RNDC: Remote Control DNS Server

RNDC: Remote Control DNS Server

[[email protected] ~]# vim random

There is no random generator on the server, manually forge a file instead of the/dev/random function create a new random file and enter a string of numbers, remember to long

Vim Random

Asdkfjalsjdflajsldfjlasjdflajsldfjalsjdflajslfjalsjflasjfl

[Email protected] ~]# Rndc-confgen >/etc/rndc.conf

[[email protected] ~]# rndc-confgen-r random >/etc/rndc.conf Generate password string

[Email protected] ~]# cat/etc/rndc.conf

# Start of Rndc.conf

Key "Rndc-key" {

Algorithm HMAC-MD5;

Secret "snk8ph1zcannykz07qt+tq==";

};

Options {

Default-key "Rndc-key";

Default-server 127.0.0.1;

Default-port 953;

};

# End of Rndc.conf

# Use with the following in named.conf, adjusting the Allow list as needed:

Put the bottom in the named.conf and get rid of it.

# key "Rndc-key" {

# algorithm hmac-md5;

# Secret "snk8ph1zcannykz07qt+tq==";

# };

#

# controls {

# inet 127.0.0.1 Port 953

# allow {127.0.0.1;} keys {"Rndc-key";};

# };

-------------------------------------------------

# End of named.conf

------------------------------------------------

[[email protected] ~]# rndc-c/etc/rndc.conf Status View state

Version:9.8.2rc1-redhat-9.8.2-0.30.rc1.el6

CPUs found:1

Worker Threads:1

Number of zones:19

Debug level:0

Xfers running:0

Xfers deferred:0

SOA queries in progress:0

Query logging is OFF

Recursive clients:0/0/1000

TCP clients:0/100

Server is up and running

[Email protected] ~]# rndc-c/etc/rndc.conf notify "mylinux.com"

Zone Notify queued

[Email protected] ~]# rndc-c/etc/rndc.conf notify "mylinux.com"

Zone Notify queued

[[email protected] ~]# tail/var/log/messages manual notification area

Jul 3 09:10:34 localhost named[1811]: command channel listening on 127.0.0.1#953

Jul 3 09:10:34 localhost named[1811]: zone 10.168.192.in-addr.arpa/in:loaded serial 20170708

Jul 3 09:10:34 localhost named[1811]: zone mylinux.com/in:loaded serial 20170708

Jul 3 09:10:34 localhost named[1811]: zone localhost/in:loaded serial 0

Jul 3 09:10:34 localhost named[1811]: managed-keys-zone./in:loaded Serial 0

Jul 3 09:10:34 localhost named[1811]: Running

Jul 3 09:10:34 localhost named[1811]: Zone 10.168.192.in-addr.arpa/in:sending notifies (serial 20170708)

Jul 3 09:10:34 localhost named[1811]: Zone mylinux.com/in:sending notifies (serial 20170708)

Jul 3 09:13:44 localhost named[1811]: Received control channel Command ' Notify Mylinux.com '

Jul 3 09:13:44 localhost named[1811]: Zone mylinux.com/in:sending notifies (serial 20170708) #手动通知区域

[Email protected] ~]# rndc-c/etc/rndc.conf Flush

[[email protected] ~]# rndc-c/etc/rndc.conf stop

[Email protected] ~]# NETSTAT-TUNLP |grep 53

[Email protected] ~]#

[[Email protected] ~]# service named start

Starting named: [OK]

[[email protected] ~]# RNDC Stop can also not refer to-C

[Email protected] ~]# NETSTAT-TUNLP |grep 53

[Email protected] ~]#

----------------------------------------------------

Control the remote host named.conf the address of the target host to change the listening address

# key "Rndc-key" {

# algorithm hmac-md5;

# Secret "snk8ph1zcannykz07qt+tq==";

# };

#

# controls {

# inet 192.168.10.2 Port 953 #监听地址

# allow {192.168.10.3;} keys {"Rndc-key";}; #由谁来控制

# };

-----------------------------------------------------------------

SCP [email protected]:/etc/rndc.conf/root to copy the key of the remote host, do not put it under etc easy to overwrite others ' files.

Vim/root/rndc.conf

Switch

Options {

Default-key "Rndc-key";

Default-server 192.168.10.2; Address of destination Host

Default-port 953;

};

[Email protected] ~]# rndc-c rdnc.conf Status

Version:9.8.2rc1-redhat-9.8.2-0.30.rc1.el6

CPUs found:1

Worker Threads:1

Number of zones:19

Debug level:0

Xfers running:0

Xfers deferred:0

SOA queries in progress:0

Query logging is OFF

Recursive clients:0/0/1000

TCP clients:0/100

Server is up and running

------------------------------------

This article from "Linux operation and Maintenance" blog, declined reprint!

RNDC: Remote Control DNS Server