大家经常使用bind的时候是划分不同的view的,因为每个view的zone需要单独修改,所以人肉修改是比较麻烦的。这个时候可以使用nsupdate进行批量的操作。只要注意每个view使用正确的记录就行。使用nsupdate需要给每个view都创建一个key,每个view指定允许对应的这个key能更新。views.key文件:
key "default" {
algorithm hmac-md5;
secret "GkbQ6Q2WtVqu9pk8WzPDOA==";
};
key "test1" {
algorithm hmac-md5;
secret "4qEjC+NgFmRvGdt8DuCRDA==";
};
key "test2" {
algorithm hmac-md5;
secret "88PUPwk66CbQacWCgFG0kw==";
};
named.conf文件
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1;
} keys { "rndc-key";
};
};
//
acl test1 {
10.0.0.0/8;
};
acl test2 {
192.0.0.0/8;
};
acl slavedns {
192.18.208.31;
//ztt dns1
127.0.0.1;
};
options {
listen-on port 53 { any;
};
listen-on-v6 { none;
};
directory "/opt/bind/etc/";
dump-file "/opt/bind/var/named/data/cache_dump.db";
statistics-file "/opt/bind/var/named/data/named_stats.txt";
memstatistics-file "/opt/bind/var/named/data/named_mem_stats.txt";
zone-statistics yes; allow-query { any; };
recursion config
recursion yes; max-ncache-ttl 60; recursive-clients 2000;
dnssec config
dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
rrt config
rate-limit { responses-per-second 20; qps-scale 1000; window 4; slip 2; ipv4-prefix-length 32; };
rpz config
response-policy { zone “rpz.zone” policy given; };
log query
querylog yes; #define version version “GNUer’s dns 2.0”;
transfer config
notify explicit; tcp-clients 2000; transfers-out 100; allow-transfer { slavedns; 127.0.0.1;}; also-notify { 192.18.208.31;
}; /* Path to ISC DLV key */
#bindkeys-file "/opt/bind/etc/named.iscdlv.key";
};
logging {
channel default_syslog { file "/opt/bind/var/log/named.syslog" versions 5 size 100m;
severity dynamic;
print-time yes;
};
channel default_debug { file "/opt/bind/var/log/named.run" versions 5 size 100m;
severity dynamic;
print-time yes;
};
channel default_stderr { stderr;
severity info;
};
channel null { null; };
channel general_debug { file "/opt/bind/var/log/named.general" versions 3 size 100m;
severity dynamic;
print-time yes;
};
channel database_debug { file "/opt/bind/var/log/named.database" versions 3 size 100m;
severity dynamic;
print-time yes;
};
channel query_log { file "/opt/bind/var/log/named.query" versions 3 size 100m;
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
channel resolver_log { file "/opt/bind/var/log/named.resolver" versions 3 size 100m;
severity dynamic;
print-time yes;
};
channel security_log { file "/opt/bind/var/log/named.security" versions 3 size 100m;
severity dynamic;
print-time yes;
};
channel notify_log { file "/opt/bind/var/log/named.notify" versions 3 size 100m;
severity dynamic;
print-time yes;
};
channel rrt_log { file "/opt/bind/var/log/named.rrt" versions 3 size 100m;
severity dynamic;
print-time yes;
};
channel rpz_log { file "/opt/bind/var/log/named.rpz" versions 3 size 100m;
severity dynamic;
print-time yes;
};
category default {null; }; category queries { query_log; }; category resolver { resolver_log; }; category security { security_log; }; category notify { notify_log; }; category xfer-in { notify_log; }; category xfer-out { notify_log; }; category update { notify_log; }; category unmatched {default_syslog; }; category rate-limit {rrt_log;}; category rpz {rpz_log;}; }; view “test1” { recursion yes; allow-query { any; }; match-clients {test1; key test1;}; allow-update { key test1; }; zone “test.org” { type master; file “master/test.org.view1”; }; zone “rpz.zone” { type master; file “master/rpz.zone”; allow-update {none;}; }; zone “.”{ type hint; file “named.root”; }; };
view “test2” { recursion yes; allow-query { any; }; match-clients {test2; key test2;}; allow-update { key test2; }; zone “test.org” { type master; file “master/test.org.view2”; }; zone “rpz.zone” { type master; file “master/rpz.zone”; allow-update {none;}; }; zone “.”{ type hint; file “named.root”; }; }; view “default” { recursion yes; allow-query { any; }; match-clients {any;key default; }; allow-update { key default; }; zone “test.org” { type master; file “master/test.org.default”; }; zone “rpz.zone” { type master; file “master/rpz.zone”; allow-update {none;}; }; zone “.”{ type hint; file “named.root”; }; };
nsupdate脚本
#!/bin/bash TTL=600 declare -A views views[“test1”]=“4qEjC+NgFmRvGdt8DuCRDA==” views[“test2”]=“88PUPwk66CbQacWCgFG0kw==” views[“default”]=“GkbQ6Q2WtVqu9pk8WzPDOA==” usage(){
echo "$0 view add/delete type domain record"
echo "$0 view mod type1:type2 domain record1:record2"
exit 1
}
```bash
if [ $# -ne 5 ];then
usage fi view=$1 action=$2 dtype=$3 domain=$4 target=$5 case $2 in add|delete)
#echo "update $action $domain 600 $dtype $target"
nsupdate -y "$view:${views[$view]}" <<-EOF
server 127.0.0.1
update $action $domain $TTL $dtype $target
send
EOF
```bash
if [ $? -eq 0 ];
then
```bash
echo -e "update $domain --> $ntarget \e[1;32msuccessfull\e[m"
else echo -e “up date $domain –> $ntarget \e[1; 31mfailed\e[m” fi ; ; mod) otype=$( echo $dtype |cut -d: -f1) ntype=$( echo $dtype |cut -d: -f2) otarget=$( echo $target|cut -d: -f1) ntarget=$( echo $target|cut -d: -f2)
nsupdate -y "$view:${views[$view]}" <<-EOF
server 127.0.0.1
update delete $domain $TTL $otype $otarget
update add $domain $TTL $ntype $ntarget
send
EOF
```bash
if [ $? -eq 0 ];
then
```bash
echo -e "update $domain --> $ntarget \e[1;32msuccessfull\e[m"
else echo -e “up date $domain –> $ntarget \e[1; 31mfailed\e[m” fi ; ; *) usage ; ; esac
使用示范:给ax3.test.org.新增A记录10.20.1.33
./nsupdate.sh test2 add A ax3.test.org. 10.20.1.33
给ax3.test.org.删除A记录10.20.1.33
./nsupdate.sh test2 delete A ax3.test.org. 10.20.1.33
把ax3.test.org.从A记录10.20.1.3修改为cname到www.baidu.com.
./nsupdate.sh test2 mod A:CNAME ax3.test.org. 10.20.1.3:www.baidu.com.
把ax3.test.org.从cname到www.baidu.com.修改为A记录10.20.1.3
./nsupdate.sh test2 mod CNAME:A ax3.test.org. www.baidu.com.:10.20.1.3