构建内网DNS系统

环境准备

创建虚拟机

环境准备

创建虚拟机
vmcentos[0]=CentOS7X64-client
vmcentos[1]=CentOS7X64-bind01
vmcentos[2]=CentOS7X64-bind02
vmcentos[3]=CentOS7X64-httpd01
vmcentos[4]=CentOS7X64-httpd02

parentPath="/media/WNTime/本地磁盘/VirtualMachine.Spaces"
vmsour="$parentPath/CentOS7X64.Core/CentOS7X64.Core.vmx"
for item in ${vmcentos[*]}; 
do
	vmdest="$parentPath/$item/$item.vmx"
	echo "Clone: $vmdest"
	vmrun -T ws clone $vmsour  $vmdest  full -cloneName=$item
	sleep 5s;
done;

启动虚拟机
parentPath="/media/WNTime/本地磁盘/VirtualMachine.Spaces"
for item in ${vmcentos[*]}; 
do
	vmdest="$parentPath/$item/$item.vmx"
	vmshot=`date +%Y%m%d%H%M`
	echo "Start: $vmdest"
	vmrun -T ws start $vmdest
	sleep 5s;
	read -p "按任意键继续..."
done;

挂起虚拟机
parentPath="/media/WNTime/本地磁盘/VirtualMachine.Spaces"
for item in ${vmcentos[*]}; 
do
	vmdest="$parentPath/$item/$item.vmx"
	vmshot=`date +%Y%m%d%H%M`
	echo "Suspend: $vmdest"
	vmrun -T ws suspend $vmdest
	sleep 5s;
done;

快照备份
parentPath="/media/WNTime/本地磁盘/VirtualMachine.Spaces"
for item in ${vmcentos[*]}; 
do
	vmdest="$parentPath/$item/$item.vmx"
	vmshot=`date +%Y%m%d`
	echo "Snapshot: $vmdest"
	vmrun -T ws snapshot $vmdest $vmshot
	vmrun -T ws listSnapshots $vmdest
	sleep 5s;
done;

还原虚拟机
parentPath="/media/WNTime/本地磁盘/VirtualMachine.Spaces"
vmshot=`date +%Y%m%d`
for item in ${vmcentos[*]}; 
do
	vmdest="$parentPath/$item/$item.vmx"
	vmshot=`date +%Y%m%d`
	echo "Revert: $vmdest"
	vmrun -T ws revertToSnapshot $vmdest $vmshot
	sleep 5s;
done;

关闭虚拟机
parentPath="/media/WNTime/本地磁盘/VirtualMachine.Spaces"
for item in ${vmcentos[*]}; 
do
	vmdest="$parentPath/$item/$item.vmx"
	vmshot=`date +%Y%m%d%H%M`
	echo "Stop: $vmdest"
	vmrun -T ws stop $vmdest
	sleep 5s;
	read -p "按任意键继续..."
done;	

实验网络规划
clientDNSDNShttpdhttpd
clientbind-01bind-02httpd-111httpd-112
192.168.86.16192.168.86.100192.168.86.200192.168.86.111192.168.86.112
配置hostname及ipaddress

client

## client
# vim /etc/sysconfig/network-script/ifcfg-en33 
sudo hostnamectl set-hostname client
sudo sed -i -e 's/192.168.86.6/192.168.86.16/g' \
-e '/^UUID=/d' \
/etc/sysconfig/network-scripts/ifcfg-ens33
sudo systemctl restart network

bind-01

## gateway
# vim /etc/sysconfig/network-script/ifcfg-en33
sudo hostnamectl set-hostname bind-01
sudo cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33
sudo sed -i -e 's/192.168.86.6/192.168.86.100/g' \
-e '/^UUID=/d' \
/etc/sysconfig/network-scripts/ifcfg-ens33
sudo systemctl restart network

bind-02

## gateway
# vim /etc/sysconfig/network-script/ifcfg-en33
sudo hostnamectl set-hostname bind-02
sudo cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33
sudo sed -i -e 's/192.168.86.6/192.168.86.200/g' \
-e '/^UUID=/d' \
/etc/sysconfig/network-scripts/ifcfg-ens33
sudo systemctl restart network

