rndc: 远程控制DNS服务器
[root@localhost ~]# vim random
服务器上没有random产生器,手动伪造一个文件代替/dev/random的功能新建一个 random 文件随即输入一串数字,记得要长
vim random
asdkfjalsjdflajsldfjlasjdflajsldfjalsjdflajslfjalsjflasjfl
[root@localhost ~]# rndc-confgen > /etc/rndc.conf
[root@localhost ~]# rndc-confgen -r random > /etc/rndc.conf 生成密码串
[root@localhost ~]# cat /etc/rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "SnK8Ph1zCAnnykZ07qt+TQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
把底下这些放到named.conf里去去掉#
# key "rndc-key" {
# algorithm hmac-md5;
# secret "SnK8Ph1zCAnnykZ07qt+TQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
-------------------------------------------------
# End of named.conf
------------------------------------------------
[root@localhost ~]# rndc -c /etc/rndc.conf status 查看状态
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 19
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@localhost ~]# rndc -c /etc/rndc.conf notify "mylinux.com"
zone notify queued
[root@localhost ~]# rndc -c /etc/rndc.conf notify "mylinux.com"
zone notify queued
[root@localhost ~]# tail /var/log/messages 手动通知区域
Jul 3 09:10:34 localhost named[1811]: command channel listening on 127.0.0.1#953
Jul 3 09:10:34 localhost named[1811]: zone 10.168.192.in-addr.arpa/IN: loaded serial 20170708
Jul 3 09:10:34 localhost named[1811]: zone mylinux.com/IN: loaded serial 20170708
Jul 3 09:10:34 localhost named[1811]: zone localhost/IN: loaded serial 0
Jul 3 09:10:34 localhost named[1811]: managed-keys-zone ./IN: loaded serial 0
Jul 3 09:10:34 localhost named[1811]: running
Jul 3 09:10:34 localhost named[1811]: zone 10.168.192.in-addr.arpa/IN: sending notifies (serial 20170708)
Jul 3 09:10:34 localhost named[1811]: zone mylinux.com/IN: sending notifies (serial 20170708)
Jul 3 09:13:44 localhost named[1811]: received control channel command ‘notify mylinux.com‘
Jul 3 09:13:44 localhost named[1811]: zone mylinux.com/IN: sending notifies (serial 20170708) #手动通知区域
[root@localhost ~]# rndc -c /etc/rndc.conf flush
[root@localhost ~]# rndc -c /etc/rndc.conf stop
[root@localhost ~]# netstat -tunlp |grep 53
[root@localhost ~]#
[root@localhost ~]# service named start
Starting named: [ OK ]
[root@localhost ~]# rndc stop 也可以不指-c
[root@localhost ~]# netstat -tunlp |grep 53
[root@localhost ~]#
----------------------------------------------------
控制远程主机 named.conf 里的监听地址改改为目标主机的地址
# key "rndc-key" {
# algorithm hmac-md5;
# secret "SnK8Ph1zCAnnykZ07qt+TQ==";
# };
#
# controls {
# inet 192.168.10.2 port 953 #监听地址
# allow { 192.168.10.3; } keys { "rndc-key"; }; #由谁来控制
# };
-----------------------------------------------------------------
scp root@192.168.10.2:/etc/rndc.conf /root 把远程主机的秘钥复制过来,不要放到etc下容易覆盖别人的文件
vim /root/rndc.conf
改为
options {
default-key "rndc-key";
default-server 192.168.10.2; 目标主机的地址
default-port 953;
};
[root@localhost ~]# rndc -c rdnc.conf status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 19
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
------------------------------------
本文出自 “linux运维” 博客,谢绝转载!
原文地址:http://coolcl.blog.51cto.com/4514424/1812855
