网络运营

linux基本服务系列之智能DNS三

前言

上一期讲了利用bind+mysql的结合,打造一个数据库管理的一个DNS系统,从而能减少运维的维护量;这期再讲讲增加dns远程管理的功能和外部解析能力,可以进一步舒服的维护DNS系统;

 

一、 rndc远程控制服务器

1、在被管理的服务器上生成密钥
# cd /var/named/chroot/etc
# rndc-confgen -a -b 128 -k mrndc-key -c mrndc.key -s 172.16.0.254 \\主服务器上运行
# cat mrndc.key
key “mrndc-key” {
algorithm hmac-md5;
secret “zL1WPhVyoDaiDVh5/2XDuQ==”;
};

controls {
inet 172.16.10.222 port 953 allow { 172.16.0.254; } keys { “mrndc-key”; };
};
# chown named:named /var/named/chroot/etc/mrndc.key
# vim /etc/named.conf
include “/etc/mrndc.key”;

# rndc-confgen -a -b 128 -k srndc-key -c srndc.key -s 172.16.0.254 \\从服务器上运行

2、在控制服务器上进行配置
# vim /etc/rndc.conf
key “mrndc-key” {
algorithm hmac-md5;
secret “zL1WPhVyoDaiDVh5/2XDuQ==”;
};

key “srndc-key” {
algorithm hmac-md5;
secret “MJqtxmTI9LQbmdn9R7DHtg==”;
};

options {
default-key “mrndc-key”;
default-server 172.16.10.222;
default-port 953;
};

server 172.16.10.222 {
key “mrndc-key”;
};

server 172.16.10.223 {
key “srndc-key”;
};

 

这样子,你就可以轻松在控制服务器上对被管理的DNS服务器进行关闭重启等操作!

二、 增加外部解析能力

产品的需求总是无穷无尽的,很多人想在这个智能dns系统上面,加上外部解析的能力,其实很简单,在option里加几条简单的语句

options {

 

directory “/var/cache/bind9”;

 

// If there is a firewall between you and nameservers you want

// to talk to, you may need to fix the firewall to allow multiple

// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

 

// If your ISP provided one or more IP addresses for stable

// nameservers, you probably want to use them as forwarders.

// Uncomment the following block, and insert the addresses replacing

// the all-0’s placeholder.

 

// forwarders {

//      0.0.0.0;

// };

 

version “UnKnow”;

 

listen-on { 127.0.0.1; 121.201.11.16; 121.201.11.17; };

 

auth-nxdomain no;    # conform to RFC1035

listen-on-v6 { none; };

 

//allow-recursion { any; };

allow-query { any; };

//allow-query-cache { any; };

recursion yes;

forwarders { 114.114.114.114; };

forward first;

max-cache-ttl 604800;

};

 

 

 

处理完这两个,你就能很好对dns系统进行控制,DNS系统就讲到这一期,下一期讲一下linux一个挺炫的工具 !

 

 

Be the First to comment.

Leave a Comment

电子邮件地址不会被公开。 必填项已用*标注

52 views