debian10 dns
The author selected the Electronic Frontier Foundation to receive a donation as part of the Write for DOnations program.
作者選擇了電子前沿基金會來接受捐款,這是Write for DOnations計劃的一部分。
介紹 (Introduction)
OctoDNS is an infrastructure-as-code tool that allows you to deploy and manage your DNS zones using standard software development principles, including version control, testing, and automated deployment. OctoDNS was created by GitHub and is written in Python.
OctoDNS是一種基礎結構編碼工具,可讓您使用标準軟體開發原則(包括版本控制,測試和自動部署)來部署和管理DNS區域。 OctoDNS由GitHub建立,并使用Python編寫。
Using OctoDNS eliminates many of the pitfalls of manual DNS management, as zone files are stored in a structured format (YAML). This allows you to deploy zones to multiple DNS providers simultaneously, identify syntax errors, and push out your DNS configuration automatically, reducing the risk of human error. Another common usage of OctoDNS is to synchronize your DNS configuration between different providers, such as a testing and production system, or between live and failover environments.
由于區域檔案以結構化格式( YAML )存儲,是以使用OctoDNS消除了手動DNS管理的許多陷阱。 這使您可以将區域同時部署到多個DNS提供程式,識别文法錯誤,并自動推出DNS配置,進而降低了人為錯誤的風險。 OctoDNS的另一種常見用法是在不同的提供商(例如測試和生産系統)之間,或在實時和故障轉移環境之間同步DNS配置。
OctoDNS is similar to DNSControl, which is an equivalent tool created by Stack Exchange and written in Go. Unlike OctoDNS, DNSControl uses a JavaScript-based configuration language for defining DNS zones, which allows you to use advanced programmatic features such as loops to specify multiple similar records within the same zone. The article How to Deploy and Manage Your DNS Using DNSControl on Debian 10 covers the basic setup and configuration of DNSControl.
OctoDNS與DNSControl類似,後者是由Stack Exchange建立并用Go編寫的等效工具。 與OctoDNS不同,DNSControl使用基于JavaScript的配置語言來定義DNS區域,該語言允許您使用進階程式設計功能(例如循環)來指定同一區域内的多個相似記錄。 如何在Debian 10上使用DNSControl部署和管理DNS的文章介紹了DNSControl的基本設定和配置。
In this tutorial, you’ll install and configure OctoDNS, create a basic DNS configuration, and begin deploying DNS records to a live provider. As part of this tutorial, we will use DigitalOcean as the example DNS provider. If you wish to use a different provider, the setup is very similar. When you’re finished, you’ll be able to manage and test your DNS configuration in a safe, offline environment, and then automatically deploy it to production.
在本教程中,您将安裝和配置OctoDNS,建立基本的DNS配置,并開始将DNS記錄部署到實時提供程式。 作為本教程的一部分,我們将使用DigitalOcean作為示例DNS提供程式。 如果您想使用其他提供程式 ,則設定非常相似。 完成後,您将能夠在安全的脫機環境中管理和測試DNS配置,然後将其自動部署到生産環境中。
先決條件 (Prerequisites)
Before you begin this guide you’ll need the following:
在開始本指南之前,您需要滿足以下條件:
- One Debian 10 server set up by following the Initial Server Setup with Debian 10, including a sudo non-root user and enabled firewall to block non-essential ports.
your-server-ipv4-address
your-server-ipv6-address
refer to the IP addresses of the server where you’re hosting your website or domain.
通過對Debian 10進行初始伺服器設定來設定一台Debian 10伺服器,包括sudo非root使用者和已啟用的防火牆以阻止非必需端口。
your-server-ipv4-address
your-server-ipv6-address
- A fully registered domain name with DNS hosted by a supported provider. This tutorial will use
your-domain
throughout and DigitalOcean as the service provider.
由支援的提供商托管的具有DNS的完全注冊的域名。 本教程将整個使用
your-domain
-
A DigitalOcean API key (Personal Access Token) with read and write permissions. To create one, visit How to Create a Personal Access Token.
