rndc的用途

rndc用途

 

rndc主要用作控制named进程及其配置文件，rndc默认实用rndc.conf来连接服务器－－服务器的配置文件中要有key和controls字段，
用法如下：

Usage: rndc [-c config] [-s server] [-p port]
        [-k key-file ] [-y key] [-V] command

command is one of the following:

  reload        Reload configuration file and zones.
  reload zone [class [view]]
                Reload a single zone.
  refresh zone [class [view]]
                Schedule immediate maintenance for a zone.
  retransfer zone [class [view]]
                Retransfer a single zone without checking serial number.
  freeze zone [class [view]]
                Suspend updates to a dynamic zone.
  thaw zone [class [view]]
                Enable updates to a frozen dynamic zone and reload it.
  reconfig      Reload configuration file and new zones only.
  stats         Write server statistics to the statistics file.
  querylog      Toggle query logging.
  dumpdb        Dump cache(s) to the dump file (named_dump.db).
  stop          Save pending updates to master files and stop the server.
  stop -p       Save pending updates to master files and stop the server
                reporting process id.
  halt          Stop the server without saving pending updates.
  halt -p       Stop the server without saving pending updates reporting
                process id.
  trace         Increment debugging level by one.
  trace level   Change the debugging level.
  notrace       Set debugging level to 0.
  flush         Flushes all of the server's caches.
  flush [view]  Flushes the server's cache for a view.
  flushname name [view]
                Flush the given name from the server's cache(s)
  status        Display status of the server.
  recursing     Dump the queries that are currently recursing (named.recursing)
  *restart      Restart the server.

* == not yet implemented
Version: 9.3.1

rndc的配置如下：

配置文件的生成

#rndc-confgen >/etc/rndcs.conf (#rndc-confgen -a 生成rndc.key)

查看内容为：注意文件名是rndcs.conf

# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "O3GzUMY5WJLFHNaYOajb7Q==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};   是rndc的配置
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "O3GzUMY5WJLFHNaYOajb7Q==";
# };
#
# controls {
#       inet 127.0.0.1 port 953
#               allow { 127.0.0.1; } keys { "rndc-key"; };
# };   这些内容拷贝到/ect/named.conf中,这样named就是rndc的一个应用了。
/etc/rndcs.conf

 

 

[root@localhost root]# ll /etc/rndc*
-rw-r-----    1 root     named        1101 Jan 26  2003 /etc/rndc.conf
-rw-r-----    1 root     root         1101 Dec 31 21:31 /etc/rndc.conf.bak
-rw-r-----    1 root     named         132 Oct 11 23:53 /etc/rndc.key
-rw-r--r--    1 root     root          479 Dec 31 21:30 /etc/rndcs.conf   /文件权限很有意思，由于这个文件可能是named进程需要读取的，注意用命令生成的文件权限，故还是改为root：named为好！！！

用netstat －nl查看953端口

tcp        0      0 192.168.100.76:53       0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:40894         0.0.0.0:*               LISTEN     
udp        0      0 0.0.0.0:32768           0.0.0.0:*                          
udp        0      0 0.0.0.0:10000           0.0.0.0:*                          
udp        0      0 0.0.0.0:161             0.0.0.0:*                          
udp        0      0 0.0.0.0:34347           0.0.0.0:*                          
udp        0      0 192.168.100.76:53       0.0.0.0:*                          
udp        0      0 127.0.0.1:53            0.0.0.0:*                          
udp        0      0 0.0.0.0:111             0.0.0.0:*                          

据查资料，这个953端口是named进程创建－－从配置文件named.conf中可以的的嵌套字。

参考资料：

----------------------------

 

 Controlling BIND

 

Windows NT/2000 uses the same rndc program as is used on Unix

systems.  The rndc.conf file must be configured for your system in

order to work. You will need to generate a key for this. To do this

use the rndc-confgen program. The program will be installed in the

same directory as named: dns/bin/.  From the DOS prompt, use the

command this way:

 

rndc-confgen -a

 

which will create a rndc.key file in the dns/etc directory. This will

allow you to run rndc without an explicit rndc.conf file or key and

control entry in named.conf file. See section 3.4.1.2 of the ARM for

details of this. An rndc.conf can also be generated by running:

//意思是说你可以不用用默认的rndc.conf配置文件来控制named服务，可以具体制定一个与服务器相配的rndc.conf文件来连接控制。

rndc-confgen > rndc.conf

 

which will create the rndc.conf file in the current directory, but not

copy it to the dns/etc directory where it needs to reside. If you create

rndc.conf this way you will need to copy the same key statement into

named.conf.

 

The additions look like the following:

//添加在named.conf中

key "rndc-key" { algorithm hmac-md5; secret "xxxxxxxxx=="; };

 

controls {

 inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };

};

 

Note that the value of the secret must come from the key generated

above for rndc and must be the same key value for both. Details of

this may be found in section 3.4.1.2 of the ARM. If you have rndc

on a Unix box you can use it to control BIND on the NT/W2K box as

well as using the Windows version of rndc to control a BIND 9

daemon on a Unix box.//rndc的作用：管理配置bind服务

However you must have key statements valid for

the servers you wish to control, specifically the IP address and key

in both named.conf and rndc.conf. Again see section 3.4.1.2 of the

ARM for details.

 

In addition BIND is installed as a win32 system service, can be

started and stopped in the same way as any other service and

automatically starts whenever the system is booted. Signals are

not supported and are in fact ignored.