rndc远程管理DNS 生成rndc-key #rndc-confgen -r /dev/urandom # Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "MFM4AocpN0lcoL4fN2lA6Q=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf # Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5; # secret "MFM4AocpN0lcoL4fN2lA6Q=="; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf 把rndc-key和controls配置到bind的主配置文件的options段里 /etc/named.conf key "rndc-key" { algorithm hmac-md5; secret "MFM4AocpN0lcoL4fN2lA6Q=="; }; controls { inet 10.4.7.11 port 953 allow { 10.4.7.11;10.4.7.12; } keys { "rndc-key"; }; }; 注意:这里要配置一下controls段的acl,限定好哪些主机可以使用rndc管理DNS服务 重启bind9服务 # systemctl restart named rndc的服务端监听在953端口,检查一下端口是否起来 # netstat -luntp|grep 953 tcp 0 0 10.4.7.11:953 0.0.0.0:* LISTEN 11136/named 在远程管理主机上安装bindyum install -y bind bind-chroot bind-utils rndc命令在bind包里,所以远程管理主机需要安装bind(不需要启动named) 在远程管理主机上做rndc.conf 使用rndc进行远程管理的主机上,都需要配置rndc.conf,且rndc-key要和DNS服务器上的key一致 /etc/rndc.conf key "rndc-key" { algorithm hmac-md5; secret "MFM4AocpN0lcoL4fN2lA6Q=="; }; options { default-key "rndc-key"; default-server 10.4.7.11; default-port 953; }; 使用rndc命令远程管理DNS 查询DNS服务状态(可以取值做监控) #rndc status version: 9.9.4-RedHat-9.9.4-73.el7_6 <id:8f9657aa> CPUs found: 2 worker threads: 2 UDP listeners per interface: 2 number of zones: 105 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running
标签:named,rndc,key,default,953,配置,conf,安装 From: https://www.cnblogs.com/k8s-pod/p/17750952.html