注意 dig の 項目は 抜粋 してあります
rndc.con として 次の 様に してみたい
# Start of rndc.conf /* ここから */ key "rndc.key" { algorithm hmac-md5; secret "RbLRexo8hbw1Hen+klsZbUZAYp/Rj6Qyc3srYR3Adn/bIai1KNPXKck+0hxga529r1xBuMdZwsoMMZC23YyMuw=="; }; /* ここまで 削除 する */ options { default-key "rndc.key"; default-server 127.0.0.1; default-port 953; }; /* これを 追加 */ include "/etc/rndc.key"; /* ここまで追加 */ # End of rndc.conf
そうすると rndc.conf は
# Start of rndc.conf
options {
default-key "rndc.key";
default-server 127.0.0.1;
default-port 953;
};
include "/etc/rndc.key";
# End of rndc.conf
移行 した 後の 状態で
# ls -l rndc* -r-------- 1 root root 150 Apr 4 21:12 rndc.conf -r-------- 1 named named 336 Apr 4 18:38 rndc.key # ls -l named.conf -r-------- 1 named named 2178 Apr 4 18:49 named.conf # cat rndc.conf # Start of rndc.conf options { default-key "rndc.key"; default-server 127.0.0.1; default-port 953; }; include "/etc/rndc.key"; # End of rndc.conf # cat rndc.key # Use with the following in named.conf, adjusting the allow list as needed: key "rndc.key" { algorithm hmac-md5; secret "bjEX98NCIUgWCqvC1WaxJzdGZReAyLO8KDRSpW6Ky5cr9Cq+C7l0j8eQCFkDg4PzNrhIOf090gA23LsWyJrpiQ=="; }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc.key"; }; # }; # End of named.conf
念の為 再起動
# ps ax | grep named | grep -v grep 66 ? S 0:00 /usr/sbin/named # kill -HUP 66 && date Tue Apr 4 21:36:12 JST 2006 # tail -2 /var/log/messages Apr 4 21:36:12 lx named[66]: loading configuration from '/etc/named.conf' Apr 4 21:36:12 lx named[66]: no IPv6 interfaces found
再起動 しないで 上記の 様に kill -HUP pid でも 良いのだろうが
# shutdown -r now
確認しよう
# sed -n -e '/named/p' /var/log/messages Apr 4 21:16:26 lx named[66]: starting BIND 9.2.3 Apr 4 21:16:26 lx named[66]: using 1 CPU Apr 4 21:16:27 lx named[66]: loading configuration from '/etc/named.conf' Apr 4 21:16:27 lx named[66]: no IPv6 interfaces found Apr 4 21:16:27 lx named[66]: listening on IPv4 interface lo, 127.0.0.1#53 Apr 4 21:16:27 lx named[66]: listening on IPv4 interface eth0, 192.168.0.5#53 Apr 4 21:16:27 lx named[66]: listening on IPv4 interface eth1, 192.168.2.1#53 Apr 4 21:16:27 lx named[66]: command channel listening on 127.0.0.1#953 Apr 4 21:16:28 lx named[66]: zone 0.0.127.in-addr.arpa/IN: loaded serial 20030121 Apr 4 21:16:28 lx named[66]: zone 0.168.192.in-addr.arpa/IN: loaded serial 20030121 Apr 4 21:16:28 lx named[66]: zone bcnet.ne.jp/IN: loaded serial 20030121 Apr 4 21:16:28 lx named[66]: zone localhost/IN: loaded serial 20030121 Apr 4 21:16:28 lx named[66]: running # rndc status number of zones: 6 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF server is up and running $ dig @192.168.0.5 cricrima-sa.no-ip.info A ;; ANSWER SECTION: cricrima-sa.no-ip.info. 26 IN A 220.109.178.190 ;; Query time: 2006 msec ;; SERVER: 192.168.0.5#53(192.168.0.5) ;; WHEN: Tue Apr 4 21:32:41 2006 ;; MSG SIZE rcvd: 167 ------- /* 3回目 の 場合 */------ ;; Query time: 1 msec ;; SERVER: 192.168.0.5#53(192.168.0.5) ;; WHEN: Tue Apr 4 21:33:51 2006 ;; MSG SIZE rcvd: 167
これで どうやら rndc.key 1個で named.conf と rndc.conf 共に include "/etc/rndc.key"; で 使いまわしが 出来る事に なった。 だが rndc での 使いまわしを しないのは 何か 理由が有 るのだろう 現状 この様に してるので rndc.key の オーナー を 変更 してみ よう
# ls -l rndc* -r-------- 1 root root 150 Apr 4 21:12 rndc.conf -r-------- 1 named named 336 Apr 4 18:38 rndc.key lx:/etc# ls -l named.conf -r-------- 1 named named 2178 Apr 4 18:49 named.conf
そうして
# chown root.root rndc.* # chown root.root named.conf # ls -l rndc* -r-------- 1 root root 150 Apr 4 21:12 rndc.conf -r-------- 1 root root 336 Apr 4 18:38 rndc.key # ls -l named.conf -r-------- 1 root root 2178 Apr 4 18:49 named.conf
再度 再起動 確認してみよう どうなるか?
# shutdown -r now
確認
# ps ax | grep named 66 ? S 0:00 /usr/sbin/named 253 pts/0 S 0:00 grep named # sed -n -e '/named/p' /var/log/messages Apr 4 21:56:48 lx named[66]: starting BIND 9.2.3 Apr 4 21:56:48 lx named[66]: using 1 CPU Apr 4 21:56:49 lx named[66]: loading configuration from '/etc/named.conf' Apr 4 21:56:49 lx named[66]: no IPv6 interfaces found Apr 4 21:56:49 lx named[66]: listening on IPv4 interface lo, 127.0.0.1#53 Apr 4 21:56:49 lx named[66]: listening on IPv4 interface eth0, 192.168.0.5#53 Apr 4 21:56:49 lx named[66]: listening on IPv4 interface eth1, 192.168.2.1#53 Apr 4 21:56:50 lx named[66]: command channel listening on 127.0.0.1#953 Apr 4 21:56:50 lx named[66]: zone 0.0.127.in-addr.arpa/IN: loaded serial 20030121 Apr 4 21:56:50 lx named[66]: zone 0.168.192.in-addr.arpa/IN: loaded serial 20030121 Apr 4 21:56:50 lx named[66]: zone bcnet.ne.jp/IN: loaded serial 20030121 Apr 4 21:56:50 lx named[66]: zone localhost/IN: loaded serial 20030121 Apr 4 21:56:50 lx named[66]: running # rndc status number of zones: 6 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF server is up and running $ dig @192.168.0.5 cricrima-sa.no-ip.info A ;; ANSWER SECTION: cricrima-sa.no-ip.info. 60 IN A 220.109.178.190 ;; Query time: 2270 msec ;; SERVER: 192.168.0.5#53(192.168.0.5) ;; WHEN: Tue Apr 4 22:23:06 2006 ;; MSG SIZE rcvd: 167
にゃんたろう 拝!
2006年 4月 4日 (火) 23:03:24 JST 作成