RHEL5.4DNS server configuration details 3

Source: Internet
Author: User
Tags hmac
This section describes in detail the DNS server's rndc configuration, enabling DNS resolution logs and refreshing cache using rndc, reload the configuration file, and disabling the DNS server. Once rndc is configured, these operations can be performed on both local and remote servers. The DNS Service is currently a relatively secure service. It not only changes the owner of the process to the named user, but also runs in a chroot environment. In the future, you may need to use rndc to disable the DNS service, this may also be the trend of server design in the future. Rndc is a remote DNS server process

This section describes in detail the DNS server's rndc configuration, enabling DNS resolution logs and refreshing cache using rndc, reload the configuration file, and disabling the DNS server. Once rndc is configured, these operations can be performed on both local and remote servers. The DNS Service is currently a relatively secure service. It not only changes the owner of the process to the named user, but also runs in a chroot environment. In the future, you may need to use rndc to disable the DNS service, this may also be the trend of server design in the future. Rndc is short for remote DNS server process control. The working mechanism of rndc uses/etc/rndc. key and/etc/rndc. two configuration files, rndc. the key file is the lock header, although its name is key; rndc. conf is to enable rndc. the corresponding key of the key lock header. These two files can be generated using the rndc-confgen command, which uses the symmetric encryption algorithm. The following shows the configuration, in the demo, server is used to control the DNS server on the client side. the control side of rndc can also be not a dns server...

1. Configure rndc on client 127.0.0.1

[Root @ client ~] # Rndc-confgen | grep-v '^ #' // use the rndc-confgen command to generate rndc. key and rndc. conf
Key "rndckey "{
Algorithm hmac-md5;
Secret "q2yvOY2JiyUU2aV4qahzAw = ";
};

Options {
Default-key "rndckey ";
Default-client 127.0.0.1;
Default-port 953;
};

[Root @ client ~] # Rm-rf/etc/rndc. key // Delete the default rndc. key File
[Root @ client ~] # Cd/var/named/chroot/etc/
[Root @ client etc] # cat rndc. key // write the content in the previous "key" section generated by the rndc-confgen command to the rndc. key File.
Key "rndckey "{
Algorithm hmac-md5;
Secret "q2yvOY2JiyUU2aV4qahzAw = ";
};

[Root @ client etc] # chown named. named rndc. key // modify the file owner to named
[Root @ client etc] # ln-s/var/named/chroot/etc/rndc. key/etc // link to the/etc directory
[Root @ client etc] # cat/etc/rndc. conf // write all the content generated by the previous rndc-confgen command to the rndc. key File.
Key "rndckey "{
Algorithm hmac-md5;
Secret "q2yvOY2JiyUU2aV4qahzAw = ";
};

Options {
Default-key "rndckey ";
Default-client 127.0.0.1;
Default-port 953;
};

[Root @ client etc] # chown named. named/etc/rndc. conf // modify the file owner to named
[Root @ client etc] # cat/etc/named. conf
Options {
Listen-on port 53 {192.168.100.20 ;};
Directory "/var/named ";

Allow-query {any ;};
Allow-transfer {192.168.100.254 ;};
};

};
Include "/etc/named. rfc1912.zones ";
Include "/etc/rndc. key"; // contains the previously defined lock header file

Controls {
Inet 127.0.0.1 port 953 allow {127.0.0.1;} keys {"rndckey" ;}; // allow the local loopback interface to use the rndckey in the/etc/rndc. conf file

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.