변군이글루

[네임서버] BIND 관리를 위한 RNDC 설정_v201704 본문

임___네임서버

[네임서버] BIND 관리를 위한 RNDC 설정_v201704

변군 변군이글루 2017.04.21 14:45

[BIND] BIND 관리를 위한 RNDC 설정_v201704

 

1. rndc.conf 파일 및 키 생성
# rndc-confgen > /etc/rndc.conf
---Output
# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "VHwE0YVJvw+4EY7SFimblg==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "VHwE0YVJvw+4EY7SFimblg==";
# };
#
# controls {
#       inet 127.0.0.1 port 953
#               allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
---

 

2. named.conf 파일 수정
***생성된 rndc.conf 파일에서 주석 부분을 복사하여 named.conf 파일에 붙어 넣는다
# vi /etc/named.conf
-----
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
      algorithm hmac-md5;
      secret "VHwE0YVJvw+4EY7SFimblg==";
};
#
controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
-----

 

3. named.conf 및 zone 파일 문법 검사
# named-checkconf -z
---Output
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
zone l.4wxyz.com/IN: loaded serial 2017042002
---

 

4. name 서버 재기동
# systemctl restart named.service

 

5. rndc 명령어 실행
# rndc status
---Output
version: 9.9.4-RedHat-9.9.4-38.el7_3.3 <id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
---

 

6. 원격지 서버 관리
# rndc -s 192.168.56.102 reload

 

rndc 명령어
# rndc
Usage: rndc [-b address] [-c config] [-s server] [-p port]
        [-k key-file ] [-y key] [-V] command

command is one of the following:

  reload        Reload configuration file and zones.
  reload zone [class [view]]
                Reload a single zone.
  refresh zone [class [view]]
                Schedule immediate maintenance for a zone.
  retransfer zone [class [view]]
                Retransfer a single zone without checking serial number.
  freeze        Suspend updates to all dynamic zones.
  freeze zone [class [view]]
                Suspend updates to a dynamic zone.
  notify zone [class [view]]
                Resend NOTIFY messages for the zone.
  reconfig      Reload configuration file and new zones only.
  stats         Write server statistics to the statistics file.
  querylog newstate
                Enable / disable query logging.
  dumpdb [-all|-cache|-zones] [view ...]
                Dump cache(s) to the dump file (named_dump.db).
  notrace       Set debugging level to 0.
  flush         Flushes all of the server's caches.
  flush [view]  Flushes the server's cache for a view.
  flushname name [view]
                Flush the given name from the server's cache(s)
  flushtree name [view]
                Flush all names under the given name from the server's cache(s)
  status        Display status of the server.
  recursing     Dump the queries that are currently recursing (named.recursing)
  scan          Scan available network interfaces for changes.

* == not yet implemented


0 Comments
댓글쓰기 폼