具有讀寫權限的DigitalOcean API密鑰(個人通路令牌)。 要建立一個,請通路如何建立個人通路令牌 。
Once you have these ready, log in to your server as your non-root user to begin.
準備就緒後,以非root使用者身份登入到伺服器以開始。
第1步-安裝OctoDNS (Step 1 — Installing OctoDNS)
OctoDNS is distributed as a Python pip package, and runs in a Python Virtual Environment (
virtualenv
), so you’ll start this step by installing the packages required for this. A
virtualenv
is an isolated Python environment that can have its own libraries and configuration, separate from the main system-wide Python installation. Python and
virtualenv
are available within Debian’s default software repositories, making it possible to install using conventional package management tools.
OctoDNS作為Python pip軟體包分發,并在Python虛拟環境(
virtualenv
)中運作,是以您将通過安裝此步驟所需的軟體包來開始此步驟。
virtualenv
是一個隔離的Python環境,可以具有自己的庫和配置,與系統範圍内的主要Python安裝分開。 Python和
virtualenv
在Debian的預設軟體存儲庫中可用,進而可以使用正常的軟體包管理工具進行安裝。
Begin by updating the local package index to reflect any new upstream changes:
首先更新本地包索引以反映任何新的上遊更改:
-
sudo apt update
sudo apt更新
Then, install the
python
and
virtualenv
packages:
然後,安裝
python
和
virtualenv
軟體包:
-
sudo apt install python virtualenv
sudo apt安裝python virtualenv
After confirming the installation,
apt
will download and install Python,
virtualenv
, and all of their required dependencies.
确認安裝後,
apt
将下載下傳并安裝Python,
virtualenv
及其所有必需的依賴項。
Next, you’ll create the required directories for OctoDNS, where your DNS and program configuration will be stored. Start by creating the
~/octodns
and
~/octodns/config
directories:
接下來,您将為OctoDNS建立所需的目錄,該目錄将存儲您的DNS和程式配置。 首先建立
~/octodns
和
~/octodns/config
目錄:
-
mkdir ~/octodns ~/octodns/config
mkdir〜/ octodns〜/ octodns / config
Now move into
~/octodns
:
現在進入
~/octodns
:
-
cd ~/octodns
cd〜/八進制
Next, you need to create the Python Virtual Environment—an isolated Python environment with its own libraries and configuration to run OctoDNS in:
接下來,您需要建立Python虛拟環境-一個具有自己的庫和配置的隔離的Python環境,以在以下位置運作OctoDNS:
-
virtualenv env
的virtualenv ENV
Activate your environment with the following command:
使用以下指令激活您的環境:
-
source env/bin/activate
源ENV /斌/激活
This will output something similar to the following:
這将輸出類似于以下内容:
Output
Running virtualenv with interpreter /usr/bin/python2
New python executable in /home/user/octodns/env/bin/python2
Also creating executable in /home/user/octodns/env/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
Your Bash shell prompt will now also be prefixed with the name of the virtual environment. This shows that you are currently operating within the
virtualenv
:
現在,您的Bash Shell提示符還将以虛拟環境的名稱為字首。 這表明您目前正在
virtualenv
:
(env) [email protected]:~/octodns$
If you wish to exit the
virtualenv
, you can use the
deactivate
command at any time. However, you should stay in your
virtualenv
to continue with this tutorial.
如果您希望退出
virtualenv
,則可以随時使用
deactivate
指令。 但是,您應該留在
virtualenv
以繼續本教程。
Now that you’ve installed and configured Python and
virtualenv
, you can install OctoDNS. OctoDNS is distributed as a Python pip package, which is the standard package-management tool for Python packages and libraries.
