debian10 dns
The author selected the Electronic Frontier Foundation to receive a donation as part of the Write for DOnations program.
作者选择了电子前沿基金会来接受捐款,这是Write for DOnations计划的一部分。
介绍 (Introduction)
OctoDNS is an infrastructure-as-code tool that allows you to deploy and manage your DNS zones using standard software development principles, including version control, testing, and automated deployment. OctoDNS was created by GitHub and is written in Python.
OctoDNS是一种基础结构编码工具,可让您使用标准软件开发原则(包括版本控制,测试和自动部署)来部署和管理DNS区域。 OctoDNS由GitHub创建,并使用Python编写。
Using OctoDNS eliminates many of the pitfalls of manual DNS management, as zone files are stored in a structured format (YAML). This allows you to deploy zones to multiple DNS providers simultaneously, identify syntax errors, and push out your DNS configuration automatically, reducing the risk of human error. Another common usage of OctoDNS is to synchronize your DNS configuration between different providers, such as a testing and production system, or between live and failover environments.
由于区域文件以结构化格式( YAML )存储,因此使用OctoDNS消除了手动DNS管理的许多陷阱。 这使您可以将区域同时部署到多个DNS提供程序,识别语法错误,并自动推出DNS配置,从而降低了人为错误的风险。 OctoDNS的另一种常见用法是在不同的提供商(例如测试和生产系统)之间,或在实时和故障转移环境之间同步DNS配置。
OctoDNS is similar to DNSControl, which is an equivalent tool created by Stack Exchange and written in Go. Unlike OctoDNS, DNSControl uses a JavaScript-based configuration language for defining DNS zones, which allows you to use advanced programmatic features such as loops to specify multiple similar records within the same zone. The article How to Deploy and Manage Your DNS Using DNSControl on Debian 10 covers the basic setup and configuration of DNSControl.
OctoDNS与DNSControl类似,后者是由Stack Exchange创建并用Go编写的等效工具。 与OctoDNS不同,DNSControl使用基于JavaScript的配置语言来定义DNS区域,该语言允许您使用高级编程功能(例如循环)来指定同一区域内的多个相似记录。 如何在Debian 10上使用DNSControl部署和管理DNS的文章介绍了DNSControl的基本设置和配置。
In this tutorial, you’ll install and configure OctoDNS, create a basic DNS configuration, and begin deploying DNS records to a live provider. As part of this tutorial, we will use DigitalOcean as the example DNS provider. If you wish to use a different provider, the setup is very similar. When you’re finished, you’ll be able to manage and test your DNS configuration in a safe, offline environment, and then automatically deploy it to production.
在本教程中,您将安装和配置OctoDNS,创建基本的DNS配置,并开始将DNS记录部署到实时提供程序。 作为本教程的一部分,我们将使用DigitalOcean作为示例DNS提供程序。 如果您想使用其他提供程序 ,则设置非常相似。 完成后,您将能够在安全的脱机环境中管理和测试DNS配置,然后将其自动部署到生产环境中。
先决条件 (Prerequisites)
Before you begin this guide you’ll need the following:
在开始本指南之前,您需要满足以下条件:
- One Debian 10 server set up by following the Initial Server Setup with Debian 10, including a sudo non-root user and enabled firewall to block non-essential ports.
your-server-ipv4-address
your-server-ipv6-address
refer to the IP addresses of the server where you’re hosting your website or domain.
通过对Debian 10进行初始服务器设置来设置一台Debian 10服务器,包括sudo非root用户和已启用的防火墙以阻止非必需端口。
your-server-ipv4-address
your-server-ipv6-address
- A fully registered domain name with DNS hosted by a supported provider. This tutorial will use
your-domain
throughout and DigitalOcean as the service provider.
由支持的提供商托管的具有DNS的完全注册的域名。 本教程将整个使用
your-domain
-
A DigitalOcean API key (Personal Access Token) with read and write permissions. To create one, visit How to Create a Personal Access Token.
