DNS TSIG配置
条件:首先应该主辅服务器已经做成功
主服务器: RedHat5.4 ip 192.168.1.106
辅服务器: redhat5.4 ip 192.168.1.107
测试机: windows2003 ip 192.168.1.115
1.主服务器配置
1>为TSIG创建密钥.
[root@localhost chroot]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST rndc-key
Krndc-key.+157+36636
2> 查看生成的文件
[root@localhost chroot]# ll
总计 20
drwxr-x--- 2 root named 4096 10-26 21:54 dev
drwxr-x--- 2 root named 4096 10-26 21:59 etc
-rw------- 1 root root 52 10-26 22:00 Krndc-key.+157+36636.key
-rw------- 1 root root 81 10-26 22:00 Krndc-key.+157+36636.private
drwxr-x--- 6 root named 4096 10-26 21:54 var
3>得到密钥字符串,最后面的为密钥字符串
[root@localhost chroot]# cat Krndc-key.+157+36636.key
rndc-key. IN KEY 512 3 157 FLJPk9BWG82BDp5nhfaTqQ==
全局配置named.conf增加的配置代码
key code {
algorithm hmac-md5;
secret FLJPk9BWG82BDp5nhfaTqQ==;
};
server 192.168.1.107 { //辅服务器IP
keys { code; };
};
4> 主配置文件:named.rfc1912.zones 增加如下内容
zone "abc.com" IN {
type master;
file "abc.com.zone";
allow-update { none; };
allow-transfer { key code; };
};
5> 区域配置文件:abc.com.zone
$TTL 86400
@ IN SOA ns.abc.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns.abc.com.
ns IN A 192.168.1.106
www IN A 10.10.10.10
ftp IN A 11.11.11.11
6>启动named服务器
[root@localhost etc]# service named start
启动 named: [确定]
2. 辅服务器配置
1>全局设置:named.conf
key code {
algorithm hmac-md5;
secret FLJPk9BWG82BDp5nhfaTqQ==;
};
server 192.168.1.106 { //主服务器IP
keys { code; };
};
2> 主配置文件:named.rfc1912.zones
zone "abc.com" IN {
type slave;
masters { 192.168.1.106; };
file "slaves/abc.com.zone";
allow-update { none; };
};
3> 启动DNS辅服务器
[root@localhost etc]# service named start
启动 named: [确定]
3. 客户机测试