現在,您已經安裝并配置了Python和
virtualenv
,您可以安裝OctoDNS。 OctoDNS作為Python pip軟體包分發,這是Python軟體包和庫的标準軟體包管理工具。
You can install the OctoDNS pip package using the following command within your
virtualenv
:
您可以在
virtualenv
使用以下指令安裝OctoDNS pip軟體包:
-
pip install octodns
點安裝八位
Once this is complete, you can check the installed version to make sure that everything is working:
完成此操作後,您可以檢查已安裝的版本以確定一切正常:
-
octodns-sync --version
octodns-sync --version
Your output will look similar to the following:
您的輸出将類似于以下内容:
Output
octoDNS 0.9.9
If you see a
octodns-sync: command not found
error, double-check that you’re still inside your
virtualenv
.
如果看到
octodns-sync: command not found
錯誤,請仔細檢查您是否仍在
virtualenv
。
Now that you’ve installed OctoDNS, you can create the required configuration files to connect OctoDNS to your DNS provider to allow it to make changes to your DNS records.
現在,您已經安裝了OctoDNS,可以建立所需的配置檔案以将OctoDNS連接配接到您的DNS提供程式,以允許它更改您的DNS記錄。
步驟2 —配置OctoDNS (Step 2 — Configuring OctoDNS)
In this step, you’ll create the required configuration files for OctoDNS, and connect it to your DNS provider so that it can begin to make live changes to your DNS records.
在此步驟中,您将為OctoDNS建立所需的配置檔案,并将其連接配接到DNS提供商,以便它可以開始對DNS記錄進行實時更改。
Note: This tutorial will focus on the initial setup of OctoDNS; however for production use it is recommended to store your OctoDNS configuration in a version control system (VCS) such as Git. The advantages of this include full version control, integration with CI/CD for testing, seamlessly rolling-back deployments, and so on.
注意:本教程将重點介紹OctoDNS的初始設定。 但是,對于生産用途,建議将OctoDNS配置存儲在版本控制系統(VCS)中,例如Git 。 這樣做的優點包括完整的版本控制,與CI / CD內建以進行測試,無縫復原部署等。
Firstly, you need to configure the
config.yaml
file, which defines the DNS zones for OctoDNS to manage, and allows it to authenticate to your DNS provider and make changes.
首先,您需要配置
config.yaml
檔案,該檔案定義了OctoDNS可以管理的DNS區域,并允許它向您的DNS提供商進行身份驗證并進行更改。
The format of
config.yaml
differs slightly depending on the DNS provider that you are using. Please see the Supported Providers list in the official OctoDNS documentation to find the configuration for your own provider. When viewing this hyperlink, the configuration details are presented as a code comment in the actual Python code for your provider, which is linked in the ‘Provider’ column of the table. Once you have found the Python code for your provider, such as
cloudflare.py
or
route53.py
, the relevant code comment can be found directly under the
class
ProviderNameProvider
. For example:
config.yaml
的格式略有不同,具體取決于您使用的DNS提供程式。 請檢視官方OctoDNS文檔中的“ 受支援的提供程式”清單 ,以查找您自己的提供程式的配置。 檢視此超連結時,配置詳細資訊在您的提供程式的實際Python代碼中以代碼注釋的形式顯示,該代碼在表的“提供程式”列中進行連結。 找到提供程式的Python代碼(例如
cloudflare.py
或
route53.py
,可以直接在
ProviderName Provider
class
下找到相關的代碼注釋。 例如:
Excerpt of octodns/provider/route53.py octodns / provider / route53.py的摘錄
class Route53Provider(BaseProvider):
'''
AWS Route53 Provider
route53:
class: octodns.provider.route53.Route53Provider
# The AWS access key id
access_key_id:
# The AWS secret access key
secret_access_key:
# The AWS session token (optional)
# Only needed if using temporary security credentials
session_token:
Move into the
~/octodns/config
directory:
移至
~/octodns/config
目錄:
-
cd ~/octodns/config
cd〜/ octodns / config
Then create and open
config.yaml
for editing:
然後建立并打開
config.yaml
進行編輯:
-
nano config.yaml
納米config.yaml
Add the sample
config.yaml
configuration for your DNS provider to the file. If you’re using DigitalOcean as your DNS provider, you can use the following:
将您的DNS提供程式的示例
config.yaml
配置添加到檔案中。 如果您将DigitalOcean用作DNS提供程式,則可以使用以下内容:
~/octodns/config/config.yaml 〜/ octodns / config / config.yaml
---
providers:
config:
class: octodns.provider.yaml.YamlProvider
directory: ./config
default_ttl: 300
enforce_order: True
digitalocean:
class: octodns.provider.digitalocean.DigitalOceanProvider
token: your-digitalocean-oauth-token
zones:
your-domain.:
sources:
- config
targets:
- digitalocean
This file tells OctoDNS which DNS providers you want it to connect to, and which DNS zones it should manage for those providers.