具有读写权限的DigitalOcean API密钥(个人访问令牌)。 要创建一个,请访问如何创建个人访问令牌 。
Once you have these ready, log in to your server as your non-root user to begin.
准备就绪后,以非root用户身份登录到服务器以开始。
第1步-安装OctoDNS (Step 1 — Installing OctoDNS)
OctoDNS is distributed as a Python pip package, and runs in a Python Virtual Environment (
virtualenv
), so you’ll start this step by installing the packages required for this. A
virtualenv
is an isolated Python environment that can have its own libraries and configuration, separate from the main system-wide Python installation. Python and
virtualenv
are available within Debian’s default software repositories, making it possible to install using conventional package management tools.
OctoDNS作为Python pip软件包分发,并在Python虚拟环境(
virtualenv
)中运行,因此您将通过安装此步骤所需的软件包来开始此步骤。
virtualenv
是一个隔离的Python环境,可以具有自己的库和配置,与系统范围内的主要Python安装分开。 Python和
virtualenv
在Debian的默认软件存储库中可用,从而可以使用常规的软件包管理工具进行安装。
Begin by updating the local package index to reflect any new upstream changes:
首先更新本地包索引以反映任何新的上游更改:
-
sudo apt update
sudo apt更新
Then, install the
python
and
virtualenv
packages:
然后,安装
python
和
virtualenv
软件包:
-
sudo apt install python virtualenv
sudo apt安装python virtualenv
After confirming the installation,
apt
will download and install Python,
virtualenv
, and all of their required dependencies.
确认安装后,
apt
将下载并安装Python,
virtualenv
及其所有必需的依赖项。
Next, you’ll create the required directories for OctoDNS, where your DNS and program configuration will be stored. Start by creating the
~/octodns
and
~/octodns/config
directories:
接下来,您将为OctoDNS创建所需的目录,该目录将存储您的DNS和程序配置。 首先创建
~/octodns
和
~/octodns/config
目录:
-
mkdir ~/octodns ~/octodns/config
mkdir〜/ octodns〜/ octodns / config
Now move into
~/octodns
:
现在进入
~/octodns
:
-
cd ~/octodns
cd〜/八进制
Next, you need to create the Python Virtual Environment—an isolated Python environment with its own libraries and configuration to run OctoDNS in:
接下来,您需要创建Python虚拟环境-一个具有自己的库和配置的隔离的Python环境,以在以下位置运行OctoDNS:
-
virtualenv env
的virtualenv ENV
Activate your environment with the following command:
使用以下命令激活您的环境:
-
source env/bin/activate
源ENV /斌/激活
This will output something similar to the following:
这将输出类似于以下内容:
Output
Running virtualenv with interpreter /usr/bin/python2
New python executable in /home/user/octodns/env/bin/python2
Also creating executable in /home/user/octodns/env/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
Your Bash shell prompt will now also be prefixed with the name of the virtual environment. This shows that you are currently operating within the
virtualenv
:
现在,您的Bash Shell提示符还将以虚拟环境的名称为前缀。 这表明您当前正在
virtualenv
:
(env) [email protected]:~/octodns$
If you wish to exit the
virtualenv
, you can use the
deactivate
command at any time. However, you should stay in your
virtualenv
to continue with this tutorial.
如果您希望退出
virtualenv
,则可以随时使用
deactivate
命令。 但是,您应该留在
virtualenv
以继续本教程。
Now that you’ve installed and configured Python and
virtualenv
, you can install OctoDNS. OctoDNS is distributed as a Python pip package, which is the standard package-management tool for Python packages and libraries.
