BIND 9.3 下使用 TSIG key 简化 view 的设置

gaochong

请各位老大出马....

bsdunix

Dec 20 19:18:22 up named[578]: dumping master file: slave/cernet/tmp-zQjYBvI00p: open: permission denied
Dec 20 19:18:22 up named[578]: transfer of 'glnc.edu.cn/IN' from 202.193.208.100#53: failed while receiving responses: permission denied
Dec 20 19:20:35 up named[578]: zone glnc.edu.cn/IN/view_any: refresh: could not set file modification time of 'slave/telecom/glnc.edu.cn': permission denied
Dec 20 19:33:06 up named[578]: dumping master file: slave/cernet/tmp-kLbi1BCcHM: open: permission denied
Dec 20 19:33:06 up named[578]: transfer of 'glnc.edu.cn/IN' from 202.193.208.100#53: failed while receiving responses: permission denied
Dec 20 19:47:58 up named[578]: dumping master file: slave/cernet/tmp-JOmo8eBv7L: open: permission denied
Dec 20 19:47:58 up named[578]: transfer of 'glnc.edu.cn/IN' from 202.193.208.100#53: failed while receiving responses: permission denied
Dec 20 19:52:36 up named[578]: zone 208.193.202.in-addr.arpa/IN/view_cernet: refresh: could not set file modification time of 'slave/cernet/rev.208': permission denied
Dec 20 20:02:17 up named[578]: dumping master file: slave/cernet/tmp-1YPx8FoKu7: open: permission denied
Dec 20 20:02:17 up named[578]: transfer of 'glnc.edu.cn/IN' from 202.193.208.100#53: failed while receiving responses: permission denied
Dec 20 20:04:31 up named[578]: zone 208.193.202.in-addr.arpa/IN/view_any: refresh: could not set file modification time of 'slave/telecom/rev.208': permission denied
Dec 20 20:15:27 up named[578]: dumping master file: slave/cernet/tmp-Fdoaqh6a9U: open: permission denied
Dec 20 20:15:27 up named[578]: transfer of 'glnc.edu.cn/IN' from 202.193.208.100#53: failed while receiving responses: permission denied
Dec 20 20:15:28 up named[578]: zone 209.193.202.in-addr.arpa/IN/view_any: refresh: could not set file modification time of 'slave/telecom/rev.209': permission denied
Dec 20 20:20:08 up named[578]: zone glnc.edu.cn/IN/view_any: refresh: could not set file modification time of 'slave/telecom/glnc.edu.cn': permission denied
Dec 20 20:20:50 up named[578]: zone 210.193.202.in-addr.arpa/IN/view_any: refresh: could not set file modification time of 'slave/telecom/rev.210': permission denied
Dec 20 20:26:56 up named[578]: dumping master file: slave/cernet/tmp-P9uzJ4EFvS: open: permission denied
Dec 20 20:26:56 up named[578]: transfer of 'glnc.edu.cn/IN' from 202.193.208.100#53: failed while receiving responses: permission denied

gaochong

这是slave的logs,master的logs可以帖出来吗？

bsdunix

Dec 19 23:31:17 sun0 named[634]: starting BIND 9.3.2-P1 -t /var/named -u bind
Dec 19 23:31:17 sun0 named[634]: command channel listening on 127.0.0.1#953
Dec 19 23:31:17 sun0 named[634]: command channel listening on ::1#953
Dec 19 23:31:17 sun0 named[634]: running

bsdunix

freebsd 6.1

gaochong

无语...

xing007008

首先,要感谢ailms发表了这么优秀的文章.

我估计还有一些朋友(包括我)比较难明白关于这个key(key telecomkey),还有telecom_addr具体是怎么来的?楼上的可以详细说一下吗?

ailms

key 是用 rndckey 生成的，命令格式如下 ：

1. 
   
2. dnssec-keygen -a HMAC-MD5 -b 512 -n HOST <key>
   

复制代码

然后从生成的 key 文件中抽取出 algorithm 和 secret 两行，放到一个文件，例如 telecom.key ，

并把这个 key 定义为 telecomkey 就可以了。

2）至于 telecom_addr 如何来的，可以搜索一下 abel 兄的精华帖子就知道了。我这里只是举例而已。

xing007008

现在明白了许多了.照你这样说telecomkey 和 unicomkey文件的内容是一样的吗?

ailms

至少名称不一样，内容可以一样。

不过你用上面的命令生成的 key 文件基本上是不可能相同的