該檔案告訴OctoDNS您希望它連接配接到哪個DNS提供商,以及應為這些提供商管理哪個DNS區域。
You’ll need to provide some form of authentication for your DNS provider. This is usually an API key or OAuth token.
您需要為您的DNS提供程式提供某種形式的身份驗證。 這通常是API密鑰或OAuth令牌。
If you do not wish to store your access token in plain text in the configuration file, you can instead pass it as an environment variable when the program runs. To do this, you should use the following
token:
line instead in
config.yaml
:
如果您不希望将通路令牌以純文字格式存儲在配置檔案中,則可以在程式運作時将其作為環境變量傳遞。 為此,您應該使用以下
token:
在
config.yaml
使用line代替:
~/octodns/config/config.yaml 〜/ octodns / config / config.yaml
token: env/DIGITALOCEAN\_OAUTH\_TOKEN
Then, before running OctoDNS, set the relevant environment variable to your access token, and OctoDNS will read it from there when run:
然後,在運作OctoDNS之前,将相關的環境變量設定為您的通路令牌,OctoDNS将從運作時從那裡讀取它:
-
export DIGITALOCEAN\_OAUTH\_TOKEN=your-digitalocean-oauth-token
導出DIGITALOCEAN \ _OAUTH \ _TOKEN = your-digitalocean-oauth-token
Warning: This token will grant access to your DNS provider account, so you should protect it as you would a password. Also, ensure that if you’re using a version control system, either the file containing the token is excluded (e.g. using
.gitignore
), or is securely encrypted in some way.
警告:此令牌将授予對您的DNS提供程式帳戶的通路權限,是以您應像使用密碼一樣保護它。 另外,請確定如果使用的是版本控制系統,則排除包含令牌的檔案(例如,使用
.gitignore
),或以某種方式對其進行安全加密。
If you’re using DigitalOcean as your DNS provider, you can use the required OAuth token in your DigitalOcean account settings that you generated as part of the prerequisites.
如果您将DigitalOcean用作DNS提供程式,則可以在作為先決條件的一部分而生成的DigitalOcean帳戶設定中使用所需的OAuth令牌。
If you have multiple different DNS providers—for example, for multiple domain names, or delegated DNS zones—you can define these all in the same
config.yaml
file.
如果您有多個不同的DNS提供程式(例如,多個域名或委托的DNS區域),則可以在同一
config.yaml
檔案中定義所有這些。
You’ve set up the initial OctoDNS configuration file to allow the program to authenticate to your DNS provider and make changes. Next you’ll create the configuration for your DNS zones.
您已經設定了初始的OctoDNS配置檔案,以允許該程式向您的DNS提供程式進行身份驗證并進行更改。 接下來,您将為DNS區域建立配置。
步驟3 —建立DNS配置檔案 (Step 3 — Creating a DNS Configuration File)
In this step, you’ll create an initial DNS configuration file, which will contain the DNS records for your domain name or delegated DNS zone.
在此步驟中,您将建立一個初始DNS配置檔案,其中将包含您的域名或委派DNS區域的DNS記錄。
Each DNS zone that you want to manage using OctoDNS has its own file, for example
your-domain.yaml
. In this file, the DNS records for the zone are defined using YAML.
