刷新服务

cd /free_cicdfs0/compose/bind9docker-compose down; docker-compose up  -d

批改配置文件

新版本 配置文件 大抵构造产生了一些扭转

cat /free_cicdfs0/data/bind9/etc/bind/named.conf// This is the primary configuration file for the BIND DNS server named.//// Please read /usr/share/doc/bind9/README.Debian.gz for information on the// structure of BIND configuration files in Debian, *BEFORE* you customize// this configuration file.//// If you are just adding zones, please do that in /etc/bind/named.conf.localinclude "/etc/bind/named.conf.options";include "/etc/bind/named.conf.local";include "/etc/bind/named.conf.default-zones";

从 114 缓存 查问 数据

cat > /free_cicdfs0/data/bind9/etc/bind/named.conf.options <<"EOF"# include "/etc/rndc.key";controls {    inet 127.0.0.1 port 953    allow { 127.0.0.1; } keys { "rndckey"; };};options {        // set no    dnssec-enable no;    dnssec-validation no;    listen-on port 53 { any; };    allow-query { any; };    forwarders {        114.114.114.114;    };};EOFchmod 777 -R  /free_cicdfs0/data/bind9/chown root:root -R  /free_cicdfs0/data/bind9/chown root:named -R  /free_cicdfs0/data/bind9/docker-compose up -d # log errorcouldn't add command channel 127.0.0.1#953: file not founddocker cp -a bind9:/etc/bind  /free_cicdfs0/data/bind9/etc/docker cp -a bind9:/var/lib/bind  /free_cicdfs0/data/bind9/var/lib/

能够 dig 无奈 ping

broken trust chain resolving 'baidu.com/AAAA/IN': 114.114.114.114#53解决:因为是局域网内非法DNS,所以将DNS平安敞开.[root@192-168-174-42 ~]# vim /etc/named.conf将上面的两项设置为no        dnssec-enable no;        dnssec-validation no;

查看 曾经 区域 解析,并增加 新的 解析 项

cat /free_cicdfs0/data/bind9/etc/bind/named.conf.default-zones// prime the server with knowledge of the root serverszone "." {        type hint;        file "/usr/share/dns/root.hints";};// be authoritative for the localhost forward and reverse zones, and for// broadcast zones as per RFC 1912zone "localhost" {        type master;        file "/etc/bind/db.local";};zone "127.in-addr.arpa" {        type master;        file "/etc/bind/db.127";};zone "0.in-addr.arpa" {        type master;        file "/etc/bind/db.0";};zone "255.in-addr.arpa" {        type master;        file "/etc/bind/db.255";};

https://nginx164190.zk.wh.com/

192.168.164.190 nginx164190.zk.wh.com

在 linux 装置 局域网 cert

# 增加 解析 条目vi /etc/hosts192.168.164.190  nginx164190.zk.wh.com [root@node01 ~]# curl https://nginx164190.zk.wh.com/curl: (60) Peer's Certificate issuer is not recognized.More details here: http://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.curl -o install_cert_linux.zip http://192.168.164.190:40080/install_cert_linux.zipunzip install_cert_linux.zipcd install_cert_linux./install_cert.sh# 测试 成果curl https://nginx164190.zk.wh.com/<html><head><title>Index of /</title></head><body><h1>Index of /</h1><hr><pre><a href="../">../</a><a href="_wildcard.zk.wh.com.crt">_wildcard.zk.wh.com.crt</a>                            18-Aug-2021 08:53    1464<a href="_wildcard.zk.wh.com.pem">_wildcard.zk.wh.com.pem</a>                            18-Aug-2021 08:53    1464<a href="install_cert_linux.zip">install_cert_linux.zip</a>                             19-Aug-2021 07:30      2M<a href="rootCA-key.pem">rootCA-key.pem</a>                                     18-Aug-2021 08:53    2488<a href="rootCA.pem">rootCA.pem</a>                                         18-Aug-2021 08:53    1635<a href="test">test</a>                                               18-Aug-2021 08:47       7</pre><hr></body></html>

rndc

1、953端口是rndc 的端口

2、rndc是监控bind的统计数据用的,同时不须要为了更新某个zone而重启bind

查看 默认的 解析条目

cat /etc/bind/named.conf.default-zones// prime the server with knowledge of the root serverszone "." {        type hint;        file "/usr/share/dns/root.hints";};// be authoritative for the localhost forward and reverse zones, and for// broadcast zones as per RFC 1912zone "localhost" {        type master;        file "/etc/bind/db.local";};zone "127.in-addr.arpa" {        type master;        file "/etc/bind/db.127";};zone "0.in-addr.arpa" {        type master;        file "/etc/bind/db.0";};zone "255.in-addr.arpa" {        type master;        file "/etc/bind/db.255";};