现在,您已经安装并配置了Python和
virtualenv
,您可以安装OctoDNS。 OctoDNS作为Python pip软件包分发,这是Python软件包和库的标准软件包管理工具。
You can install the OctoDNS pip package using the following command within your
virtualenv
:
您可以在
virtualenv
使用以下命令安装OctoDNS pip软件包:
-
pip install octodns
点安装八位
Once this is complete, you can check the installed version to make sure that everything is working:
完成此操作后,您可以检查已安装的版本以确保一切正常:
-
octodns-sync --version
octodns-sync --version
Your output will look similar to the following:
您的输出将类似于以下内容:
Output
octoDNS 0.9.9
If you see a
octodns-sync: command not found
error, double-check that you’re still inside your
virtualenv
.
如果看到
octodns-sync: command not found
错误,请仔细检查您是否仍在
virtualenv
。
Now that you’ve installed OctoDNS, you can create the required configuration files to connect OctoDNS to your DNS provider to allow it to make changes to your DNS records.
现在,您已经安装了OctoDNS,可以创建所需的配置文件以将OctoDNS连接到您的DNS提供程序,以允许它更改您的DNS记录。
步骤2 —配置OctoDNS (Step 2 — Configuring OctoDNS)
In this step, you’ll create the required configuration files for OctoDNS, and connect it to your DNS provider so that it can begin to make live changes to your DNS records.
在此步骤中,您将为OctoDNS创建所需的配置文件,并将其连接到DNS提供商,以便它可以开始对DNS记录进行实时更改。
Note: This tutorial will focus on the initial setup of OctoDNS; however for production use it is recommended to store your OctoDNS configuration in a version control system (VCS) such as Git. The advantages of this include full version control, integration with CI/CD for testing, seamlessly rolling-back deployments, and so on.
注意:本教程将重点介绍OctoDNS的初始设置。 但是,对于生产用途,建议将OctoDNS配置存储在版本控制系统(VCS)中,例如Git 。 这样做的优点包括完整的版本控制,与CI / CD集成以进行测试,无缝回滚部署等。
Firstly, you need to configure the
config.yaml
file, which defines the DNS zones for OctoDNS to manage, and allows it to authenticate to your DNS provider and make changes.
首先,您需要配置
config.yaml
文件,该文件定义了OctoDNS可以管理的DNS区域,并允许它向您的DNS提供商进行身份验证并进行更改。
The format of
config.yaml
differs slightly depending on the DNS provider that you are using. Please see the Supported Providers list in the official OctoDNS documentation to find the configuration for your own provider. When viewing this hyperlink, the configuration details are presented as a code comment in the actual Python code for your provider, which is linked in the ‘Provider’ column of the table. Once you have found the Python code for your provider, such as
cloudflare.py
or
route53.py
, the relevant code comment can be found directly under the
class
ProviderNameProvider
. For example:
config.yaml
的格式略有不同,具体取决于您使用的DNS提供程序。 请查看官方OctoDNS文档中的“ 受支持的提供程序”列表 ,以查找您自己的提供程序的配置。 查看此超链接时,配置详细信息在您的提供程序的实际Python代码中以代码注释的形式显示,该代码在表的“提供程序”列中进行链接。 找到提供程序的Python代码(例如
cloudflare.py
或
route53.py
,可以直接在
ProviderName Provider
class
下找到相关的代码注释。 例如:
Excerpt of octodns/provider/route53.py octodns / provider / route53.py的摘录
class Route53Provider(BaseProvider):
'''
AWS Route53 Provider
route53:
class: octodns.provider.route53.Route53Provider
# The AWS access key id
access_key_id:
# The AWS secret access key
secret_access_key:
# The AWS session token (optional)
# Only needed if using temporary security credentials
session_token:
Move into the
~/octodns/config
directory:
移至
~/octodns/config
目录:
-
cd ~/octodns/config
cd〜/ octodns / config
Then create and open
config.yaml
for editing:
然后创建并打开
config.yaml
进行编辑:
-
nano config.yaml
纳米config.yaml
Add the sample
config.yaml
configuration for your DNS provider to the file. If you’re using DigitalOcean as your DNS provider, you can use the following:
将您的DNS提供程序的示例
config.yaml
配置添加到文件中。 如果您将DigitalOcean用作DNS提供程序,则可以使用以下内容:
~/octodns/config/config.yaml 〜/ octodns / config / config.yaml
---
providers:
config:
class: octodns.provider.yaml.YamlProvider
directory: ./config
default_ttl: 300
enforce_order: True
digitalocean:
class: octodns.provider.digitalocean.DigitalOceanProvider
token: your-digitalocean-oauth-token
zones:
your-domain.:
sources:
- config
targets:
- digitalocean
This file tells OctoDNS which DNS providers you want it to connect to, and which DNS zones it should manage for those providers.
