多个view的时候使用nsupdate更新记录

大家经常使用bind的时候是划分不同的view的,因为每个view的zone需要单独修改,所以人肉修改是比较麻烦的。这个时候可以使用nsupdate进行批量的操作。只要注意每个view使用正确的记录就行。
使用nsupdate需要给每个view都创建一个key,每个view指定允许对应的这个key能更新。
views.key文件:


key "default" {
    algorithm hmac-md5;
    secret "GkbQ6Q2WtVqu9pk8WzPDOA==";
};
key "test1" {
    algorithm hmac-md5;
    secret "4qEjC+NgFmRvGdt8DuCRDA==";
};
key "test2" {
    algorithm hmac-md5;
    secret "88PUPwk66CbQacWCgFG0kw==";
};

named.conf文件


controls {
    inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { "rndc-key"; };
};
//
acl test1 {
    10.0.0.0/8;
};
acl test2 {
    192.0.0.0/8;
};
acl slavedns {  
        192.18.208.31; //ztt dns1

        127.0.0.1;
};
options {
     listen-on port 53 { any; };
     listen-on-v6  { none; };
     directory      "/opt/bind/etc/";
     dump-file      "/opt/bind/var/named/data/cache_dump.db";
     statistics-file "/opt/bind/var/named/data/named_stats.txt";
     memstatistics-file "/opt/bind/var/named/data/named_mem_stats.txt";
     zone-statistics yes;
     allow-query     { any; };
# recursion config
     recursion yes;
     max-ncache-ttl 60;
     recursive-clients 2000;
# dnssec config
     dnssec-enable yes;
     dnssec-validation yes;
     dnssec-lookaside auto;
# rrt config
     rate-limit {
        responses-per-second 20;
        qps-scale  1000;
        window 4;
        slip 2;
        ipv4-prefix-length 32;
    };
# rpz config
    response-policy {
        zone "rpz.zone"  policy given;
   };
# log query
      querylog yes;
#define version
      version "GNUer's dns 2.0";
## transfer config
      notify explicit;
      tcp-clients 2000;
      transfers-out 100;
      allow-transfer {  slavedns; 127.0.0.1;};
      also-notify {
                192.18.208.31;

    };
     /* Path to ISC DLV key */
     #bindkeys-file "/opt/bind/etc/named.iscdlv.key";
};

logging {
  channel default_syslog { file "/opt/bind/var/log/named.syslog" versions 5 size 100m; severity dynamic; print-time yes;};
  channel default_debug { file "/opt/bind/var/log/named.run" versions 5 size 100m; severity dynamic; print-time yes;};
  channel default_stderr { stderr; severity info; };
  channel null { null; };
  channel general_debug { file "/opt/bind/var/log/named.general" versions 3 size 100m; severity dynamic; print-time yes;};
  channel database_debug { file "/opt/bind/var/log/named.database" versions 3 size 100m; severity dynamic; print-time yes;};
  channel query_log { file "/opt/bind/var/log/named.query" versions 3 size 100m; severity dynamic; print-time yes;print-severity yes; print-category yes;};
  channel resolver_log { file "/opt/bind/var/log/named.resolver" versions 3 size 100m; severity dynamic; print-time yes;};
  channel security_log { file "/opt/bind/var/log/named.security" versions 3 size 100m; severity dynamic; print-time yes;};
  channel notify_log { file "/opt/bind/var/log/named.notify" versions 3 size 100m; severity dynamic; print-time yes;};
  channel rrt_log { file "/opt/bind/var/log/named.rrt" versions 3 size 100m; severity dynamic; print-time yes;};
  channel rpz_log { file "/opt/bind/var/log/named.rpz" versions 3 size 100m; severity dynamic; print-time yes;};
  category default {null; };
  category queries { query_log; };
  category resolver { resolver_log; };
  category security { security_log; };
  category notify { notify_log; };
  category xfer-in { notify_log; };
  category xfer-out { notify_log; };
  category update { notify_log; };
  category unmatched {default_syslog; };
  category rate-limit {rrt_log;};
  category rpz {rpz_log;};
};
view "test1" {
    recursion yes;
    allow-query { any; };
    match-clients {test1; key test1;};
    allow-update { key test1; };
    zone "test.org" {
        type master;
        file "master/test.org.view1";
    };      
    zone "rpz.zone" {
       type master;
       file "master/rpz.zone";
       allow-update {none;};
   };
   zone "."{
     type hint;
     file "named.root";
   };
};

