Shulou(Shulou.com)06/01 Report--

This article is about how bind uses rndc. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Rndc is a tool provided by the BIND installation package to control the operation of the domain name service. It can run on other computers, connect with the DNS server through the network, and then remotely control the named process according to the instructions of the administrator. At this time, the administrator does not need the root user rights of the DNS server.

Using rndc, you can update the data without stopping the DNS server to make the modified configuration file effective. In practice, the DNS server is very busy, and any short pause will have an impact on users' usage. Therefore, the use of rndc tools can make the DNS server better provide services to users.

When rndc connects to the DNS server, it needs to be authenticated by a digital certificate instead of the traditional user name / password. In the current version, both rndc and named support only the HMAC-MD5 authentication algorithm, using a shared key on both sides of the communication. When rndc sends commands in the connection channel, it must be encrypted with a key approved by the server. In order to generate a mutually agreed key, you can use the rndc-confgen command to generate the key and the corresponding configuration, and then put these configurations into the configuration files rndc.conf of named.conf and rndc, respectively, as shown in the following steps.

(1) execute the rndc-confgen command to get the key and the corresponding configuration.

# rndc-confgen

# Start of rndc.conf

Key "rndckey" {

Algorithm hmac-md5

Secret "TKuaJSEo58zohJBfrdF7dQ=="

}

Options {

Default-key "rndckey"

Default-server 127.0.0.1

Default-port 953

}

# End of rndc.conf

# Use with the following in named.conf

Adjusting the allow list as needed:

# key "rndckey" {

# algorithm hmac-md5

# secret "TKuaJSEo58zohJBfrdF7dQ=="

#}

#

# controls {

# inet 127.0.0.1 port 953

# allow {127.0.0.1;} keys {"rndckey";}

#}

# End of named.conf

(2) create a rndc.conf file in the / etc directory and enter the uncommented contents of the above output as prompted.

# vi / etc/rndc.conf key "rndckey" {algorithm hmac-md5; secret "TKuaJSEo58zohJBfrdF7dQ==";}; options {default-key "rndckey"; default-server 127.0.0.1; default-port 953;}

(3) when prompted, put the following after the original / etc/named.conf file.

Key "rndckey" {algorithm hmac-md5; secret "TKuaJSEo58zohJBfrdF7dQ==";}; controls {inet 127.0.0.1 port 953 allow {127.0.0.1;} keys {"rndckey";};}

(4) after restarting the named process, you can use the rndc tool to control the named. For example, the following command causes named to reload configuration files and zone files.

# rndc reload server reload successful #

In addition, all commands and help information supported by rndc can be displayed through the rndc command with no parameters.

[root@localhost named] # rndc Usage: rndc [- c config] [- s server] [- p port] [- k key-file] [- y key] [- V] command command is one of the following: reload Reload configuration file and zones. Reload zone [class [view]]... Status Display status of the server. Recursing Dump the queries that are currently recursing (named.recursing) * restart Restart the server. * = = not yet implemented Version: 9.3.3rc2

As you can see, rndc provides a wealth of commands that allow administrators to do most of the DNS server administration without restarting the named process.

Note: after the rndc command, you can connect to the remote DNS server with the "- s" and "- p" options to manage the remote DNS server, but the keys of the two sides must be the same in order to connect normally.

Thank you for reading! This is the end of this article on "how bind uses rndc". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.