该文件告诉OctoDNS您希望它连接到哪个DNS提供商,以及应为这些提供商管理哪个DNS区域。
You’ll need to provide some form of authentication for your DNS provider. This is usually an API key or OAuth token.
您需要为您的DNS提供程序提供某种形式的身份验证。 这通常是API密钥或OAuth令牌。
If you do not wish to store your access token in plain text in the configuration file, you can instead pass it as an environment variable when the program runs. To do this, you should use the following
token:
line instead in
config.yaml
:
如果您不希望将访问令牌以纯文本格式存储在配置文件中,则可以在程序运行时将其作为环境变量传递。 为此,您应该使用以下
token:
在
config.yaml
使用line代替:
~/octodns/config/config.yaml 〜/ octodns / config / config.yaml
token: env/DIGITALOCEAN\_OAUTH\_TOKEN
Then, before running OctoDNS, set the relevant environment variable to your access token, and OctoDNS will read it from there when run:
然后,在运行OctoDNS之前,将相关的环境变量设置为您的访问令牌,OctoDNS将从运行时从那里读取它:
-
export DIGITALOCEAN\_OAUTH\_TOKEN=your-digitalocean-oauth-token
导出DIGITALOCEAN \ _OAUTH \ _TOKEN = your-digitalocean-oauth-token
Warning: This token will grant access to your DNS provider account, so you should protect it as you would a password. Also, ensure that if you’re using a version control system, either the file containing the token is excluded (e.g. using
.gitignore
), or is securely encrypted in some way.
警告:此令牌将授予对您的DNS提供程序帐户的访问权限,因此您应像使用密码一样保护它。 另外,请确保如果使用的是版本控制系统,则排除包含令牌的文件(例如,使用
.gitignore
),或以某种方式对其进行安全加密。
If you’re using DigitalOcean as your DNS provider, you can use the required OAuth token in your DigitalOcean account settings that you generated as part of the prerequisites.
如果您将DigitalOcean用作DNS提供程序,则可以在作为先决条件的一部分而生成的DigitalOcean帐户设置中使用所需的OAuth令牌。
If you have multiple different DNS providers—for example, for multiple domain names, or delegated DNS zones—you can define these all in the same
config.yaml
file.
如果您有多个不同的DNS提供程序(例如,多个域名或委托的DNS区域),则可以在同一
config.yaml
文件中定义所有这些。
You’ve set up the initial OctoDNS configuration file to allow the program to authenticate to your DNS provider and make changes. Next you’ll create the configuration for your DNS zones.
您已经设置了初始的OctoDNS配置文件,以允许该程序向您的DNS提供程序进行身份验证并进行更改。 接下来,您将为DNS区域创建配置。
步骤3 —创建DNS配置文件 (Step 3 — Creating a DNS Configuration File)
In this step, you’ll create an initial DNS configuration file, which will contain the DNS records for your domain name or delegated DNS zone.
在此步骤中,您将创建一个初始DNS配置文件,其中将包含您的域名或委派DNS区域的DNS记录。
Each DNS zone that you want to manage using OctoDNS has its own file, for example
your-domain.yaml
. In this file, the DNS records for the zone are defined using YAML.
