback' /> </dependency> <dependency name='network' grouping='optional_all' restart_on='error' type='service'> <service_fmri value='svc:/milestone/network' /> </dependency> <exec_method type='method' name='start' exec='/lib/svc/method/unbound start' timeout_seconds='30' > <method_context working_directory='/usr/local/etc/unbound' /> </exec_method> <exec_method type='method' name='stop' exec=':kill' timeout_seconds='10' /> <stability value='Unstable' /> <template> <common_name> <loctext xml:lang='C'> DNS resolver server </loctext> </common_name> <documentation> <manpage title='unbound' section='8' manpath='/usr/local/share/man' /> </documentation> </template> </service> </service_bundle>
#!/sbin/sh
# smf_method(5) start/stop script required for server DNS
. /lib/svc/share/smf_include.sh
result=${SMF_EXIT_OK}
# Read command line arguments
method="$1" # %m
instance="$2" # %i
# Set defaults; SMF_FMRI should have been set, but just in case.
if [ -z "$SMF_FMRI" ]; then
SMF_FMRI="svc:/network/dns/nsd-server:${instance}"
fi
server="/usr/local/sbin/nsd"
I=`/usr/bin/basename $0`
case "$method" in
'start')
cmdopts=""
properties="debug_level ip_interfaces listen_on_port
chroot_dir configuration_file server"
for prop in $properties
do
value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}`
if [ -z "${value}" -o "${value}" = '""' ]; then
continue;
fi
case $prop in
'debug_level')
if [ ${value} -gt 0 ]; then
cmdopts="${cmdopts} -V ${value}"
fi
;;
'ip_interfaces')
case ${value} in
'IPv4')
cmdopts="${cmdopts} -4";;
'IPv6')
cmdopts="${cmdopts} -6";;
'all')
: # Default is all, therefore ignore.
;;
*)
echo "$I: Unrecognised value in service instance property" >&2
echo "$I: options/${prop} : ${value}" >&2
;;
esac
;;
'listen_on_port')
if [ ${value} -gt 0 ]; then
cmdopts="${cmdopts} -p ${value}"
fi
;;
'chroot_dir')
cmdopts="${cmdopts} -t ${value}"
;;
'configuration_file')
cmdopts="${cmdopts} -c ${value}"
;;
'server')
set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'`
server=$@
;;
esac
done
if [ ${result} = ${SMF_EXIT_OK} ]; then
echo "$I: Executing: ${server} ${cmdopts}"
# Execute named(1M) with relevant command line options.
${server} ${cmdopts}
result=$?
fi
;;
'stop')
smf_kill_contract ${contract} TERM 1
[ $? -ne 0 ] && exit 1
;;
'refresh')
/usr/local/sbin/nsdc rebuild
/usr/local/sbin/nsdc reload
;;
*)
echo "Usage: $I [stop|start] <instance>" >&2
exit 1
;;
esac
exit ${result}
#!/sbin/sh
. /lib/svc/share/smf_include.sh
case "$1" in
start)
/usr/local/sbin/unbound
;;
*)
echo "Usage: $0 {start}"
exit 1
;;
esac
うどんの日