多个view的时候使用nsupdate更新记录

大家经常使用bind的时候是划分不同的view的，因为每个view的zone需要单独修改，所以人肉修改是比较麻烦的。这个时候可以使用nsupdate进行批量的操作。只要注意每个view使用正确的记录就行。
使用nsupdate需要给每个view都创建一个key，每个view指定允许对应的这个key能更新。
views.key文件：

key "default" {

    algorithm hmac-md5; 

    secret "GkbQ6Q2WtVqu9pk8WzPDOA==";

};

key "test1" {

    algorithm hmac-md5; 

    secret "4qEjC+NgFmRvGdt8DuCRDA==";

};

key "test2" {

    algorithm hmac-md5; 

    secret "88PUPwk66CbQacWCgFG0kw==";

};

named.conf文件

controls {

    inet 127.0.0.1 port 953

    allow { 127.0.0.1; } keys { "rndc-key"; };

};

//

acl test1 {

    10.0.0.0/8;

};

acl test2 {

    192.0.0.0/8;

};

acl slavedns {  

        192.18.208.31; //ztt dns1



        127.0.0.1;

};

options {

     listen-on port 53 { any; };

     listen-on-v6  { none; };

     directory      "/opt/bind/etc/";

     dump-file      "/opt/bind/var/named/data/cache_dump.db";

     statistics-file "/opt/bind/var/named/data/named_stats.txt";

     memstatistics-file "/opt/bind/var/named/data/named_mem_stats.txt";

     zone-statistics yes;

     allow-query     { any; };

# recursion config

     recursion yes;

     max-ncache-ttl 60;

     recursive-clients 2000;

# dnssec config

     dnssec-enable yes;

     dnssec-validation yes;

     dnssec-lookaside auto;

# rrt config

     rate-limit {

        responses-per-second 20;

        qps-scale  1000;

        window 4;

        slip 2;

        ipv4-prefix-length 32;

    };

# rpz config

    response-policy { 

        zone "rpz.zone"  policy given; 

   };

# log query

      querylog yes;

#define version

      version "GNUer's dns 2.0";

## transfer config

      notify explicit;

      tcp-clients 2000;

      transfers-out 100;

      allow-transfer {  slavedns; 127.0.0.1;};

      also-notify { 

                192.18.208.31;



    };

     /* Path to ISC DLV key */

     #bindkeys-file "/opt/bind/etc/named.iscdlv.key";

};



logging {

  channel default_syslog { file "/opt/bind/var/log/named.syslog" versions 5 size 100m; severity dynamic; print-time yes;};

  channel default_debug { file "/opt/bind/var/log/named.run" versions 5 size 100m; severity dynamic; print-time yes;};

  channel default_stderr { stderr; severity info; };

  channel null { null; };

  channel general_debug { file "/opt/bind/var/log/named.general" versions 3 size 100m; severity dynamic; print-time yes;};

  channel database_debug { file "/opt/bind/var/log/named.database" versions 3 size 100m; severity dynamic; print-time yes;};

  channel query_log { file "/opt/bind/var/log/named.query" versions 3 size 100m; severity dynamic; print-time yes;print-severity yes; print-category yes;};

  channel resolver_log { file "/opt/bind/var/log/named.resolver" versions 3 size 100m; severity dynamic; print-time yes;};

  channel security_log { file "/opt/bind/var/log/named.security" versions 3 size 100m; severity dynamic; print-time yes;};

  channel notify_log { file "/opt/bind/var/log/named.notify" versions 3 size 100m; severity dynamic; print-time yes;};

  channel rrt_log { file "/opt/bind/var/log/named.rrt" versions 3 size 100m; severity dynamic; print-time yes;};

  channel rpz_log { file "/opt/bind/var/log/named.rpz" versions 3 size 100m; severity dynamic; print-time yes;};

  category default {null; };

  category queries { query_log; };

  category resolver { resolver_log; };

  category security { security_log; };

  category notify { notify_log; };

  category xfer-in { notify_log; };

  category xfer-out { notify_log; };

  category update { notify_log; };

  category unmatched {default_syslog; };

  category rate-limit {rrt_log;};

  category rpz {rpz_log;};