您要使用OctoDNS管理的每个DNS区域都有其自己的文件,例如
your-domain .yaml
。 在此文件中,使用YAML定义区域的DNS记录。
To begin, move into the
~/octodns/config
directory:
首先,进入
~/octodns/config
目录:
-
cd ~/octodns/config
cd〜/ octodns / config
Then create and open
your-domain.yaml
for editing:
然后创建并打开
your-domain .yaml
以进行编辑:
-
nano your-domain.yaml
纳米您的域 .yaml
Add the following sample configuration to the file:
将以下样本配置添加到文件中:
~/octodns/config/your-domain.yaml 〜/ octodns / config / your-domain.yaml
---
'':
- type: A
value: your-server-ipv4-address
www:
- type: A
value: your-server-ipv4-address
This sample file defines a DNS zone for
your-domain
with two
A
records, pointing to the IPv4 address that you’re hosting your domain or website on. One
A
record is for the root domain (e.g.
your-domain
), and the other is for the
www
subdomain (e.g.
www.your-domain
).
此样本文件为
your-domain
定义了一个DNS区域,其中包含两个
A
记录,指向您托管域或网站所在的IPv4地址。 一个
A
记录用于根域(例如
your-domain
),而另一个记录用于
www
子域(例如
www. your-domain
)。
Once complete, save and close the file.
完成后,保存并关闭文件。
You’ve set up a basic DNS zone configuration file for OctoDNS, with two basic
A
records pointing to the IPv4 address of your domain or website. Next, you’ll expand the file with some useful DNS records.
您已经为OctoDNS设置了基本的DNS区域配置文件,其中两个基本的
A
记录指向您的域或网站的IPv4地址。 接下来,您将使用一些有用的DNS记录来扩展该文件。
步骤4 —填充您的DNS配置文件 (Step 4 — Populating Your DNS Configuration File)
Next, you can populate the DNS configuration file with a practical set of DNS records for your website or service, using the YAML structured configuration language.
接下来,您可以使用YAML结构化的配置语言,为您的网站或服务使用一组实用的DNS记录填充DNS配置文件。
Unlike traditional BIND zone files, where DNS records are written in a raw, line-by-line format, DNS records within OctoDNS are defined as YAML keys and subkeys with a number of associated values, as shown briefly in Step 3.
与传统的BIND区域文件不同,在传统的BIND区域文件中 ,DNS记录以原始的逐行格式写入,而OctoDNS中的DNS记录被定义为具有许多关联值的YAML密钥和子密钥,如步骤3所示。
The top-level key is usually the
'name'
, which is essentially the record identifier.
www
,
subdomain1
, and
mail
are all examples of DNS
'name'
. In OctoDNS, there are two special-use names, which are
''
, for the root record (usually referred to as
@
), and
'*'
, for wildcard records. A required value of each key (DNS record) is
type
. This defines which type of DNS record you are defining within that YAML top-level key. A
type
exists for each of the standard DNS record types, including
A
,
AAAA
,
MX
,
TXT
,
NS
,
CNAME
, and so on. A full list of available record types is available in the Records section of the OctoDNS documentation.
顶级密钥通常是
'name'
,本质上是记录标识符。
www
,
subdomain1
和
mail
都是DNS'name
'name'
示例。 在OctoDNS,有两个特殊用途的名称,这是
''
,根记录(通常简称为
@
),和
'*'
,通配符记录。 每个密钥(DNS记录)的必需值为
type
。 这定义了您在该YAML顶级密钥中定义的DNS记录类型。 甲
type
存在于每个标准的DNS记录类型,包括
A
,
AAAA
,
MX
,
TXT
,
NS
,
CNAME
,等等。 可用记录类型的完整列表在OctoDNS文档的“ 记录”部分中提供。
The values for your DNS records are defined either directly as values to the top-level keys (if you only have one value), or as a list (if you have multiple values, e.g. multiple IP addresses or MX addresses).
