说明:
rndc是BIND安装包提供的一种控制域名
服务运行的工具,DNS服务器是非常繁忙的,任何短时间的停顿都会给用户的使用带来影响,修改后的named服务
通过重新加载
rndc,不用重启就可生效
1、生成rndc.conf文件,不需要重定向到/etc/rndc.conf
[root@ns1 ~]# rndc-confgen
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "CTsGLp/e0ZiI0p8cB1R9nQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "CTsGLp/e0ZiI0p8cB1R9nQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
2、生成rndc.key文件,并修改
[root@ns1 ~]# rndc-confgen -a
wrote key file "/etc/rndc.key"
[root@ns1 ~]# vim /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "CTsGLp/e0ZiI0p8cB1R9nQ==";
};
3、直接加载rndc服务,显示
[root@ns1 ~]# rndc reload
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.
4、重新加载named服务
[root@ns1 ~]# systemctl reload named
5、重新加载rndc服务
[root@ns1 ~]# rndc reload
server reload successful
------------出错可能原因分析--------------
1、本地生成了/etc/rndc.conf文件(只需要生成key文件即可)
[root@ns1 ~]# rndc-confgen >/etc/rndc.conf
[root@ns1 ~]# chgrp named /etc/rndc.conf
2、将conf和key文件中的秘钥改为一致
3、未加载重新加载named服务
[root@ns1 ~]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
rndc: connect failed: 127.0.0.1#953: connection refused
5、重启named服务
[root@ns1 ~]# systemctl status named
【重启出错后,返现named.conf文件报错,修改后,重新正常加载
[root@ns1 ~]# named-checkconf /etc/named.conf
/etc/named.conf:17: missing ';' before '}'
】
6、重启rndc,出现在了WARNING(只需要生成key文件并将
key值和
rndc.conf保持一致就不会报错)
[root@ns1 ~]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
---------------测试效果---
修改监听端口
[root@ns1 ~]# netstat -an |grep 5301
udp 0 0 127.0.0.1:5301 0.0.0.0:*
[root@ns1 ~]# vim /etc/named.conf
[root@ns1 ~]# netstat -an |grep 53
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:426 127.0.0.1:953 TIME_WAIT
tcp6 0 0 ::1:953 :::* LISTEN
udp 0 0 127.0.0.1:5301 0.0.0.0:*
unix 2 [ ACC ] STREAM LISTENING 7953 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 13532 /run/lvm/lvmetad.socket
unix 3 [ ] STREAM CONNECTED 20053
unix 3 [ ] STREAM CONNECTED 17453
[root@ns1 ~]# rndc reload
server reload successful
[root@ns1 ~]# netstat -an |grep 53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:60766 127.0.0.1:953 TIME_WAIT
tcp6 0 0 ::1:953 :::* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
unix 2 [ ACC ] STREAM LISTENING 7953 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 13532 /run/lvm/lvmetad.socket
unix 3 [ ] STREAM CONNECTED 20053
unix 3 [ ] STREAM CONNECTED 17453
