bind管理工具
rndc命令
rndc:
- rndc --> rndc (953/tcp)
rndc COMMAND
- COMMAND:
reload
: 重载主配置文件和区域解析库文件reload zonename
: 重载区域解析库文件retransfer zonename
: 手动启动区域传送,而不管序列号是否增加notify zonename
: 重新对区域传送发通知reconfig
: 重载主配置文件querylog
: 开启或关闭查询日志文件/var/log/messagetrace
: 递增debug一个级别trace LEVEL
: 指定使用的级别notrace
: 将调试级别设置为 0flush
: 清空DNS服务器的所有缓存记录status
: 查看dns服务器状态stop
: 停止DNS服务showzone <zonename>
查看域名
- COMMAND:
rndc-confgen
获取key
使用
一般安装了bind就可以直接使用
但是有时也是不能直接使用的,这个时候,就需要做一些配置
例子
#先生成对应的key
$ rndc-confgen -a
wrote key file "/etc/rndc.key"
#生成rndc.conf配置文件
#一般存放在named.conf目录下
$ rndc-confgen > /etc/bind/rndc.conf
#查看
$ cat /etc/bind/rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-sha256;
secret "uCGllANupKlr+VP7hSmm0FlCAGDg+5AJKIkO2MJ7w9o=";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
#
#按照要求,将下面这部分添加到named.conf的文件中,然后重启named服务就好了
#
# key "rndc-key" {
# algorithm hmac-sha256;
# secret "uCGllANupKlr+VP7hSmm0FlCAGDg+5AJKIkO2MJ7w9o=";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
#然后修改/etc/rndc.key中的secret值
vim /etc/rndc.key
key "rndc-key" {
algorithm hmac-sha256;
#将之前生成的secret修改成conf中的
secret "uCGllANupKlr+VP7hSmm0FlCAGDg+5AJKIkO2MJ7w9o=";
};
#验证是否可用
$ rndc status
version: BIND 9.18.12-0ubuntu0.22.04.1-Ubuntu (Extended Support Version) <id:>
running on v6dns: Linux x86_64 5.15.0-71-generic #78-Ubuntu SMP Tue Apr 18 09:00:29 UTC 2023
boot time: Tue, 09 May 2023 07:55:11 GMT
last configured: Tue, 09 May 2023 07:55:11 GMT
configuration file: /etc/bind/named.conf
CPUs found: 2
worker threads: 2
UDP listeners per interface: 2
number of zones: 102 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 0/150
TCP high-water: 0
server is up and running
目前正常使用的功能
#查看自己管理的域名状态
$ rndc zonestatus test.xxx.cn
name: test.xxx.cn
type: master
files: test.xxx.cn.zone
serial: 0
nodes: 4
last loaded: Fri, 21 Apr 2023 03:35:17 GMT
secure: no
dynamic: no
reconfigurable via modzone: no
#重新加载配置
$ rndc reload
#刷新缓存
$ rndc flush
#查看dns状态
$ rndc status
version: BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 (Extended Support Version) <id:7107deb>
running on gzgl: Linux x86_64 3.10.0-1160.88.1.el7.x86_64 #1 SMP Tue Mar 7 15:41:52 UTC 2023
boot time: Tue, 09 May 2023 08:19:09 GMT
last configured: Tue, 09 May 2023 08:19:09 GMT
configuration file: /etc/named.conf
CPUs found: 8
worker threads: 8
UDP listeners per interface: 7
number of zones: 106 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 6/150
server is up and running
#停止dns
$ rndc stop
#删除域名
$ rndc delzone abcd.cn
部分无法使用的命令
#添加域名
$ rndc addzone . '{ type static-stub; server-addresses { 223.6.6.6; }; };'
rndc: 'addzone' failed: permission denied
Not allowing new zones in view '_default'
#查看域名
$ rndc showzone test.hexug.cn
rndc: 'showzone' failed: failure
说是没有权限,因为需要在 name.conf 中的 options 中添加 allow-new-zones yes;
重启服务后,就可以添加成功了
本文来自博客园,作者:厚礼蝎,转载请注明原文链接:https://www.cnblogs.com/guangdelw/p/17300872.html