DNS记录的值可以直接定义为顶级键的值(如果只有一个值),也可以定义为列表(如果有多个值,例如多个IP地址或MX地址)。
For example, to define a single value, you could use the following configuration:
例如,要定义一个值,可以使用以下配置:
~/octodns/config/your-domain.yaml 〜/ octodns / config / your-domain.yaml
'www':
type: A
value: 203.0.113.1
Alternatively, to define multiple values for a single record:
或者,为单个记录定义多个值:
~/octodns/config/your-domain.yaml 〜/ octodns / config / your-domain.yaml
'www':
type: A
values:
- 203.0.113.1
- 203.0.113.2
The syntax for setting DNS records varies slightly for each record type. Following are some examples for the most common record types:
设置DNS记录的语法因每种记录类型而略有不同。 以下是一些最常见的记录类型的示例:
A
A
A
A
Purpose: To point to an IPv4 address.
目的:指向一个IPv4地址。
Syntax:
句法:
'name':
type: A
value: ipv4-address
Example:
例:
'www':
type: A
value: your-server-ipv4-address
AAAA
AAAA
AAAA
AAAA
Purpose: To point to an IPv6 address.
目的:指向一个IPv6地址。
Syntax:
句法:
'name':
type: AAAA
value: ipv6-address
Example:
例:
'www':
type: AAAA
value: your-server-ipv6-address
CNAME
CNAME
CNAME
CNAME
Purpose: To make your domain/subdomain an alias of another.
目的:使您的域/子域成为另一个的别名。
Syntax:
句法:
'name':
type: CNAME
value: fully-qualified-domain-name
Example:
例:
'www':
type: CNAME
value: www.example.org
MX
MX
MX
MX
Purpose: To direct email to specific servers/addresses.
目的:将电子邮件定向到特定的服务器/地址。
Syntax:
句法:
'name':
type: MX
value:
exchange: mail-server
preference: priority-value
Note that a trailing
.
must be included if there are any dots in the MX value.
注意尾随
.
如果MX值中有任何点,则必须包含在内。
Example:
例:
'':
type: MX
value:
exchange: mail.your-domain.
preference: 10
TXT
TXT
TXT
TXT
Purpose: To add arbitrary plain text, often used for configurations without their own dedicated record type.
目的:添加任意纯文本,通常用于没有自己专用记录类型的配置。
Syntax:
句法:
'name':
type: TXT
value: content
Example:
例:
'':
type: TXT
value: This is a TXT record.
In order to begin adding DNS records for your domain or delegated DNS zone, edit your DNS configuration file:
为了开始为您的域或委派DNS区域添加DNS记录,请编辑您的DNS配置文件:
-
cd ~/octodns/config
cd〜/ octodns / config
-
nano your-domain.yaml
纳米您的域 .yaml
Next, you can begin populating your DNS zone using the syntax described in the previous list, as well as the Records section of the official OctoDNS documentation.
接下来,您可以开始使用上一列表中所述的语法以及官方OctoDNS文档的“ 记录”部分来填充DNS区域。
For reference, the code block here contains a full sample configuration for an initial DNS setup:
作为参考,此处的代码块包含用于初始DNS设置的完整示例配置:
~/octodns/config/your-domain.yaml 〜/ octodns / config / your-domain.yaml
---
'':
- type: A
value: your-server-ipv4-address
- type: AAAA
value: your-server-ipv6-address
- type: MX
value:
exchange: mail.your-domain.
preference: 10
- type: TXT
value: v=spf1 -all
_dmarc:
type: TXT
value: v=DMARC1\; p=reject\; rua=mailto:[email protected]\; aspf=s\; adkim=s\;
mail:
- type: A
value: your-server-ipv4-address
- type: AAAA
value: your-server-ipv6-address
www:
- type: A
value: your-server-ipv4-address
- type: AAAA
value: your-server-ipv6-address
Once you have completed your initial DNS configuration, save and close the file.
完成初始DNS配置后,保存并关闭文件。
In this step, you set up the initial DNS configuration file, containing your DNS records. Next, you will test the configuration and deploy it.
