自宅サーバのディスクが飛んだので新装オープン(2007年12月1日〜)
予定 | TODO | Link |
---|---|---|
|
|
|
Namazu for hns による簡易全文検索 詳しくは 詳細指定/ヘルプを参照して下さい |
||||||||||||||||||||||||||||||||||||||||||||||||
うどんの日
豊橋にいたころから長らく使い続け、研究室内の各種サーバだったDual Xeonなマシンが、油断していると止まる、という状況が頻発するようになったので、7年の稼働に感謝しつつ、各種サービスを他機に移すために設定ファイルなどのバックアップを行ってから止めた。
もともとそのつもりで買っておきながら2、3年(もっとか?)遊ばせていたNEC Express5800 110GcのFreeBSD/i386 8-STABLEに
すでに研究室のNAT/NAPTルータとして日の目を見るようになったSun Ultra2のSolaris 10
$ cat /etc/release Solaris 10 8/07 s10s_u4wos_12b SPARC Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms. Assembled 16 August 2007は、gatewayやipnatの仕事を静かに遂行中であるが、この際なので研究室のDNSサーバもやってもらうことにした。
$ wget -q -O - http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.5.tar.gz | gtar xvzf - $ cd nsd-3.2.5 $ CC="/opt/SUNWspro/bin/cc -m64" ./configure && gmake $ pfexec gmake install $ wget -q -O - http://unbound.nlnetlabs.nl/downloads/unbound-latest.tar.gz | gtar xvzf - $ CC="/opt/SUNWspro/bin/cc -m64" ./configure --disable-sha2 && gmake $ pfexec gmake installSolarisならでは、という点は、 sudoじゃなくてpfexecを使う ことぐらいだろうか。-m64を付けたのは、以前、pkgsrcでOpenSSLのライブラリをインストールしたときに64-bitでコンパイルしたからである。 *1
# ifconfig hme0 addif 192.168.xxx.yyy/24 plumb upこれでhme0:1ができたので、起動時にも自動的に設定されるように、/etc/hostname.hme0:1を用意した。当然、未確認である。(15:05現在)
nsd.confとunbound.confをそれぞれ以下のようにした。
# options for the nsd server server: ip-address: 192.168.xxx.aaa ip-address: 127.0.0.1 hide-version: no debug-mode: no ip4-only: no ip6-only: no database: "/var/db/nsd/nsd.db" identity: "unidentified server" server-count: 1 tcp-count: 10 tcp-query-count: 0 tcp-timeout: 120 pidfile: "/var/run/nsd.pid" port: 53 statistics: 3600 #chroot: "/etc/nsd" username: nsd zonesdir: "/etc/nsd" difffile: "/var/db/nsd/ixfr.db" verbosity: 1 zone: name: "4407.kankyo-u.ac.jp" zonefile: "/etc/nsd/d4407"
server: verbosity: 1 interface: 192.168.xxx.yyy port: 53 access-control: 192.168.111.0/24 allow local-zone: "111.168.192.in-addr.arpa." transparent stub-zone: name: "4407.kankyo-u.ac.jp" stub-addr: 192.168.xxx.aaa@53 forward-zone: name: "." forward-addr: 192.168.oo.oo
<?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type='manifest' name='nsd-server'> <service name='network/dns/nsd-server' type='service' version='1'> <dependency name='filesystem_minimal' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/system/filesystem/local' /> </dependency> <dependency name='loopback' grouping='require_any' restart_on='error' type='service'> <service_fmri value='svc:/network/loopback' /> </dependency> <dependency name='network' grouping='optional_all' restart_on='error' type='service'> <service_fmri value='svc:/milestone/network' /> </dependency> <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' /> <exec_method type='method' name='refresh' exec='/lib/svc/method/nsd-server %m %i' timeout_seconds='60' /> <!-- In able to run multiple nsd(8) processes with their own configuration file or properties each must have a unique instance. --> <instance name='default' enabled='false' > <exec_method type='method' name='start' exec='/lib/svc/method/nsd-server %m %i' timeout_seconds='60' > <method_context> <!-- privileges: (see privileges(5) and /etc/security/priv_names) file_dac_read, file_dac_search: Necessary for reading the configuration file even it is restricted by the file permission. net_privaddr: Bind to a privileged port number. sys_resource: Permit the setting of resource limits (eg. stack size). proc_chroot: Permit use of chroot(2). --> <method_credential user='nsd' group='nsd' privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot' /> </method_context> </exec_method> <property_group name='general' type='framework'> <!-- manage DNS server state --> <propval name='action_authorization' type='astring' value='solaris.smf.manage.nsd' /> <propval name='value_authorization' type='astring' value='solaris.smf.manage.nsd' /> </property_group> <!-- Default property settings for nsd(8) instance. --> <property_group name='options' type='application'> <!-- server: specifies an alternative server command. If not specified the default /usr/local/sbin/nsd is used. --> <propval name='server' type='astring' value='' /> <!-- configuration_file: specifies an alternative configuration file to be used. The property is similar to nsd(8) command line option '-c' --> <propval name='configuration_file' type='astring' value='' /> <!-- ip_interfaces: specifies which IP transport NSD will transmit on. Possible values are 'IPv4' or 'IPv6'. Any other setting assumes 'all', the default. Equivalent command line option '-4' or '-6'. --> <propval name='ip_interfaces' type='astring' value='all' /> <!