首先两个BIND DNS服务器要正常运行。
主DNS服务器IP:192.168.1.100
客户机DNS服务器IP:192.168.1.101
1 主DNS端配置:
cd /etc/
生成rndc.conf文件
rndc-confgen > rndc.conf
查看文件
cat rndc.conf
# Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "VcL5wC2GHCzCU7ju+ajC1Q=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf # Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5; # secret "VcL5wC2GHCzCU7ju+ajC1Q=="; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf
vim named.conf
将下面这些添加到named.conf末尾
//支持远程rndc控制 key "rndc-key" { algorithm hmac-md5; secret "VcL5wC2GHCzCU7ju+ajC1Q=="; }; //inet: 如果只允许本地使用rndc控制把*换为127.0.0.1 //allow: 允许通过rndc管理此DNS的IP、KEY,这里设置为客户端IP controls { inet * port 953 allow { localhost; 192.168.1.101; } keys { "rndc-key"; }; };
删除rndc.key
rm rndc.key -f
重启BIND
service named restart
2 客户端配置
cd /etc/
生成rndc.conf文件
rndc-confgen > rndc.conf
编辑文件,修改secret为主DNS服务器配置中的值
vim rndc.conf
# Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "VcL5wC2GHCzCU7ju+ajC1Q=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf # Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5; # secret "VcL5wC2GHCzCU7ju+ajC1Q=="; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf
vim named.conf
将下面这些添加到named.conf末尾,注意:secret的值要和主服务器中的secret值相同
//支持远程rndc控制 key "rndc-key" { algorithm hmac-md5; secret "VcL5wC2GHCzCU7ju+ajC1Q=="; }; //inet: 如果只允许本地使用rndc控制把*换为127.0.0.1 //allow: 允许通过rndc管理此DNS的IP、KEY,这里设置为主DNS服务器IP controls { inet * port 953 allow { localhost; 192.168.1.100; } keys { "rndc-key"; }; };
删除rndc.key
rm rndc.key -f
重启BIND
service named restart