* rndc는 네임서버 외부 및 내부에서 원격으로 관리가능한 도구이다.
1) 키생성
|
./rndc-confgen > /etc/rndc.conf
# Start of rndc.conf
key “rndc-key” {
algorithm hmac-md5;
secret “597mv7NU7YxzHaMGVAsv4w==”;
};
options {
default-key “rndc-key”;
default-server 127.0.0.1;
default-port 953;
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key “rndc-key” {
# algorithm hmac-md5;
# secret “597mv7NU7YxzHaMGVAsv4w==”;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { “rndc-key”; };
# };
# End of named.conf
|
2) 적용
|
named.conf에 아래 주석부분을 입력해준다
key “rndc-key” {
algorithm hmac-md5;
secret “597mv7NU7YxzHaMGVAsv4w==”;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { “rndc-key”; };
|
3) 확인 및 사용
|
[root@NS1 sbin]# ./rndc status
version: BIND 9.10.3 <id:2799933>
boot time: Wed, 25 Nov 2015 08:11:20 GMT
last configured: Wed, 25 Nov 2015 08:11:20 GMT
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
nsupdate 이후에 jnl파일에 있는 내용을 존파일에 바로 넣기
[root@NS1 sbin]# nsupdate
> server 10.0.0.11
> update add book.my-domain.re.kr. 180 IN A 10.0.0.234
> show
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
book.my-domain.re.kr. 180 IN A 10.0.0.234
> send
[root@NS1 sbin]#rndc freeze
zone파일 내부
book A 10.0.0.234
|
zone 파일에 설정한 내용이 바로 들어가 있는것을 확인 할 수 있다.
rndc unfreeze // 차후 업데이트를 위해 언프리즈시킴