-- listen_on_port: Specifies the default UDP and TCP port which will be used to listen for DNS requests. Equivalent command line option '-p <integer>'. --> <propval name='listen_on_port' type='integer' value='0' /> <!-- debug_level: Specifies the default debug level. The default is 0; no debugging. The Higher the number the more verbose debug information becomes. Equivalent command line option '-V <integer>'. --> <propval name='debug_level' type='integer' value='0' /> <!-- chroot_dir: Change the root directory using chroot(2) to directory after processing the command line arguments, but before reading the configuration file. Equivalent command line option '-t <pathname>'. --> <propval name='chroot_dir' type='astring' value='' /> </property_group> </instance> <stability value='Unstable' /> <template> <common_name> <loctext xml:lang='C'> NDS DNS server </loctext> </common_name> <documentation> <manpage title='named' section='8' manpath='/usr/local/share/man' /> </documentation> </template> </service> </service_bundle>
<?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type='manifest' name='unbound'> <service name='network/dns/unbound' type='service' version='1'> <create_default_instance enabled='false' /> <single_instance /> <dependency name='usr' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/system/filesystem/minimal' /> </dependency> <!-- need /usr/local/etc/unbound/unbound.conf --> <dependency name='net' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/network/service' /> </dependency> <dependency name='config_data' grouping='require_all' restart_on='none' type='path'> <service_fmri value='file://localhost/usr/local/etc/unbound/unbound.conf' /> </dependency> <dependency name='loopback' grouping='require_any' restart_on='error' type='service'> <service_fmri value='svc:/network/loopback' /> </dependency> <dependency name='network' grouping='optional_all' restart_on='error' type='service'> <service_fmri value='svc:/milestone/network' /> </dependency> <exec_method type='method' name='start' exec='/lib/svc/method/unbound start' timeout_seconds='30' > <method_context working_directory='/usr/local/etc/unbound' /> </exec_method> <exec_method type='method' name='stop' exec=':kill' timeout_seconds='10' /> <stability value='Unstable' /> <template> <common_name> <loctext xml:lang='C'> DNS resolver server </loctext> </common_name> <documentation> <manpage title='unbound' section='8' manpath='/usr/local/share/man' /> </documentation> </template> </service> </service_bundle>
#!/sbin/sh # smf_method(5) start/stop script required for server DNS . /lib/svc/share/smf_include.sh result=${SMF_EXIT_OK} # Read command line arguments method="$1" # %m instance="$2" # %i # Set defaults; SMF_FMRI should have been set, but just in case. if [ -z "$SMF_FMRI" ]; then SMF_FMRI="svc:/network/dns/nsd-server:${instance}" fi server="/usr/local/sbin/nsd" I=`/usr/bin/basename $0` case "$method" in 'start') cmdopts="" properties="debug_level ip_interfaces listen_on_port chroot_dir configuration_file server" for prop in $properties do value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}` if [ -z "${value}" -o "${value}" = '""' ]; then continue; fi case $prop in 'debug_level') if [ ${value} -gt 0 ]; then cmdopts="${cmdopts} -V ${value}" fi ;; 'ip_interfaces') case ${value} in 'IPv4') cmdopts="${cmdopts} -4";; 'IPv6') cmdopts="${cmdopts} -6";; 'all') : # Default is all, therefore ignore. ;; *) echo "$I: Unrecognised value in service instance property" >&2 echo "$I: options/${prop} : ${value}" >&2 ;; esac ;; 'listen_on_port') if [ ${value} -gt 0 ]; then cmdopts="${cmdopts} -p ${value}" fi ;; 'chroot_dir') cmdopts="${cmdopts} -t ${value}" ;; 'configuration_file') cmdopts="${cmdopts} -c ${value}" ;; 'server') set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'` server=$@ ;; esac done if [ ${result} = ${SMF_EXIT_OK} ]; then echo "$I: Executing: ${server} ${cmdopts}" # Execute named(1M) with relevant command line options. ${server} ${cmdopts} result=$? fi ;; 'stop') smf_kill_contract ${contract} TERM 1 [ $? -ne 0 ] && exit 1 ;; 'refresh') /usr/local/sbin/nsdc rebuild /usr/local/sbin/nsdc reload ;; *) echo "Usage: $I [stop|start] <instance>" >&2 exit 1 ;; esac exit ${result}
#!/sbin/sh . /lib/svc/share/smf_include.sh case "$1" in start) /usr/local/sbin/unbound ;; *) echo "Usage: $0 {start}" exit 1 ;; esac
うどんの日