# /usr/local/sbin/rndc-confgen > /etc/rndc.conf
# cat /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "TEJ7NKwydCQWDOZSv8DgDg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "TEJ7NKwydCQWDOZSv8DgDg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
# vi /etc/rndc.key (자신의 서버의 rndc.conf파일의 내용으로 입력)
algorithm hmac-md5;
secret "TEJ7NKwydCQWDOZSv8DgDg==";
};
# vi /etc/named.conf (자신의 서버의 rndc.conf파일의 내용으로 입력)
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "0.168.192.in-addr.arpa" IN { // 아이피주소가 192.168.0.1이면
type master;
file "named.rev";
};
zone "도메인.co.kr" IN { type master; file "zone-도메인.co.kr"; };
zone "도메인.co.kr" IN { type master; file "zone-도메인.co.kr"; };
zone "도메인.co.kr" IN { type master; file "zone-도메인.co.kr"; };
named 계정 생성
# useradd -u 25 -r -d /var/named -M -s /bin/false named
named 관련파일 퍼미션 조정
# chmod 640 /etc/rndc.key
# chmod 640 /etc/rndc.conf
# chmod 640 /etc/named.conf
# chown root.named rndc.key
# chown root.named rndc.conf
# chown root.named named.conf
# mkdir /var/named
# chown named.root /var/named
# dig @168.126.63.1 . > /var/named/named.root
# touch /var/log/named.log
# chown named.named /var/log/named.log
# named-checkconf -z (설정파일들 체크)