您要使用OctoDNS管理的每個DNS區域都有其自己的檔案,例如
your-domain .yaml
。 在此檔案中,使用YAML定義區域的DNS記錄。
To begin, move into the
~/octodns/config
directory:
首先,進入
~/octodns/config
目錄:
-
cd ~/octodns/config
cd〜/ octodns / config
Then create and open
your-domain.yaml
for editing:
然後建立并打開
your-domain .yaml
以進行編輯:
-
nano your-domain.yaml
納米您的域 .yaml
Add the following sample configuration to the file:
将以下樣本配置添加到檔案中:
~/octodns/config/your-domain.yaml 〜/ octodns / config / your-domain.yaml
---
'':
- type: A
value: your-server-ipv4-address
www:
- type: A
value: your-server-ipv4-address
This sample file defines a DNS zone for
your-domain
with two
A
records, pointing to the IPv4 address that you’re hosting your domain or website on. One
A
record is for the root domain (e.g.
your-domain
), and the other is for the
www
subdomain (e.g.
www.your-domain
).
此樣本檔案為
your-domain
定義了一個DNS區域,其中包含兩個
A
記錄,指向您托管域或網站所在的IPv4位址。 一個
A
記錄用于根域(例如
your-domain
),而另一個記錄用于
www
子域(例如
www. your-domain
)。
Once complete, save and close the file.
完成後,儲存并關閉檔案。
You’ve set up a basic DNS zone configuration file for OctoDNS, with two basic
A
records pointing to the IPv4 address of your domain or website. Next, you’ll expand the file with some useful DNS records.
您已經為OctoDNS設定了基本的DNS區域配置檔案,其中兩個基本的
A
記錄指向您的域或網站的IPv4位址。 接下來,您将使用一些有用的DNS記錄來擴充該檔案。
步驟4 —填充您的DNS配置檔案 (Step 4 — Populating Your DNS Configuration File)
Next, you can populate the DNS configuration file with a practical set of DNS records for your website or service, using the YAML structured configuration language.
接下來,您可以使用YAML結構化的配置語言,為您的網站或服務使用一組實用的DNS記錄填充DNS配置檔案。
Unlike traditional BIND zone files, where DNS records are written in a raw, line-by-line format, DNS records within OctoDNS are defined as YAML keys and subkeys with a number of associated values, as shown briefly in Step 3.
與傳統的BIND區域檔案不同,在傳統的BIND區域檔案中 ,DNS記錄以原始的逐行格式寫入,而OctoDNS中的DNS記錄被定義為具有許多關聯值的YAML密鑰和子密鑰,如步驟3所示。
The top-level key is usually the
'name'
, which is essentially the record identifier.
www
,
subdomain1
, and
mail
are all examples of DNS
'name'
. In OctoDNS, there are two special-use names, which are
''
, for the root record (usually referred to as
@
), and
'*'
, for wildcard records. A required value of each key (DNS record) is
type
. This defines which type of DNS record you are defining within that YAML top-level key. A
type
exists for each of the standard DNS record types, including
A
,
AAAA
,
MX
,
TXT
,
NS
,
CNAME
, and so on. A full list of available record types is available in the Records section of the OctoDNS documentation.
頂級密鑰通常是
'name'
,本質上是記錄辨別符。
www
,
subdomain1
和
mail
都是DNS'name
'name'
示例。 在OctoDNS,有兩個特殊用途的名稱,這是
''
,根記錄(通常簡稱為
@
),和
'*'
,通配符記錄。 每個密鑰(DNS記錄)的必需值為
type
。 這定義了您在該YAML頂級密鑰中定義的DNS記錄類型。 甲
type
存在于每個标準的DNS記錄類型,包括
A
,
AAAA
,
MX
,
TXT
,
NS
,
CNAME
,等等。 可用記錄類型的完整清單在OctoDNS文檔的“ 記錄”部分中提供。
The values for your DNS records are defined either directly as values to the top-level keys (if you only have one value), or as a list (if you have multiple values, e.g. multiple IP addresses or MX addresses).
