3.2. 配置 BIND

rndc-confgen -a

# rndc-confgen -a

sed -i '/^options.*/i \
include "/etc/rndc.key"; \
controls { \
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; \
};' /etc/named.conf

# sed -i '/^options.*/i \
include "/etc/rndc.key"; \
controls { \
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; \
};' /etc/named.conf

sed -i '/allow-query.*/d' /etc/named.conf
sed -i '/recursion.*/d' /etc/named.conf

# sed -i '/allow-query.*/d' /etc/named.conf
# sed -i '/recursion.*/d' /etc/named.conf

sed -i '/^options.*/a \
        allow-new-zones yes; \
        allow-query { any; }; \
        recursion no;' /etc/named.conf

# sed -i '/^options.*/a \
        allow-new-zones yes; \
        allow-query { any; }; \
        recursion no;' /etc/named.conf

cat << EOF > /etc/rndc.conf
include "/etc/rndc.key";
options {
        default-key "rndc-key";
        default-server 192.168.100.20;
        default-port 953;
};
EOF

# cat << EOF > /etc/rndc.conf
include "/etc/rndc.key";
options {
        default-key "rndc-key";
        default-server 192.168.100.20;
        default-port 953;
};
EOF

named-checkconf /etc/named.conf

# named-checkconf /etc/named.conf

setsebool -P named_write_master_zones on
chmod g+w /var/named
chown named:named /etc/rndc.conf
chown named:named /etc/rndc.key
chmod 600 /etc/rndc.key

# setsebool -P named_write_master_zones on
# chmod g+w /var/named
# chown named:named /etc/rndc.conf
# chown named:named /etc/rndc.key
# chmod 600 /etc/rndc.key

systemctl enable named
systemctl start named

# systemctl enable named
# systemctl start named

dig @localhost localhost
rndc status

# dig @localhost localhost
# rndc status