在此步骤中,您将设置包含DNS记录的初始DNS配置文件。 接下来,您将测试配置并部署它。
第5步-测试和部署DNS配置 (Step 5 — Testing and Deploying Your DNS Configuration)
In this step, you will run a local syntax check on your DNS configuration, and then deploy the changes to the live DNS server/provider.
在此步骤中,您将对DNS配置运行本地语法检查,然后将更改部署到实时DNS服务器/提供程序。
Firstly, move into your
octodns
directory:
首先,进入您的
octodns
目录:
-
cd ~/octodns
cd〜/八进制
Double check that you’re still operating within your Python
virtualenv
by looking for the name of it before your Bash prompt:
通过在Bash提示符之前查找它的名称来仔细检查您是否仍在Python
virtualenv
运行:
(env) [email protected]:~/octodns$
Next, use the
octodns-validate
command to check the syntax of your configuration file(s). You’ll need to specify the path to your configuration file:
接下来,使用
octodns-validate
命令检查您的配置文件的语法。 您需要指定配置文件的路径:
-
octodns-validate --config=./config/config.yaml
octodns-validate --config =。/ config / config.yaml
If the YAML syntax of your DNS configuration file is correct, OctoDNS will return with no output. If you see an error or warning in your output, OctoDNS will provide details on what and where the error is located within your YAML file.
如果您的DNS配置文件的YAML语法正确,则OctoDNS将返回而没有任何输出。 如果在输出中看到错误或警告,OctoDNS将提供有关YAML文件中错误的位置和位置的详细信息。
Next, you can perform a dry-run push of the DNS configuration, which will output which changes will be made, without actually making them:
接下来,您可以对DNS配置执行空运行推送,而无需实际进行更改即可输出将进行的更改:
-
octodns-sync --config=./config/config.yaml
octodns-sync --config =。/ config / config.yaml
This should produce an output similar to the following:
这将产生类似于以下内容的输出:
Output
********************************************************************************
* your-domain.
********************************************************************************
* digitalocean (DigitalOceanProvider)
* Create <ARecord A 300, mail.your-domain., ['your-server-ipv4-address']> (config)
* Create <AaaaRecord AAAA 300, mail.your-domain., ['your-server-ipv6-address']> (config)
* Create <TxtRecord TXT 300, your-domain., ['v=spf1 -all']> (config)
* Create <AaaaRecord AAAA 300, your-domain., ['your-server-ipv6-address']> (config)
* Create <ARecord A 300, your-domain., ['your-server-ipv4-address']> (config)
* Create <ARecord A 300, www.your-domain., ['your-server-ipv4-address']> (config)
* Create <MxRecord MX 300, your-domain., [''10 mail.your-domain.'']> (config)
* Create <TxtRecord TXT 300, _dmarc.your-domain., ['v=DMARC1\; p=reject\; rua=mailto:[email protected]\; aspf=s\; adkim=s\;']> (config)
* Create <AaaaRecord AAAA 300, www.your-domain., ['your-server-ipv6-address']> (config)
* Summary: Creates=9, Updates=0, Deletes=0, Existing Records=2
********************************************************************************
Warning: The next command will make live changes to your DNS records and possibly other settings. Please ensure that you are prepared for this, including taking a backup of your existing DNS configuration, as well as ensuring that you have the means to roll back if needed.
警告:下一条命令将实时更改您的DNS记录和其他可能的设置。 请确保为此做好准备,包括备份现有的DNS配置,以及确保您有必要时进行回滚的方法。
Finally, you can push out the changes to your live DNS provider:
最后,您可以将更改推送到实时DNS提供商:
-
octodns-sync --config=./config/config.yaml --doit
octodns-sync --config =。/ config / config.yaml --doit
Note: In some cases, OctoDNS will refuse to push changes if it is making a significant number of adjustments. This is an automatic protection feature to prevent accidental misconfigurations. If you encounter this refusal, you can re-run
octodns-sync
using the
--force
option, but please ensure you are ready to do so.