};

view "test1" {

    recursion yes;

    allow-query { any; };

    match-clients {test1; key test1;};

    allow-update { key test1; };

    zone "test.org" {

        type master;

        file "master/test.org.view1";

    };      

    zone "rpz.zone" {

       type master;

       file "master/rpz.zone";

       allow-update {none;};

   };

   zone "."{

     type hint;

     file "named.root";

   };

};



view "test2" {

    recursion yes;

    allow-query { any; };

    match-clients {test2; key test2;};

    allow-update { key test2; };

    zone "test.org" {

        type master;

        file "master/test.org.view2";

    };      

    zone "rpz.zone" {

       type master;

       file "master/rpz.zone";

       allow-update {none;};

   };

   zone "."{

     type hint;

     file "named.root";

   };

};

view "default" {

    recursion yes;

    allow-query { any; };

    match-clients {any;key default; };

    allow-update { key default; };

    zone "test.org" {

        type master;

        file "master/test.org.default";

    };      

    zone "rpz.zone" {

       type master;

       file "master/rpz.zone";

       allow-update {none;};

   };

   zone "."{

     type hint;

     file "named.root";

   };

};

nsupdate脚本

#!/bin/bash

TTL=600

declare -A views

views["test1"]="4qEjC+NgFmRvGdt8DuCRDA=="

views["test2"]="88PUPwk66CbQacWCgFG0kw=="

views["default"]="GkbQ6Q2WtVqu9pk8WzPDOA=="

usage(){

    echo "$0 view add/delete type domain record"

    echo "$0 view mod type1:type2 domain record1:record2"

    exit 1

}

if [ $# -ne 5 ];then

    usage



fi

view=$1

action=$2

dtype=$3

domain=$4

target=$5

case $2 in 

add|delete)

    #echo "update $action $domain 600 $dtype $target"

    nsupdate -y "$view:${views[$view]}" <<-EOF

            server 127.0.0.1

            update $action $domain $TTL $dtype $target

            send

EOF

    if [ $? -eq 0 ];then

        echo -e "update $domain --> $ntarget \e[1;32msuccessfull\e[m"

    else

        echo -e  "update $domain --> $ntarget \e[1;31mfailed\e[m"



    fi

    ;;

mod)

    otype=$(echo $dtype |cut -d: -f1)

    ntype=$(echo $dtype |cut -d: -f2)

    otarget=$(echo $target|cut -d: -f1)

    ntarget=$(echo $target|cut -d: -f2)

    nsupdate -y "$view:${views[$view]}" <<-EOF

        server 127.0.0.1

        update delete $domain $TTL $otype $otarget

        update add $domain $TTL $ntype $ntarget

    send

EOF

    if [ $? -eq 0 ];then

        echo -e "update $domain --> $ntarget \e[1;32msuccessfull\e[m"

    else

        echo -e  "update $domain --> $ntarget \e[1;31mfailed\e[m"



    fi

    ;;

*)

    usage

    ;;

esac

使用示范：
给ax3.test.org.新增A记录10.20.1.33

./nsupdate.sh test2 add A  ax3.test.org. 10.20.1.33

给ax3.test.org.删除A记录10.20.1.33

./nsupdate.sh test2 delete A  ax3.test.org. 10.20.1.33

把ax3.test.org.从A记录10.20.1.3修改为cname到www.baidu.com.

./nsupdate.sh test2 mod A:CNAME  ax3.test.org. 10.20.1.3:www.baidu.com.

把ax3.test.org.从cname到www.baidu.com.修改为A记录10.20.1.3

./nsupdate.sh test2 mod CNAME:A  ax3.test.org. www.baidu.com.:10.20.1.3