给DNS设置KEY

最新推荐文章于 2024-01-03 16:34:11 发布

猫上的树

最新推荐文章于 2024-01-03 16:34:11 发布

阅读量1.5k

点赞数 2

分类专栏： linux 文章标签： dns

本文链接：https://blog.youkuaiyun.com/a18829898663/article/details/71481414

版权

linux 专栏收录该内容

87 篇文章

订阅专栏

1.建立 keyfile
[root@server mnt]# cd /mnt/
[root@server mnt]#dnssec-keygen -a HMAC-MD5 -b 256 -n HOST westoskey ##设置加密， HMAC-MD5为加密方式，256 为加密字符大小,得在server机上敲键盘或者晃动鼠标
[root@server mnt]# ls
Kwestoskey.+157+44239.key  Kwestoskey.+157+44239.private  westos.com.zone

2.建立 key configfile
[root@server mnt]# cp -p /etc/rndc.key /etc/westos.key   ##复制加密模板

[root@server mnt]# cat /mnt/Kwestoskey.+157+44239.key 
westoskey. IN KEY 512 3 157 Mfc12pxQDEFKoZfZwydWJBg1BMipCiWf1GN+VSeyNPY=
[root@server mnt]# vim /etc/westos.key
key "westoskey" {     ##注意修改
        algorithm hmac-md5;
        secret "Mfc12pxQDEFKoZfZwydWJBg1BMipCiWf1GN+VSeyNPY=";
};

3.config dns
[root@server mnt]# vim /etc/named.conf 
 43 include "/etc/westos.key";    ##必须在43行加
[root@server mnt]# vim /etc/named.rfc1912.zones 
zone "westos.com" IN {
        type master;
        file "westos.com.zone";
        allow-update { key westoskey; };   ##修改本行，设置加密方式更新
};

[root@server mnt]# systemctl restart named
4. 检测
[root@server mnt]# scp /mnt/Kwestoskey.+157+44239.* root@172.25.254.10:/mnt/
root@172.25.254.10's password: 
Kwestoskey.+157+44239.key                     100%   73     0.1KB/s   00:00    
Kwestoskey.+157+44239.private                 100%  185     0.2KB/s   00:00   
在client
[root@client ~]# cd /mnt/
[root@client mnt]# ls
Kwestoskey.+157+44239.key  Kwestoskey.+157+44239.private
[root@client mnt]# nsupdate -k Kwestoskey.+157+44239.private 
> server 172.25.254.20
> update add hello.westos.com 86400 A 172.25.254.111
> send
> quit
[root@client mnt]# dig hello.westos.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> hello.westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42215
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hello.westos.com.      IN  A

;; ANSWER SECTION:
hello.westos.com.   86400   IN  A   172.25.254.112

;; AUTHORITY SECTION:
westos.com.     86400   IN  NS  dns.westos.com.

;; ADDITIONAL SECTION:
dns.westos.com.     86400   IN  A   172.25.254.20

;; Query time: 0 msec
;; SERVER: 172.25.254.20#53(172.25.254.20)
;; WHEN: Tue May 09 06:33:43 EDT 2017
;; MSG SIZE  rcvd: 95