DNS記錄的值可以直接定義為頂級鍵的值(如果隻有一個值),也可以定義為清單(如果有多個值,例如多個IP位址或MX位址)。
For example, to define a single value, you could use the following configuration:
例如,要定義一個值,可以使用以下配置:
~/octodns/config/your-domain.yaml 〜/ octodns / config / your-domain.yaml
'www':
type: A
value: 203.0.113.1
Alternatively, to define multiple values for a single record:
或者,為單個記錄定義多個值:
~/octodns/config/your-domain.yaml 〜/ octodns / config / your-domain.yaml
'www':
type: A
values:
- 203.0.113.1
- 203.0.113.2
The syntax for setting DNS records varies slightly for each record type. Following are some examples for the most common record types:
設定DNS記錄的文法因每種記錄類型而略有不同。 以下是一些最常見的記錄類型的示例:
A
A
A
A
Purpose: To point to an IPv4 address.
目的:指向一個IPv4位址。
Syntax:
句法:
'name':
type: A
value: ipv4-address
Example:
例:
'www':
type: A
value: your-server-ipv4-address
AAAA
AAAA
AAAA
AAAA
Purpose: To point to an IPv6 address.
目的:指向一個IPv6位址。
Syntax:
句法:
'name':
type: AAAA
value: ipv6-address
Example:
例:
'www':
type: AAAA
value: your-server-ipv6-address
CNAME
CNAME
CNAME
CNAME
Purpose: To make your domain/subdomain an alias of another.
目的:使您的域/子域成為另一個的别名。
Syntax:
句法:
'name':
type: CNAME
value: fully-qualified-domain-name
Example:
例:
'www':
type: CNAME
value: www.example.org
MX
MX
MX
MX
Purpose: To direct email to specific servers/addresses.
目的:将電子郵件定向到特定的伺服器/位址。
Syntax:
句法:
'name':
type: MX
value:
exchange: mail-server
preference: priority-value
Note that a trailing
.
must be included if there are any dots in the MX value.
注意尾随
.
如果MX值中有任何點,則必須包含在内。
Example:
例:
'':
type: MX
value:
exchange: mail.your-domain.
preference: 10
TXT
TXT
TXT
TXT
Purpose: To add arbitrary plain text, often used for configurations without their own dedicated record type.
目的:添加任意純文字,通常用于沒有自己專用記錄類型的配置。
Syntax:
句法:
'name':
type: TXT
value: content
Example:
例:
'':
type: TXT
value: This is a TXT record.
In order to begin adding DNS records for your domain or delegated DNS zone, edit your DNS configuration file:
為了開始為您的域或委派DNS區域添加DNS記錄,請編輯您的DNS配置檔案:
-
cd ~/octodns/config
cd〜/ octodns / config
-
nano your-domain.yaml
納米您的域 .yaml
Next, you can begin populating your DNS zone using the syntax described in the previous list, as well as the Records section of the official OctoDNS documentation.
接下來,您可以開始使用上一清單中所述的文法以及官方OctoDNS文檔的“ 記錄”部分來填充DNS區域。
For reference, the code block here contains a full sample configuration for an initial DNS setup:
作為參考,此處的代碼塊包含用于初始DNS設定的完整示例配置:
~/octodns/config/your-domain.yaml 〜/ octodns / config / your-domain.yaml
---
'':
- type: A
value: your-server-ipv4-address
- type: AAAA
value: your-server-ipv6-address
- type: MX
value:
exchange: mail.your-domain.
preference: 10
- type: TXT
value: v=spf1 -all
_dmarc:
type: TXT
value: v=DMARC1\; p=reject\; rua=mailto:[email protected]\; aspf=s\; adkim=s\;
mail:
- type: A
value: your-server-ipv4-address
- type: AAAA
value: your-server-ipv6-address
www:
- type: A
value: your-server-ipv4-address
- type: AAAA
value: your-server-ipv6-address
Once you have completed your initial DNS configuration, save and close the file.
完成初始DNS配置後,儲存并關閉檔案。
In this step, you set up the initial DNS configuration file, containing your DNS records. Next, you will test the configuration and deploy it.
