linux基本服務系列之智慧DNS(三)
前言
上一期講了利用bind+mysql的結合,打造一個數據庫管理的一個DNS系統,從而能減少運維的維護量;這期再講講增加dns遠端管理的功能和外部解析能力,可以進一步舒服的維護DNS系統。
rndc遠端控制服務
1、在被管理的伺服器上生成金鑰
# cd /var/named/chroot/etc
# rndc-confgen -a -b 128 -k mrndc-key -c mrndc.key -s 172.16.0.254 \\主伺服器上執行
# cat mrndc.key
key "mrndc-key" {
algorithm hmac-md5;
secret "zL1WPhVyoDaiDVh5/2XDuQ==";
};
controls {
inet 172.16.10.222 port 953 allow { 172.16.0.254; } keys { "mrndc-key"; };
};
# chown named:named /var/named/chroot/etc/mrndc.key
# vim /etc/named.conf
include "/etc/mrndc.key";
# rndc-confgen -a -b 128 -k srndc-key -c srndc.key -s 172.16.0.254\\從伺服器上執行
2、在控制伺服器上進行配置
# vim /etc/rndc.conf
key "mrndc-key" {
algorithm hmac-md5;
secret "zL1WPhVyoDaiDVh5/2XDuQ==";
};
key "srndc-key" {
algorithm hmac-md5;
secret "MJqtxmTI9LQbmdn9R7DHtg==";
};
options {
default-key "mrndc-key";
default-server 172.16.10.222;
default-port 953;
};
server 172.16.10.222 {
key "mrndc-key";
};
server 172.16.10.223 {
key "srndc-key";
};
這樣子,你就可以輕鬆在控制伺服器上對被管理的DNS伺服器進行關閉重啟等操作!
增加外部解析能力
產品的需求總是無窮無盡的,很多人想在這個智慧dns系統上面,加上外部解析的能力,其實很簡單,在option里加幾條簡單的語句:
options {
directory "/var/cache/bind9";
//If there is a firewall between you and nameservers you want
//to talk to, you may need to fix the firewall to allow multiple
//ports to talk. See http://www.kb.cert.org/vuls/id/800113
//If your ISP provided one or more IP addresses for stable
//nameservers, you probably want to use them as forwarders.
//Uncomment the following block, and insert the addresses replacing
//the all-0's placeholder.
//forwarders {
// 0.0.0.0;
//};
version "UnKnow";
listen-on { 127.0.0.1; 121.201.11.16; 121.201.11.17; };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
//allow-recursion { any; };
allow-query { any; };
//allow-query-cache { any; };
recursion yes;
forwarders { 114.114.114.114; };
forward first;
max-cache-ttl 604800;
};
處理完這兩個,你就能很好對dns系統進行控制了
關注睿江雲端計算,獲取更多幹貨:
http://www.eflycloud.com/#/home?from=RJ0024&salesID=XKKHRTRBK