httpd-111

## httpd-111
# vim /etc/sysconfig/network-script/ifcfg-en33
sudo hostnamectl set-hostname httpd-111
sudo sed -i -e 's/192.168.86.6/192.168.86.111/g' \
-e '/^UUID=/d' \
/etc/sysconfig/network-scripts/ifcfg-ens33
sudo systemctl restart network

httpd-112

## httpd-112
# vim /etc/sysconfig/network-script/ifcfg-en33
sudo hostnamectl set-hostname httpd-112
sudo sed -i -e 's/192.168.86.6/192.168.86.112/g' \
-e '/^UUID=/d' \
/etc/sysconfig/network-scripts/ifcfg-ens33
sudo systemctl restart network

关闭防火墙
sudo setenforce 0
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

sudo systemctl disable firewalld 
sudo systemctl stop firewalld

sudo yum makecache
sudo yum install -y wget net-tools
sudo mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
sudo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sudo yum makecache

注意:一定要关闭防火墙,或是添加相关端口!

确认网关是否生效
route -n

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-U9E8qinV-1664437191492)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/dfca7ac26cf341cb931b5d48ae26d172.png)]

安装软件服务

安装 web服务测试

httpd-111, httpd-112

sudo yum install -y httpd
sudo systemctl stop firewalld
echo " sed -i 's/123/$HOSTNAME/' /usr/share/httpd/noindex/index.html" | sudo bash -
sudo systemctl enable httpd
sudo systemctl restart httpd

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-XRswCzNc-1664437191493)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/8f8ae632953841cf9799ae5ee1eefd0e.png)]

安装bind基础依赖
sudo yum -y install net-tools iptables-services vim gcc tcpdump cmake bind-utils zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel libffi-devel libxml* git wget libtool

# pipe
sudo yum install -y epel-release python-pip libnghttp2 libnghttp2-devel libcap-devel

如果不安装ply模块,bind在编译时会报错如下

configure: error: Python >= 2.7 or >= 3.2 and the PLY package are required for dnssec-keymgr and other Python-based tools. 
PLY may be available from your OS package manager as python-ply or python3-ply; it can also be installed via pip. To build without Python/PLY, use --without-python.

如果不安装ply模块,bind在编译时会报错如下

checking for libuv... checking for libuv >= 1.0.0... no
configure: error: libuv not found

如果不安装libtool模块,bind在编译时会报错如下

configure: error: sys/capability.h header is required for Linux capabilities support. Either install libcap or use --disable-linux-caps.
yum install libcap-devel

下载并安装bind9
wget https://ftp.isc.org/isc/bind9/9.19.5/bind-9.19.5.tar.xz
tar -xf bind-9.19.5.tar.xz
cd bind-9.19.5
./configure --prefix=/usr/local/bind9
make && sudo make install 

注:–enable-threads enable multithreading参数已经在9.14及后续不再单独设置,9.11之前需要指定。9.14版本开始默认使用了SO_REUSEPORT特性(后期文档详细介绍)

安装完成

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-SHPiYPwX-1664437191494)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/image-20220927213724546.png)]

bind初始化配置

使用yum安装的bind文件目录如下:

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-remd9kzO-1664437191495)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/0126f0de69accb3ce4d6820eb9eff207.png)]

源码安装的与上面有所区别

bind官方推荐使用rndc(Remote Name Domain Controllerr)工具,rndc是一个远程管理bind的工具,通过这个工具可以在本地或者远程查看当前服务器的运行状况,也可以对服务器进行关闭、重载、刷新缓存、增加删除zone等操作,后期文档详细介绍。

cd /usr/local/bind9
su
sbin/rndc-confgen > etc/rndc.conf
# 注意:如果这里卡住不动可改用下面的命令
## sbin/rndc-confgen -r /dev/urandom > etc/rndc.conf # 未验证
cd /usr/local/bind9/etc/
tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf

此时named.conf文件内容如下

[root@localhost etc]# cat named.conf
key "rndc-key" {
    algorithm hmac-sha256;
    secret "AXeCgzN/af9naYrVgtmdBkBEO2XYDl4k+rlq3dICfrY=";
};
controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } 
        keys { "rndc-key"; };
};

编辑named.conf文件,在当前文件的最后增加全局options配置如下。

cat >> named.conf <<EOF

options {
    directory "/usr/local/bind9/var/run";
    pid-file "named.pid";
    recursion yes;
    allow-query { any; };
    listen-on port 53 { any; };
};
EOF

参数名称参数说明
directorynamed程序运行后cd到此目录,区文件、输出的文件也写在此目录
pid-file进程id文件名
recursion全局开启递归查询
allow-query源IP解析限制,any代表所有
listen-on port 53监听53端口的IP地址,any代表本机所有IP
groupadd -g 53 -r named
useradd -u 53 -s /sbin/nolgin -r named -g named

mkdir -p /usr/local/bind9/var/run
chown -R named:named /usr/local/bind9
cd /usr/local/bind9

# 执行sbin/named -u named -g 检查配置文件合规性。
sbin/named -u named -g

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-3kvQ9Oet-1664437191495)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/image-20220927220153050.png)]

运行bind

执行如下命令启动bind。

sudo /usr/local/bind9/sbin/named -u named -c /usr/local/bind9/etc/named.conf
# 测试能正常解析
ps -ef|grep named

netstat -anp|grep 53

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-XUgKiMkS-1664437191496)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/image-20220927220537126.png)]

测试DNS解析
# 
dig www.baidu.com
# 从指定的 DNS 服务器上查询
dig @127.0.0.1 www.baidu.com

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-KGv3e3Kc-1664437191497)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/image-20220927221653925.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-UdCIv9RD-1664437191498)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/image-20220927221754976.png)]

配置开机启动
cat >> /usr/lib/systemd/system/named.service<<EOF
[Unit]
Description=Bind DNS Named
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/bind9/sbin/named -u named -c /usr/local/bind9/etc/named.conf
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=3s

[Install]
WantedBy=multi-user.target

EOF

systemctl daemon-reload
systemctl list-unit-files --all | grep named
systemctl start named
systemctl enable named
systemctl status named

bind配置介绍

named.conf 配置文件
//单行注释类型1
/*
  多行注释
*/

//声明控制通道
controls {
	inet 127.0.0.1 port 953
	allow { 127.0.0.1; } 
    keys { "rndc-key"; };
};

//全局选项
options {
	version none; //隐藏bind版本,为了安全考虑
	directory "/var/named";
	pid-file "named.pid"; 
	recursion yes;   //全局开启递归
	listen-on port 53 { any; }; //监听IPv4的53端口
	listen-on-v6 port 53 { any;}; //监听IPv6的53端口
	allow-query { any; };  //面向所有源IP提供解析服务
};

//指明日志记录
logging {
        channel query_log {
                file "/usr/local/bind/log/query.log." versions 5 size 50m;
                print-time yes;
                severity info;
        };
        category queries { query_log;};
};
//包含另一个文件的配置
include "acl.conf";
//视图
view "view_wntime" {
	match-clients { wntime; };  //这个视图匹配的源IP地址
	zone "example.com" {
		type master;  //定义此权威区是主区
		file "example.com.zone";  //权威区文件的名称,他应该放在/var/named/下面
	};
};

view "view_any" {
	match-clients { any; };
	zone "wntime.cn" IN {
        type forward; //配置域名转发,当接到wntime.cn域名查询时bind向forwarders中的IP地址发起递归查询请求。
        forward only;  //如果转发服务器应答超时或者失败,则不再尝试自己做迭代查询。
        forwarders {8.8.8.8; 114.114.114.114; };
	};
};

  • 注释语法

    bind9的配置文件注释可以写成C,C++或者shell的风格。上面的配置中有注释单行//和注释多行/* …*/的例子,可以用井号#注释单行。但要注意在主配置文件中不能像zone文件(后面会详细讲解)一样使用分号(“;”)注释。

