[RHEL5企业级Linux服务攻略]--rndc
来源:百度文库 编辑:神马文学网 时间:2024/04/30 06:29:11
.13 rndc
通常操作系统通过中断信号来控制named进程,如使用-HUP来使named重新读入配置文件的信息等。而rndc是BIND软件引进的远程控制通道,代替操作系统信号来控制named进程。
1)修改named.conf
为了使DNS服务器支持rndc,首先是需要在named.conf添加用于控制DNS服务器的controls字段
controls { inet 127.0.0.1 allow { localhost; } keys { ; }; }; 因为/etc/named.conf主配置文件是默认通用的, 我们最好用设置key关键字一个单独的文件只能由root读取,同时使用include关键字指定此文件位置,比如:
include "/etc/rndc.key";
(1)设置服务器地址以及可以管理的主机名,如果DNS服务器本地管理,地址填写127.0.0.1,主机名为localhost
(2)配置管理该域名服务器使用的密钥名称,客户端只有与之匹配才可以利用rndc进行相关管理。
(3)为了保证密钥信息的安全,将密钥数据存储在/etc/rndc.key文件中。
2)建立rndc.key
named.conf中添加了密钥test,现在可以通过dnssec-keygen生成密钥信息,并建立rndc.key文件。
dnssec-keygen -a hmac-md5 -b -n HOST
keys关键字告诉named监听环回地址127.0.0.1的缺省TCP953端口,如果提交匹配的key密钥名称则允许本机执行rndc命令。
key " " { algorithm hmac-md5; secret " "; }; 修改/etc/rndc.key
3)客户机建立rndc.conf
服务器端配置完毕后,客户端还需要将密钥信息复制到本地并将该信息添加到/etc/rndc.conf才可以执行rndc进行日常的管理。
(4)测试
[root@rhel5 ~]# rndc
Usage: rndc [-c config] [-s server] [-p port]
[-k key-file ] [-y key] [-V] command
command is .e of the following:
reload Reload configuration file and zones.
reload zone [class [view]]
Reload a single zone.
refresh zone [class [view]]
Schedule immediate maintenance for a zone.
retransfer zone [class [view]]
Retransfer a single zone without checking serial number.
freeze zone [class [view]]
Suspend updates to a dynamic zone.
thaw zone [class [view]]
Enable updates to a frozen dynamic zone and reload it.
reconfig Reload configuration file and new zones .ly.
stats Write server statistics to the statistics file.
querylog Toggle query logging.
dumpdb [-all|-cache|-zones] [view ...]
Dump cache(s) to the dump file (named_dump.db).
stop Save pending updates to master files and stop the server.
stop -p Save pending updates to master files and stop the server
reporting process id.
halt Stop the server without saving pending updates.
halt -p Stop the server without saving pending updates reporting process id.
trace Increment debugging level by .e.
trace level Change the debugging level.
notrace Set debugging level to 0.
flush Flushes all of the server's caches.
flush [view] Flushes the server's cache for a view.
flushname name [view]
Flush the given name from the server's cache(s)
status Display status of the server.
recursing Dump the queries that are currently recursing (named.recursing)
*restart Restart the server.
* == not yet implemented
Version: 9.3.3rc2
[root@rhel5 ~]#
通常操作系统通过中断信号来控制named进程,如使用-HUP来使named重新读入配置文件的信息等。而rndc是BIND软件引进的远程控制通道,代替操作系统信号来控制named进程。
1)修改named.conf
为了使DNS服务器支持rndc,首先是需要在named.conf添加用于控制DNS服务器的controls字段
controls { inet 127.0.0.1 allow { localhost; } keys {
include "/etc/rndc.key";
(1)设置服务器地址以及可以管理的主机名,如果DNS服务器本地管理,地址填写127.0.0.1,主机名为localhost
(2)配置管理该域名服务器使用的密钥名称,客户端只有与之匹配才可以利用rndc进行相关管理。
(3)为了保证密钥信息的安全,将密钥数据存储在/etc/rndc.key文件中。
2)建立rndc.key
named.conf中添加了密钥test,现在可以通过dnssec-keygen生成密钥信息,并建立rndc.key文件。
dnssec-keygen -a hmac-md5 -b
keys关键字告诉named监听环回地址127.0.0.1的缺省TCP953端口,如果提交匹配的key密钥名称则允许本机执行rndc命令。
key "
3)客户机建立rndc.conf
服务器端配置完毕后,客户端还需要将密钥信息复制到本地并将该信息添加到/etc/rndc.conf才可以执行rndc进行日常的管理。
(4)测试
[root@rhel5 ~]# rndc
Usage: rndc [-c config] [-s server] [-p port]
[-k key-file ] [-y key] [-V] command
command is .e of the following:
reload Reload configuration file and zones.
reload zone [class [view]]
Reload a single zone.
refresh zone [class [view]]
Schedule immediate maintenance for a zone.
retransfer zone [class [view]]
Retransfer a single zone without checking serial number.
freeze zone [class [view]]
Suspend updates to a dynamic zone.
thaw zone [class [view]]
Enable updates to a frozen dynamic zone and reload it.
reconfig Reload configuration file and new zones .ly.
stats Write server statistics to the statistics file.
querylog Toggle query logging.
dumpdb [-all|-cache|-zones] [view ...]
Dump cache(s) to the dump file (named_dump.db).
stop Save pending updates to master files and stop the server.
stop -p Save pending updates to master files and stop the server
reporting process id.
halt Stop the server without saving pending updates.
halt -p Stop the server without saving pending updates reporting process id.
trace Increment debugging level by .e.
trace level Change the debugging level.
notrace Set debugging level to 0.
flush Flushes all of the server's caches.
flush [view] Flushes the server's cache for a view.
flushname name [view]
Flush the given name from the server's cache(s)
status Display status of the server.
recursing Dump the queries that are currently recursing (named.recursing)
*restart Restart the server.
* == not yet implemented
Version: 9.3.3rc2
[root@rhel5 ~]#
[RHEL5企业级Linux服务攻略]--rndc
[RHEL5企业级Linux服务攻略]--第1季 Linux服务器的搭建与测试 - 王乾D...
RHEL5 DNS 配置 - linux - boypicc
linux 重启服务
企业级硬盘卖750!小测希捷酷睿ES 320G-Linux伊甸园----Linux|Uni...
在RHEL5下创建自己的yum repository - ruby-linux-shell...
Windows 服务全攻略
Linux下配置DNS服务
Linux下配置DNS服务
Linux ftp服务启动方法
企业级Linux市场:从三分天下,到二虎竞食 - CSDN 云计算频道
RHEL5 - Samba
SOA实践:构建基于Java Web服务和BPEL的企业级应用
用RHEL5.0自带的bind配置DNS服务(页 1) - DNS服务器 - ChinaUnix.net - Powered by Discuz! Archiver
[配置]Linux下配置DNS服务
Linux启动及控制服务进程
[配置]Linux下配置DNS服务
linux 关于服务的自动启动
自动生成Linux下Makefile全攻略
自动生成Linux下Makefile全攻略
Linux syslog日志服务器架设攻略
2000/2003终端服务授权激活攻略
RHEL5.4安装ORACLE10g
RHEL5挂载NTFS分区