您当前的位置： 首页 > 学无止境 > 心得笔记 网站首页心得笔记

主服务器rndc授权外网管理

发布时间：2018-12-15 10:38:06编辑：雪饮阅读（）

主服务器配置：

[root@localhost named]# cat /etc/named.conf

options {

         directory "/var/named";

         allow-recursion { 192.168.0.0/16; };

         notify yes;

};

zone "." IN {

         type hint;

         file "named.ca";

};

zone "localhost" IN {

         type master;

         file "named.localhost";

         allow-transfer { none; };

};

zone "0.0.127.in-addr.arpa" IN {

         type master;

         file "named.loopback";

         allow-transfer { none; };

};

zone "mageedu.com" IN {

         type master;

         file "mageedu.com.zone";

         allow-transfer { 192.168.43.2; };

};

zone "43.168.192.in-addr.arpa" IN {

         type master;

         file "192.168.43.zone";

         allow-transfer { 192.168.43.2; };

};

key "rndc-key" {

         algorithm hmac-md5;

         secret "ecrRioP0CgRKUhRWEun3EA==";

};

 

controls {

         inet 192.168.43.165 port 953

                   allow { 192.168.43.2; } keys { "rndc-key"; };

};

[root@localhost named]# service named restart

Stopping named:                                            [  OK  ]

Starting named:                                            [  OK  ]

第一处标记是该主服务器可以被从服务器(你所要授权的外网管理的主机可以访问的该主服务器的地址)，第二处标记是你所允许来管理你这台主服务器的客户端的ip，在这里即从服务器的ip

然后拷贝主服务器中的rndc配置文件给从服务器

[root@localhost named]# scp /etc/rndc.conf 192.168.43.2:/root/

The authenticity of host '192.168.43.2 (192.168.43.2)' can't be established.

RSA key fingerprint is d6:41:6d:a8:e8:f5:ed:ff:2f:eb:21:f1:08:e2:07:25.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.43.2' (RSA) to the list of known hosts.

rndc.conf                                                          100%  479     0.5KB/s   00:00   

[root@localhost named]#

从服务器配置：

[root@localhost ~]# cat rndc.conf

# Start of rndc.conf

key "rndc-key" {

         algorithm hmac-md5;

         secret "ecrRioP0CgRKUhRWEun3EA==";

};

 

options {

         default-key "rndc-key";

         default-server 192.168.43.165;

         default-port 953;

};

# End of rndc.conf

 

# Use with the following in named.conf, adjusting the allow list as needed:

# key "rndc-key" {

#      algorithm hmac-md5;

#      secret "ecrRioP0CgRKUhRWEun3EA==";

# };

#

# controls {

#      inet 127.0.0.1 port 953

#               allow { 127.0.0.1; } keys { "rndc-key"; };

# };

# End of named.conf

标记处为主服务器的地址

从服务器通过外网使用rndc测试

[root@localhost ~]# rndc -c rndc.conf status

version: 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4

CPUs found: 1

worker threads: 1

number of zones: 16

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running