红帽全球峰会3.2. 配置 BIND
1.写入 /etc/rndc.key :
# rndc-confgen -a
2.在 选项前添加以下内容
# sed -i '/^options.*/i \
include "/etc/rndc.key"; \
controls { \
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; \
};' /etc/named.conf3.删除几个现有选项,稍后您要重写:
# sed -i '/allow-query.*/d' /etc/named.conf # sed -i '/recursion.*/d' /etc/named.conf
4.在选项后添加以下内容:
# sed -i '/^options.*/a \
allow-new-zones yes; \
allow-query { any; }; \
recursion no;' /etc/named.conf5.创建 rndc 配置。对于 Compute 节点,rndc 配置必须指向 DNS 服务器。例如:
# cat << EOF > /etc/rndc.conf
include "/etc/rndc.key";
options {
default-key "rndc-key";
default-server 192.168.100.20;
default-port 953;
};
EOF6.查看 指定的配置 :
# named-checkconf /etc/named.conf
7.更正文件权限:
# setsebool -P named_write_master_zones on # chmod g+w /var/named # chown named:named /etc/rndc.conf # chown named:named /etc/rndc.key # chmod 600 /etc/rndc.key
8.启用并启动 named 服务:
# systemctl enable named # systemctl start named
9.验证 named 和 rndc:
# dig @localhost localhost # rndc status
