Генерируем ключи:
dnssec-keygen -a HMAC-MD5 -b 512 -n USER foo22.bar44.com.
Настройки сервера:
/etc/named.conf:
include "keys.conf";
......
zone "bar44.com" {
type master;
file "bar44.com.zone";
update-policy {
grant laptop.bar44.com. name laptop.bar44.com. A TXT;
grant foo22.bar44.com. subdomain bar44.com. ANY;
};
# или
#allow-update {
# key foo22.bar44.com.
#};
};
/etc/namedb/keys.conf:
key foo22.bar44.com. {
algorithm HMAC-MD5;
secret "секретный ключ";
};
Для обновления зоны:
nsupdate -k Kfoo22.bar44.com.+157+12505.private -v cmd_file.txt
Пример cmd_file.txt:
server ns.bar44.com
zone bar44.com
update delete somehost.bar44.com. A
update add somehost.bar44.com. 86400 A 10.10.10.1
show
send
URL: http://www.opennet.dev/opennews/art.shtml?num=4398
Обсуждается: http://www.opennet.dev/tips/info/725.shtml