注意:在某些情况下,如果OctoDNS进行了大量调整,则拒绝更改。 这是一项自动保护功能,可防止意外配置错误。 如果遇到这种拒绝,您可以使用
--force
选项重新运行
octodns-sync
,但请确保已准备就绪。
You’ll see an output like the dry-run earlier in this step, but with the addition of something similar to the following:
在此步骤中,您会看到类似于试运行的输出,但是添加了类似于以下内容的输出:
Output
2019-07-07T23:17:27 INFO DigitalOceanProvider[digitalocean] apply: making changes
2019-07-07T23:17:30 INFO Manager sync: 9 total changes
Now, if you check the DNS settings for your domain in the DigitalOcean control panel, you’ll see the changes.
现在,如果您在DigitalOcean控制面板中检查域的DNS设置,您将看到更改。
You can also check the record creation by running a DNS query for your domain/delegated zone using
dig
.
您还可以通过使用
dig
为您的域/委派区域运行DNS查询来检查记录的创建。
If you don’t have
dig
installed, you’ll need to install the
dnsutils
package:
如果没有安装
dig
,则需要安装
dnsutils
软件包:
-
sudo apt install dnsutils
sudo apt安装dnsutils
Once you’ve installed
dig
, you can use it to make a DNS lookup for your domain. You’ll see that the records have been updated accordingly:
安装
dig
,您可以使用它为您的域进行DNS查找。 您会看到记录已相应更新:
-
dig +short your-domain
挖+短您的网域
You’ll see output showing the IP address and relevant DNS record from your zone that you deployed using OctoDNS. DNS records can take some time to propagate, so you may need to wait and run this command again.
您将看到输出,显示使用OctoDNS部署的区域中的IP地址和相关的DNS记录。 DNS记录可能需要一些时间才能传播,因此您可能需要等待并再次运行此命令。
In this final step, you ran a local syntax check of the DNS configuration file, then deployed it to your live DNS provider, and tested that the changes were made successfully.
在最后一步中,您对DNS配置文件进行了本地语法检查,然后将其部署到实时DNS提供程序中,并测试了更改是否成功完成。
结论 (Conclusion)
In this article you set up OctoDNS and deployed a DNS configuration to a live provider. Now you can manage and test your DNS configuration changes in a safe, offline environment before deploying them to production.
在本文中,您将设置OctoDNS并将DNS配置部署到实时提供程序。 现在,您可以在安全的脱机环境中管理和测试DNS配置更改,然后再将其部署到生产环境中。
If you wish to explore this subject further, OctoDNS is designed to be integrated into your CI/CD pipeline, allowing you to run in-depth tests and have more control over your deployment to production. You could also look into integrating OctoDNS into your infrastructure build/deployment processes, allowing you to deploy servers and add them to DNS completely automatically.
如果您想进一步探索该主题,则可以将OctoDNS设计为集成到CI / CD管道中,从而使您可以进行深入的测试,并更好地控制生产部署。 您还可以考虑将OctoDNS集成到基础结构的构建/部署过程中,从而允许您部署服务器并将其完全自动添加到DNS中。
If you wish to go further with OctoDNS, the following DigitalOcean articles provide some interesting next steps to help integrate OctoDNS into your change management and infrastructure deployment workflows:
如果您想进一步了解OctoDNS,以下DigitalOcean文章提供了一些有趣的下一步,以帮助将OctoDNS集成到您的变更管理和基础架构部署工作流中:
-
An Introduction to Continuous Integration, Delivery, and Deployment
持续集成,交付和部署简介
-
CI/CD Tools Comparison: Jenkins, GitLab CI, Buildbot, Drone, and Concourse
CI / CD工具比较:Jenkins,GitLab CI,Buildbot,Drone和Concourse
-
Getting Started with Configuration Management
配置管理入门
翻译自: https://www.digitalocean.com/community/tutorials/how-to-deploy-and-manage-your-dns-using-octodns-on-debian-10
debian10 dns
![AOP编程_Android优雅权限框架(1)概念基础,2021金三银四前言正文大纲正文[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)