1、control 不使用 allow 子句可以吗? [答案] : 不可以。会出现如下错误并导致 named 退出 Feb 8 16:09:22 dns named[30296]: /etc/named.conf:28: expected 'allow' near 'keys' Feb 8 16:09:22 dns named[30296]: loading configuration: unexpected token Feb 8 16:09:22 dns named[30296]: exiting (due to fatal error) ========================================================================================= 2、如果受控方的 controls 语句的 allow 子句和 keys 子句的配置不一样,那以那个为准 ? [答案] : 两者必须一致,否则不能连接。 ========================================================================================== 3、如果本地的 named 停止,而对方的 named 还正常,那么还能在本地执行 rndc -s 命令控制对方吗? [答案] : 可以。 ========================================================================================== 4、受控方的 controls 语句的 inet 子句的地址可以为 * 吗? [答案] : 可以。 ========================================================================================== 5、去掉受控方的 controls 语句的 keys 子句会怎样? [答案] : 错误如下 : Feb 8 16:19:25 dns named[30468]: /etc/rndc.key:6: 'key' redefined near 'key'
Feb 8 16:19:25 dns named[30468]: /etc/named.conf:28: couldn't install keys for command channel 0.0.0.0#953: already exists
Feb 8 16:19:25 dns named[30468]: /etc/named.conf:28: couldn't add command channel 0.0.0.0#953: already exists ========================================================================================== 6、使用 rndc 的 -s 选项控制 dns.movie.bob.com [答案] : [root@dns.bob.com =>etc]#rndc -s 192.253.254.66 status
number of zones: 6
debug level: 5
xfers running: 0
xfers deferred: 0
soa queries in progress: 1
query logging is ON
server is up and running
[root@dns.bob.com =>etc]# ========================================================================================== 7、修改 dns.movie.bob.com 上的 rndc 监听端口为 954 : [答案] : 下面是受控方的 controls 语句 controls { inet 0.0.0.0 port 954 allow {127.0.0.1;192.253.254.2;} keys { rndckey; bob.com.key; }; }; [root@dns.bob.com =>etc]#rndc -s 192.253.254.66 stats rndc: connect failed: connection refused [root@dns.bob.com =>etc]#rndc -s 192.253.254.66 -p 954 status ========================================================================================== 8、reconfig 命令的作用 : [答案] : 下面是 dns.bob.com 的修改 : //zone "254.253.192.in-addr.arpa" IN {
// type master;
// file "master/db.192.253.254";
//}; zone "foo.bob.com." IN { type master;
file "master/foo.bob.com.zone";
};
[root@dns.bob.com =>etc]#rndc reconfig Feb 08 17:21:56.093 general: debug 1: received control channel command 'reconfig' Feb 08 17:21:56.093 general: info: loading configuration from '/etc/named.conf' Feb 08 17:21:56.097 general: debug 1: now using logging configuration from config file Feb 08 17:21:56.098 general: debug 1: load_configuration: success Feb 08 17:21:56.098 general: debug 1: zone foo.bob.com/IN: starting load Feb 08 17:21:56.098 general: error: zone foo.bob.com/IN: loading master file aster/foo.bob.com.zone: file not found 注意!虽然此时只显示新增的 zone foo.bob.com 的消息,但实际上 254.253.192.in-addr.arpa 已经从内存中删除了 [root@dns.bob.com =>general]#nslookup 192.253.254.1
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
;; connection timed out; no servers could be reached [root@dns.bob.com =>general]# 只要把原来的注释去掉再执行 rndc reconfig ,就又可以解释反向区了。 [root@dns.bob.com =>general]#nslookup 192.253.254.1
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53 1.254.253.192.in-addr.arpa name = gateway1.bob.com. [root@dns.bob.com =>general]# 所以 reconfig 命令只处理那些有变更的 zone ,例如 zone 的新增或删除。 ==========================================================================================9、reload、refresh、reconfig 命令的比较 : [答案] : <!--[if !supportLists]-->
|