在此步驟中,您将設定包含DNS記錄的初始DNS配置檔案。 接下來,您将測試配置并部署它。
第5步-測試和部署DNS配置 (Step 5 — Testing and Deploying Your DNS Configuration)
In this step, you will run a local syntax check on your DNS configuration, and then deploy the changes to the live DNS server/provider.
在此步驟中,您将對DNS配置運作本地文法檢查,然後将更改部署到實時DNS伺服器/提供程式。
Firstly, move into your
octodns
directory:
首先,進入您的
octodns
目錄:
-
cd ~/octodns
cd〜/八進制
Double check that you’re still operating within your Python
virtualenv
by looking for the name of it before your Bash prompt:
通過在Bash提示符之前查找它的名稱來仔細檢查您是否仍在Python
virtualenv
運作:
(env) [email protected]:~/octodns$
Next, use the
octodns-validate
command to check the syntax of your configuration file(s). You’ll need to specify the path to your configuration file:
接下來,使用
octodns-validate
指令檢查您的配置檔案的文法。 您需要指定配置檔案的路徑:
-
octodns-validate --config=./config/config.yaml
octodns-validate --config =。/ config / config.yaml
If the YAML syntax of your DNS configuration file is correct, OctoDNS will return with no output. If you see an error or warning in your output, OctoDNS will provide details on what and where the error is located within your YAML file.
如果您的DNS配置檔案的YAML文法正确,則OctoDNS将傳回而沒有任何輸出。 如果在輸出中看到錯誤或警告,OctoDNS将提供有關YAML檔案中錯誤的位置和位置的詳細資訊。
Next, you can perform a dry-run push of the DNS configuration, which will output which changes will be made, without actually making them:
接下來,您可以對DNS配置執行空運作推送,而無需實際進行更改即可輸出将進行的更改:
-
octodns-sync --config=./config/config.yaml
octodns-sync --config =。/ config / config.yaml
This should produce an output similar to the following:
這将産生類似于以下内容的輸出:
Output
********************************************************************************
* your-domain.
********************************************************************************
* digitalocean (DigitalOceanProvider)
* Create <ARecord A 300, mail.your-domain., ['your-server-ipv4-address']> (config)
* Create <AaaaRecord AAAA 300, mail.your-domain., ['your-server-ipv6-address']> (config)
* Create <TxtRecord TXT 300, your-domain., ['v=spf1 -all']> (config)
* Create <AaaaRecord AAAA 300, your-domain., ['your-server-ipv6-address']> (config)
* Create <ARecord A 300, your-domain., ['your-server-ipv4-address']> (config)
* Create <ARecord A 300, www.your-domain., ['your-server-ipv4-address']> (config)
* Create <MxRecord MX 300, your-domain., [''10 mail.your-domain.'']> (config)
* Create <TxtRecord TXT 300, _dmarc.your-domain., ['v=DMARC1\; p=reject\; rua=mailto:[email protected]\; aspf=s\; adkim=s\;']> (config)
* Create <AaaaRecord AAAA 300, www.your-domain., ['your-server-ipv6-address']> (config)
* Summary: Creates=9, Updates=0, Deletes=0, Existing Records=2
********************************************************************************
Warning: The next command will make live changes to your DNS records and possibly other settings. Please ensure that you are prepared for this, including taking a backup of your existing DNS configuration, as well as ensuring that you have the means to roll back if needed.
警告:下一條指令将實時更改您的DNS記錄和其他可能的設定。 請確定為此做好準備,包括備份現有的DNS配置,以及確定您有必要時進行復原的方法。
Finally, you can push out the changes to your live DNS provider:
最後,您可以将更改推送到實時DNS提供商:
-
octodns-sync --config=./config/config.yaml --doit
octodns-sync --config =。/ config / config.yaml --doit
Note: In some cases, OctoDNS will refuse to push changes if it is making a significant number of adjustments. This is an automatic protection feature to prevent accidental misconfigurations. If you encounter this refusal, you can re-run
octodns-sync
using the
--force
option, but please ensure you are ready to do so.