view "test2" {
    recursion yes;
    allow-query { any; };
    match-clients {test2; key test2;};
    allow-update { key test2; };
    zone "test.org" {
        type master;
        file "master/test.org.view2";
    };      
    zone "rpz.zone" {
       type master;
       file "master/rpz.zone";
       allow-update {none;};
   };
   zone "."{
     type hint;
     file "named.root";
   };
};
view "default" {
    recursion yes;
    allow-query { any; };
    match-clients {any;key default; };
    allow-update { key default; };
    zone "test.org" {
        type master;
        file "master/test.org.default";
    };      
    zone "rpz.zone" {
       type master;
       file "master/rpz.zone";
       allow-update {none;};
   };
   zone "."{
     type hint;
     file "named.root";
   };
};

nsupdate脚本


#!/bin/bash
TTL=600
declare -A views
views["test1"]="4qEjC+NgFmRvGdt8DuCRDA=="
views["test2"]="88PUPwk66CbQacWCgFG0kw=="
views["default"]="GkbQ6Q2WtVqu9pk8WzPDOA=="
usage(){
    echo "$0 view add/delete type domain record"
    echo "$0 view mod type1:type2 domain record1:record2"
    exit 1
}
if [ $# -ne 5 ];then
    usage

fi
view=$1
action=$2
dtype=$3
domain=$4
target=$5
case $2 in
add|delete)
    #echo "update $action $domain 600 $dtype $target"
    nsupdate -y "$view:${views[$view]}" <<-EOF
            server 127.0.0.1
            update $action $domain $TTL $dtype $target
            send
EOF
    if [ $? -eq 0 ];then
        echo -e "update $domain --> $ntarget \e[1;32msuccessfull\e[m"
    else
        echo -e  "update $domain --> $ntarget \e[1;31mfailed\e[m"

    fi
    ;;
mod)
    otype=$(echo $dtype |cut -d: -f1)
    ntype=$(echo $dtype |cut -d: -f2)
    otarget=$(echo $target|cut -d: -f1)
    ntarget=$(echo $target|cut -d: -f2)
    nsupdate -y "$view:${views[$view]}" <<-EOF
        server 127.0.0.1
        update delete $domain $TTL $otype $otarget
        update add $domain $TTL $ntype $ntarget
    send
EOF
    if [ $? -eq 0 ];then
        echo -e "update $domain --> $ntarget \e[1;32msuccessfull\e[m"
    else
        echo -e  "update $domain --> $ntarget \e[1;31mfailed\e[m"

    fi
    ;;
*)
    usage
    ;;
esac

使用示范:
给ax3.test.org.新增A记录10.20.1.33


./nsupdate.sh test2 add A  ax3.test.org. 10.20.1.33

给ax3.test.org.删除A记录10.20.1.33


./nsupdate.sh test2 delete A  ax3.test.org. 10.20.1.33

把ax3.test.org.从A记录10.20.1.3修改为cname到www.baidu.com.


./nsupdate.sh test2 mod A:CNAME  ax3.test.org. 10.20.1.3:www.baidu.com.

把ax3.test.org.从cname到www.baidu.com.修改为A记录10.20.1.3


./nsupdate.sh test2 mod CNAME:A  ax3.test.org. www.baidu.com.:10.20.1.3
此条目发表在dns分类目录。将固定链接加入收藏夹。

发表评论