标签:
首先两个BIND DNS服务器要正常运行。
主DNS服务器IP:192.168.1.100
客户机DNS服务器IP:192.168.1.101
1 主DNS端配置:
cd /etc/
生成rndc.conf文件
rndc-confgen > rndc.conf
查看文件
cat rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "VcL5wC2GHCzCU7ju+ajC1Q==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "VcL5wC2GHCzCU7ju+ajC1Q==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
vim named.conf
将下面这些添加到named.conf末尾
//支持远程rndc控制
key "rndc-key" {
algorithm hmac-md5;
secret "VcL5wC2GHCzCU7ju+ajC1Q==";
};
//inet: 如果只允许本地使用rndc控制把*换为127.0.0.1
//allow: 允许通过rndc管理此DNS的IP、KEY,这里设置为客户端IP
controls {
inet * port 953
allow { localhost; 192.168.1.101; } keys { "rndc-key"; };
};
删除rndc.key
rm rndc.key -f
重启BIND
service named restart
2 客户端配置
cd /etc/
生成rndc.conf文件
rndc-confgen > rndc.conf
编辑文件,修改secret为主DNS服务器配置中的值
vim rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "VcL5wC2GHCzCU7ju+ajC1Q==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "VcL5wC2GHCzCU7ju+ajC1Q==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
vim named.conf
将下面这些添加到named.conf末尾,注意:secret的值要和主服务器中的secret值相同
//支持远程rndc控制
key "rndc-key" {
algorithm hmac-md5;
secret "VcL5wC2GHCzCU7ju+ajC1Q==";
};
//inet: 如果只允许本地使用rndc控制把*换为127.0.0.1
//allow: 允许通过rndc管理此DNS的IP、KEY,这里设置为主DNS服务器IP
controls {
inet * port 953
allow { localhost; 192.168.1.100; } keys { "rndc-key"; };
};
删除rndc.key
rm rndc.key -f
重启BIND
service named restart
标签:
原文地址:http://www.cnblogs.com/etangyushan/p/4335225.html
