三、rndc远程控制服务器
1、在被管理的服务器上生成密钥
# cd /var/named/chroot/etc
# rndc-confgen -a -b 128 -k mrndc-key -c mrndc.key -s 172.16.0.254 \主服务器上运行
# cat mrndc.key
key "mrndc-key" {
algorithm hmac-md5;
secret "zL1WPhVyoDaiDVh5/2XDuQ==";
};
controls {
inet 172.16.10.222 port 953 allow { 172.16.0.254; } keys { "mrndc-key"; };
};
# chown named:named /var/named/chroot/etc/mrndc.key
# vim /etc/named.conf
include "/etc/mrndc.key";
# rndc-confgen -a -b 128 -k srndc-key -c srndc.key -s 172.16.0.254 \从服务器上运行
2、在控制服务器上进行配置
# vim /etc/rndc.conf
key "mrndc-key" {
algorithm hmac-md5;
secret "zL1WPhVyoDaiDVh5/2XDuQ==";
};
key "srndc-key" {
algorithm hmac-md5;
secret "MJqtxmTI9LQbmdn9R7DHtg==";
};
options {
default-key "mrndc-key";
default-server 172.16.10.222;
default-port 953;
};
server 172.16.10.222 {
key "mrndc-key";
};
server 172.16.10.223 {
key "srndc-key";
};
四、dns的日志配置
# vim /etc/named.conf
logging {
channel mydns_log {
file "/var/log/mydns.log" versions 5 size 40m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category queries {
mydns_log;
};
category dnssec {
mydns_log;
};
category notify {
mydns_log;
};
category xfer-out {
mydns_log;
};
category network {
mydns_log;
};
category default {
mydns_log;
};
};