增加 本人的 解析条目

多台 dns 之间 进行 协同SOANS# A 代表 解析到 ipv4@       IN      A       127.0.0.1# A 代表 解析到 ipv6@       IN      AAAA    ::1# ptr 代表 逆向解析1.0.0   IN      PTR     localhost.
cat /etc/bind/named.conf// This is the primary configuration file for the BIND DNS server named.//// Please read /usr/share/doc/bind9/README.Debian.gz for information on the// structure of BIND configuration files in Debian, *BEFORE* you customize// this configuration file.//// If you are just adding zones, please do that in /etc/bind/named.conf.localinclude "/etc/bind/named.conf.options";include "/etc/bind/named.conf.local";include "/etc/bind/named.conf.default-zones";// add you zonesinclude "/etc/bind/named.conf.my-zones";# 模拟 /etc/bind/named.conf.default-zones 书写 新的 解析记录cat > /etc/bind/named.conf.my-zones <<"EOF"zone "zk.wh.com" {        type master;        file "/etc/bind/db.zk.wh.com";};zone "192.in-addr.arpa" {        type master;        file "/etc/bind/db.192";};EOF# 模拟db 文件cat /etc/bind/db.local;; BIND data file for local loopback interface;$TTL    604800@       IN      SOA     localhost. root.localhost. (                              2         ; Serial                         604800         ; Refresh                          86400         ; Retry                        2419200         ; Expire                         604800 )       ; Negative Cache TTL;@       IN      NS      localhost.@       IN      A       127.0.0.1@       IN      AAAA    ::1cat > /etc/bind/db.zk.wh.com <<"EOF"$TTL 86400@ IN SOA localhost. root.localhost. (        1  ; Serial    604800  ; Refresh    86400  ; Retry   2419200  ; Expire    86400 ) ; Negative Cache TTL;@ IN NS localhost.nginx164190       IN      A       192.168.164.190zcloud164190       IN      A       192.168.164.190EOF# 模拟 逆解 文件cat /etc/bind/db.127;; BIND reverse data file for local loopback interface;$TTL    604800@       IN      SOA     localhost. root.localhost. (                              1         ; Serial                         604800         ; Refresh                          86400         ; Retry                        2419200         ; Expire                         604800 )       ; Negative Cache TTL;@       IN      NS      localhost.1.0.0   IN      PTR     localhost.cat > /etc/bind/db.192 <<"EOF"$TTL 86400@ IN SOA localhost. root.localhost. (        1  ; Serial    604800  ; Refresh    86400  ; Retry   2419200  ; Expire    86400 ) ; Negative Cache TTL;@ IN NS localhost.190.164.168   IN      PTR     nginx164190.EOF

更新 解析记录

# 局域网 x509 证书 无奈 信赖 多重域名# Reminder: X.509 wildcards only go one level deep, so this won't match a.b.zk.wh.com ℹ️cat > /free_cicdfs0/data/bind9/etc/bind/db.zk.wh.com <<"EOF"$TTL 86400@ IN SOA localhost. root.localhost. (        1  ; Serial    604800  ; Refresh    86400  ; Retry   2419200  ; Expire    86400 ) ; Negative Cache TTL;@ IN NS localhost.nginx164190       IN      A       192.168.164.190zcloud164190      IN      A       192.168.164.190hub-docker        IN      A       192.168.99.100EOF# 重启 容器 服务 即可失效ssh root@192.168.99.2cd /free_cicdfs0/composes/bind9docker-compose restart# testping hub-docker.zk.wh.comPING hub-docker.zk.wh.com (192.168.99.100) 56(84) bytes of data.64 bytes from 192.168.99.100: icmp_seq=1 ttl=64 time=0.172 ms64 bytes from 192.168.99.100: icmp_seq=2 ttl=64 time=0.152 ms

有趣味的同学欢送进群交换