$ systemctl enable named.service Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service. $ systemctl start named.service $ systemctl status named.service ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2021-05-20 16:26:36 CST; 10min ago Main PID: 28777 (named) Tasks: 4 Memory: 58.6M CGroup: /system.slice/named.service └─28777 /usr/sbin/named -u named -c /etc/named.conf
May 20 16:31:49 tiny-cloud named[28777]: validating net/SOA: got insecure response; parent indicates it should be secure May 20 16:31:49 tiny-cloud named[28777]: no valid RRSIG resolving 'edgekey.net/DS/IN': 192.12.94.30#53 May 20 16:31:49 tiny-cloud named[28777]: validating net/SOA: got insecure response; parent indicates it should be secure May 20 16:31:49 tiny-cloud named[28777]: no valid RRSIG resolving 'edgekey.net/DS/IN': 192.31.80.30#53 May 20 16:31:49 tiny-cloud named[28777]: validating net/DNSKEY: got insecure response; parent indicates it should be secure May 20 16:31:49 tiny-cloud named[28777]: insecurity proof failed resolving 'net/DNSKEY/IN': 192.12.94.30#53 May 20 16:31:50 tiny-cloud named[28777]: validating net/DNSKEY: got insecure response; parent indicates it should be secure May 20 16:31:50 tiny-cloud named[28777]: insecurity proof failed resolving 'net/DNSKEY/IN': 192.31.80.30#53 May 20 16:31:51 tiny-cloud named[28777]: validating net/SOA: got insecure response; parent indicates it should be secure May 20 16:31:51 tiny-cloud named[28777]: no valid RRSIG resolving 'akamaiedge.net/DS/IN': 192.31.80.30#53
;; ADDITIONAL SECTION: a.root-servers.net. 518400 IN A 198.41.0.4 b.root-servers.net. 518400 IN A 199.9.14.201 c.root-servers.net. 518400 IN A 192.33.4.12 d.root-servers.net. 518400 IN A 199.7.91.13 e.root-servers.net. 518400 IN A 192.203.230.10 f.root-servers.net. 518400 IN A 192.5.5.241 g.root-servers.net. 518400 IN A 192.112.36.4 h.root-servers.net. 518400 IN A 198.97.190.53 i.root-servers.net. 518400 IN A 192.36.148.17 j.root-servers.net. 518400 IN A 192.58.128.30 k.root-servers.net. 518400 IN A 193.0.14.129 l.root-servers.net. 518400 IN A 199.7.83.42 m.root-servers.net. 518400 IN A 202.12.27.33 a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 518400 IN AAAA 2001:500:200::b c.root-servers.net. 518400 IN AAAA 2001:500:2::c d.root-servers.net. 518400 IN AAAA 2001:500:2d::d e.root-servers.net. 518400 IN AAAA 2001:500:a8::e f.root-servers.net. 518400 IN AAAA 2001:500:2f::f g.root-servers.net. 518400 IN AAAA 2001:500:12::d0d h.root-servers.net. 518400 IN AAAA 2001:500:1::53 i.root-servers.net. 518400 IN AAAA 2001:7fe::53 j.root-servers.net. 518400 IN AAAA 2001:503:c27::2:30 k.root-servers.net. 518400 IN AAAA 2001:7fd::1 l.root-servers.net. 518400 IN AAAA 2001:500:9f::42 m.root-servers.net. 518400 IN AAAA 2001:dc3::35
In this case, the is a HMAC-MD5 key. You can generate your own HMAC-MD5 keys with the following command:
dnssec-keygen -a hmac-md5 -b -n HOST A key with at least a 256-bit length is good idea. The actual key that should be placed in the area can found in the .
The name of the key used in /etc/named.conf should be something other than key.
options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5; # secret "h0Pmn9ueo1Uk9Cv6cpPE2w=="; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf
$ sed -i 's#KEEPALIVED_OPTIONS="-D"#KEEPALIVED_OPTIONS="-D -d -S 0"#g' /etc/sysconfig/keepalived $ cat /etc/sysconfig/keepalived # Options for keepalived. See `keepalived --help' output and keepalived(8) and # keepalived.conf(5) man pages for a list of all options. Here are the most # common ones : # # --vrrp -P Only run with VRRP subsystem. # --check -C Only run with Health-checker subsystem. # --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop. # --dont-release-ipvs -I Dont remove IPVS topology on daemon stop. # --dump-conf -d Dump the configuration data. # --log-detail -D Detailed log messages. # --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON) #