Lab environment: RHEL6192.168.0.75 (DNS server, DHCP server) 192.168.0.36 (update DNS server records, client) iptables and selinux disabled 1. use key to update the DNS server record 75 # yuminstallbindbind-chrootbind-utils-y/etc/init. d/namedstartc
Lab environment:
RHEL6
192.168.0.75 (DNS server, DHCP server)
192.168.0.36 (update DNS server records, client)
Disable iptables and selinux
1. Use the key to update DNS server records
75 # yum install bind-chroot bind-utils-y
/Etc/init. d/named start
Chkconfig named on
Cd/var/named/chroot/etc
Dnssec-keygen-a HMAC-MD5-B 128-n HOST westos (generate key file)
-A algorithm-the size and unit of B key are bit-n westos. westos is the key name.
Generate two Kwestos. + 157 + 38674.key files in the current directory
Kwestos. + 157 + 38674. private
Vi named. rfc1912.zone
Add Domain Name
Zone "example.com" IN {
Type master;
File "example.com. zone ";
Allow-update {key westos ;}; // use key to update records
};
Vi named. conf
Key "westos "{(The template is rndc. key)
Algorithm hmac-md5; (key encryption algorithm)
Secret "84 jsahjdf/qwjeks ="; (key file key)
};
Cd ../var/named
Cp-p named. localhost example.com. zone (add the parameter-p to copy the attribute)
Modify the example.com. zone file to specify the dns server
NS example.com.
A 192.168.0.75
Chmod g + x/var/named/chroot/var/named (give named write permission)
If SELINUX is enabled, enable the named Boolean value.
Setsebool-P named_write_master_zones on
/Etc/init. d/named restart
Rndc reload
Scp/var/named/chroot/etc/Kwestos. + 157 + 38674.key 192.168.0.36:
Scp/var/named/chroot/etc/Kwestos. + 157 + 38674. private 192.168.0.36:
36 # nsupdate-k Kwestos. + 157 + 38674.key
> Server 192.168.0.75
> Zone example.com
> Update add www.example.com. 500 A 192.168.0.75
> Send/etc/init. d/named restart
Rndc reload
> Quit
Run dig www.example.com on 192.168.0.75.
If the ip address can be resolved, the operation succeeds. Otherwise, the operation fails.