BIND 관리를 위한 RNDC 설정

BIND 관리를 위한 RNDC 설정_v201704

RNDC (Remote Name Daemon Control)는 BIND (Berkeley Internet Name Domain)의 관리 도구로, 원격에서 BIND 서버를 제어하고 구성 변경을 수행하는 데 사용됩니다.

 

1. rndc.conf 파일 및 키 생성

rndc-confgen > /etc/rndc.conf

$ rndc-confgen > /etc/rndc.conf
...
# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "VHwE0YVJvw+4EY7SFimblg==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "VHwE0YVJvw+4EY7SFimblg==";
# };
#
# controls {
#       inet 127.0.0.1 port 953
#               allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

 

2. named.conf 파일 수정

***생성된 rndc.conf 파일에서 주석 부분을 복사하여 named.conf 파일에 붙어 넣는다

vi /etc/named.conf

$ vi /etc/named.conf
...
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
      algorithm hmac-md5;
      secret "VHwE0YVJvw+4EY7SFimblg==";
};
#
controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf

 

3. named.conf 및 zone 파일 문법 검사

named-checkconf -z

named-checkconf -z
...
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
zone l.4wxyz.com/IN: loaded serial 2017042002

 

4. name 서버 재기동

systemctl restart named.service

 

5. rndc 명령어 실행

rndc status

$ rndc status
...
version: 9.9.4-RedHat-9.9.4-38.el7_3.3 <id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

 

6. 원격지 서버 관리

rndc -s 192.168.56.102 reload

rndc 명령어

$ rndc
Usage: rndc [-b address] [-c config] [-s server] [-p port]
        [-k key-file ] [-y key] [-V] command

command is one of the following:

  reload        Reload configuration file and zones.
  reload zone [class [view]]
                Reload a single zone.
  refresh zone [class [view]]
                Schedule immediate maintenance for a zone.
  retransfer zone [class [view]]
                Retransfer a single zone without checking serial number.
  freeze        Suspend updates to all dynamic zones.
  freeze zone [class [view]]
                Suspend updates to a dynamic zone.
  notify zone [class [view]]
                Resend NOTIFY messages for the zone.
  reconfig      Reload configuration file and new zones only.
  stats         Write server statistics to the statistics file.
  querylog newstate
                Enable / disable query logging.
  dumpdb [-all|-cache|-zones] [view ...]
                Dump cache(s) to the dump file (named_dump.db).
  notrace       Set debugging level to 0.
  flush         Flushes all of the server's caches.
  flush [view]  Flushes the server's cache for a view.
  flushname name [view]
                Flush the given name from the server's cache(s)
  flushtree name [view]
                Flush all names under the given name from the server's cache(s)
  status        Display status of the server.
  recursing     Dump the queries that are currently recursing (named.recursing)
  scan          Scan available network interfaces for changes.

* == not yet implemented