我们以前习惯使用Bind9,但是放弃它以支持PowerDNS,因为坦率地说,Bind很糟糕.@H_403_3@
我们的DNS主服务器中有一个“主要”区域. london.wibblesplat.com
还有其他区域,oob.london.wibblesplat.com@H_403_3@
非oob区域中的大多数地址在192.168.0.0/16范围内. dns-1服务器的IP为192.168.123.140. (我不确定这是否相关).@H_403_3@
我想在172.16.254.0/24范围内的oob.london.wibblesplat.com区域添加一些带外(oob)访问IP@H_403_3@
这就是驱动powerdns的数据库中的内容.@H_403_3@
powerdns=# select * from records where name like '%switch%'; id | domain_id | name | type | content | ttl | prio | change_date | ordername | auth --------+-----------+----------------------------------------------------+------+---------------+------+------+-------------+-----------+------ 190709 | 24 | renderchassis-1-switch-A1.london.wibblesplat.com | A | 172.16.254.12 | 3600 | 0 | 1328715923 | | 190710 | 24 | renderchassis-1-switch-A2.london.wibblesplat.com | A | 172.16.254.3 | 3600 | 0 | 1328715923 | | 190711 | 24 | renderchassis-2-switch-A1.london.wibblesplat.com | A | 172.16.254.2 | 3600 | 0 | 1328715923 | | 190712 | 24 | renderchassis-2-switch-A2.london.wibblesplat.com | A | 172.16.254.13 | 3600 | 0 | 1328715923 | | (4 rows)
这就是挖说的.@H_403_3@
tom.oconnor@charcoal-black:~$dig renderchassis-1-switch-A1 +search ; <<>> DiG 9.7.0-P1 <<>> renderchassis-1-switch-A1 +search ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,status: NXDOMAIN,id: 28586 ;; flags: qr aa rd ra; QUERY: 1,ANSWER: 0,AUTHORITY: 1,ADDITIONAL: 0 ;; QUESTION SECTION: ;renderchassis-1-switch-A1.london.wibblesplat.com. IN A ;; AUTHORITY SECTION: london.wibblesplat.com. 1800 IN SOA dns1.london.wibblesplat.com. hostmaster.london.wibblesplat.com. 2012020803 28800 7200 604800 86400 ;; Query time: 2 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 15:58:53 2012 ;; MSG SIZE rcvd: 120
为什么PowerDNS没有提供记录?它存在.查询应该没问题.如果A记录不在服务器可访问的子网中,是否有一些奇怪的区域没有被提供? (我看不出这是正确的,如果我想(无论出于何种原因)重新发布8.8.8.8的A记录或其他什么).@H_403_3@
有什么想法吗?@H_403_3@
编辑:@H_403_3@
情节变浓.
出于兴趣,我修改了旧记录,并添加了一些新的,更短的记录.@H_403_3@
powerdns=# select * from records where name like '%rc1sw%' or content like '%rc1sw%'; id | domain_id | name | type | content | ttl | prio | change_date | ordername | auth --------+-----------+-----------------------------+------+---------------+------+------+-------------+-----------+------ 190810 | 23 | rc1sw1.london.wibblesplat.com | A | 172.16.254.12 | 3600 | 0 | 1328720986 | | 190811 | 23 | rc1sw2.london.wibblesplat.com | A | 172.16.254.3 | 3600 | 0 | 1328720999 | |
现在..
tom.oconnor@charcoal-black:〜$dig rc1sw1搜索@H_403_3@
; <<>> DiG 9.7.0-P1 <<>> rc1sw1 +search ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 32849 ;; flags: qr aa rd ra; QUERY: 1,ANSWER: 1,AUTHORITY: 0,ADDITIONAL: 0 ;; QUESTION SECTION: ;rc1sw1.london.wibblesplat.com. IN A ;; ANSWER SECTION: rc1sw1.london.wibblesplat.com. 3600 IN A 172.16.254.12 ;; Query time: 0 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:10:35 2012 ;; MSG SIZE rcvd: 61
它有效.@H_403_3@
似乎Powerdns可能不喜欢这么多 – 名字中的字符.我会牢记这一点,继续下去.不过,答案可能还不错.@H_403_3@
好吧,这是它不喜欢的-A1.@H_403_3@
看看这个.@H_403_3@
powerdns=# select * from records order by id desc limit 5; id | domain_id | name | type | content | ttl | prio | change_date | ordername | auth --------+-----------+---------------------------------+------+---------------------------------+------+------+-------------+-----------+------ 190830 | 23 | bunt-1-A1.london.wibblesplat.com | A | 127.0.0.1 | 120 | 0 | 1328722058 | | 190829 | 22 | 80.124.168.192.in-addr.arpa. | PTR | claret-red.london.wibblesplat.com | 3600 | 0 | 1328722007 | | 190828 | 23 | claret-red.london.wibblesplat.com | A | 192.168.124.80 | 3600 | 0 | 1328722007 | | 190825 | 23 | BUNT.london.wibblesplat.com | A | 127.0.0.1 | 120 | 0 | 1328721975 | | 190824 | 23 | bunt.london.wibblesplat.com | A | 127.0.0.1 | 120 | 0 | 1328721967 | |
和@H_403_3@
tom.oconnor@charcoal-black:~$dig bunt +search ; <<>> DiG 9.7.0-P1 <<>> bunt +search ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,id: 34027 ;; flags: qr aa rd ra; QUERY: 1,ADDITIONAL: 0 ;; QUESTION SECTION: ;bunt.london.wibblesplat.com. IN A ;; ANSWER SECTION: bunt.london.wibblesplat.com. 120 IN A 127.0.0.1 ;; Query time: 1 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:27:15 2012 ;; MSG SIZE rcvd: 59 tom.oconnor@charcoal-black:~$dig BUNT +search ; <<>> DiG 9.7.0-P1 <<>> BUNT +search ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,id: 60125 ;; flags: qr aa rd ra; QUERY: 1,ADDITIONAL: 0 ;; QUESTION SECTION: ;BUNT.london.wibblesplat.com. IN A ;; ANSWER SECTION: BUNT.london.wibblesplat.com. 120 IN A 127.0.0.1 ;; Query time: 0 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:27:20 2012 ;; MSG SIZE rcvd: 59 tom.oconnor@charcoal-black:~$dig bunt-1-A1 +search ; <<>> DiG 9.7.0-P1 <<>> bunt-1-A1 +search ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,id: 22009 ;; flags: qr rd ra; QUERY: 1,ADDITIONAL: 0 ; ; QUESTION SECTION: ;bunt-1-A1. IN A ;; AUTHORITY SECTION: . 1800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2012020801 1800 900 604800 86400 ;; Query time: 59 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:27:53 2012 ;; MSG SIZE rcvd: 102