注意:在某些情況下,如果OctoDNS進行了大量調整,則拒絕更改。 這是一項自動保護功能,可防止意外配置錯誤。 如果遇到這種拒絕,您可以使用
--force
選項重新運作
octodns-sync
,但請確定已準備就緒。
You’ll see an output like the dry-run earlier in this step, but with the addition of something similar to the following:
在此步驟中,您會看到類似于試運作的輸出,但是添加了類似于以下内容的輸出:
Output
2019-07-07T23:17:27 INFO DigitalOceanProvider[digitalocean] apply: making changes
2019-07-07T23:17:30 INFO Manager sync: 9 total changes
Now, if you check the DNS settings for your domain in the DigitalOcean control panel, you’ll see the changes.
現在,如果您在DigitalOcean控制台中檢查域的DNS設定,您将看到更改。
You can also check the record creation by running a DNS query for your domain/delegated zone using
dig
.
您還可以通過使用
dig
為您的域/委派區域運作DNS查詢來檢查記錄的建立。
If you don’t have
dig
installed, you’ll need to install the
dnsutils
package:
如果沒有安裝
dig
,則需要安裝
dnsutils
軟體包:
-
sudo apt install dnsutils
sudo apt安裝dnsutils
Once you’ve installed
dig
, you can use it to make a DNS lookup for your domain. You’ll see that the records have been updated accordingly:
安裝
dig
,您可以使用它為您的域進行DNS查找。 您會看到記錄已相應更新:
-
dig +short your-domain
挖+短您的網域
You’ll see output showing the IP address and relevant DNS record from your zone that you deployed using OctoDNS. DNS records can take some time to propagate, so you may need to wait and run this command again.
您将看到輸出,顯示使用OctoDNS部署的區域中的IP位址和相關的DNS記錄。 DNS記錄可能需要一些時間才能傳播,是以您可能需要等待并再次運作此指令。
In this final step, you ran a local syntax check of the DNS configuration file, then deployed it to your live DNS provider, and tested that the changes were made successfully.
在最後一步中,您對DNS配置檔案進行了本地文法檢查,然後将其部署到實時DNS提供程式中,并測試了更改是否成功完成。
結論 (Conclusion)
In this article you set up OctoDNS and deployed a DNS configuration to a live provider. Now you can manage and test your DNS configuration changes in a safe, offline environment before deploying them to production.
在本文中,您将設定OctoDNS并将DNS配置部署到實時提供程式。 現在,您可以在安全的脫機環境中管理和測試DNS配置更改,然後再将其部署到生産環境中。
If you wish to explore this subject further, OctoDNS is designed to be integrated into your CI/CD pipeline, allowing you to run in-depth tests and have more control over your deployment to production. You could also look into integrating OctoDNS into your infrastructure build/deployment processes, allowing you to deploy servers and add them to DNS completely automatically.
如果您想進一步探索該主題,則可以将OctoDNS設計為內建到CI / CD管道中,進而使您可以進行深入的測試,并更好地控制生産部署。 您還可以考慮将OctoDNS內建到基礎結構的建構/部署過程中,進而允許您部署伺服器并将其完全自動添加到DNS中。
If you wish to go further with OctoDNS, the following DigitalOcean articles provide some interesting next steps to help integrate OctoDNS into your change management and infrastructure deployment workflows:
如果您想進一步了解OctoDNS,以下DigitalOcean文章提供了一些有趣的下一步,以幫助将OctoDNS內建到您的變更管理和基礎架構部署工作流中:
-
An Introduction to Continuous Integration, Delivery, and Deployment
持續內建,傳遞和部署簡介
-
CI/CD Tools Comparison: Jenkins, GitLab CI, Buildbot, Drone, and Concourse
CI / CD工具比較:Jenkins,GitLab CI,Buildbot,Drone和Concourse
-
Getting Started with Configuration Management
配置管理入門
翻譯自: https://www.digitalocean.com/community/tutorials/how-to-deploy-and-manage-your-dns-using-octodns-on-debian-10
debian10 dns
![AOP程式設計_Android優雅權限架構(1)概念基礎,2021金三銀四前言正文大綱正文[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)