  • 配置文件语法(语句)

    语句和注释是可以出现在花括号之外的元素,而语句中由包含很多的自语句并组成语句块,子语句以分号结束。下面是bind9支持的语句。

语句含义
acl定义IP地址列表, 用于访问控制或者其他用途
include包含(引入)一个配置文件
key在使用TSIG的时候用于认证和授权的秘钥信息
conctrols声明一个控制通道,用于rndc
options控制全局的配置或者其他语句的缺省配置,此配置是我们需要重点关注的,很多DNS的调优都是在这里进行配置,目前它包含的配置自语句数量是211条大家不需要去死记硬背,只需要了解一些常用的语句即可,我们在后面也会详细讲解这些常用的配置语句。
logging指定bind记录哪些日志以及在哪里输出这些日志
view定义一个视图,视图在bind中是逻辑的概念,类似将DNS进行隔离,不同的视图之间不互相影响,视图要匹配acl也就是客户端的源IP,是实现智能解析的关键配置。
zone定义一个权威区
server可以出现在配置文件的顶级,可以在一个view中,定义对特定的服务器设置参数
masters定义一个命名的主服务器列表,一般包含在存根区或者辅区的masters或者also-notify列表中。
trusted-keys定义信任的DNSSEC密钥
statistics-channels声明通信的通道,用于访问bind的统计信息数据

== 注意:logging和options语句在每个配置文件中只能出现一次。

配置named.conf

下面named.conf是实现最简单的权威主区wntime.com的举例,先从这个简单的例子了解权威区的含义和区(zone)文件的格式。

key "rndc-key" {
        algorithm hmac-sha256;
        secret "AXeCgzN/af9naYrVgtmdBkBEO2XYDl4k+rlq3dICfrY=";
};

controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; } 
    	keys { "rndc-key"; };
};

options {
        directory "/usr/local/bind/var/run";
        pid-file "named.pid";
        recursion yes;
        allow-query { any; };
        listen-on port 53 { any; };
};

//创建 wntime.com权威区
zone "wntime.com" {
        type master;
        file "wntime.com.zone";
};

创建区正向文件

在指定的目录下创建zone文件名称wntime.com.zone内容如下。

# vim var/run/wntime.com.zone
$TTL 3h
@       IN SOA wntime.com. manager.wntime.com. (
                1       ;Serial
                3h      ;Refresh after 3 hours
                1h      ;Retry after 1 hour
                1w      ;Expire after 1 week
                1h)     ;Negative caching TTL of 1 hour
;
@       IN NS dns1.wntime.com.
@       IN NS dns2.wntime.com.
;
;server domain
;
dns1     3600    IN      A       192.168.86.100
dns2     3600    IN      A       192.168.86.200
hello    300     IN      A       192.168.86.111
hello    300     IN      A       192.168.86.112

区文件的相关说明如下:

  • 第一行以$TTL 3h开始,此行设置了域名记录的默认TTL值,如果整个zone文件中没有其他的同类TTL默认设置,那么这个就是全局的域名默认TTL设置。

  • 第二行是wntime.com区的SOA记录(start of authority,起始授权机构),一个区文件中必须有而且只能有一个SOA记录。wntime.com是wntime.com的master名称服务器(DNS)的名称。

  • @是一种简写方法,这个位置等同于wntime.com,bind启动后会把zone名称作为一种“来源域名”引入,在zone中的域名如果与来源域名相同,那么这个域名就可以简写为@。

  • 上面提到的“来源域名”会附加在zone文件中的每个记录名称后面,所以zone文件中例如www.wntime.com域名就可以简写为www,bind会自动的附加这个来源域名后缀。当然我们在zone文件中直接写www.wntime.com.也是可以的,注意域名后面有一个(“.”),否则域名其实是www.wntime.com.wntime.com

  • 分号开头代表注释,适当的空行和注释对zone文件的维护有好处。

合规检验

完成zone文件配置后可以使用bind自带的检查工具对zone文件配置合规性进行检查,检查举例如下:

[root@localhost sbin]# ./named-checkzone wntime.com ../var/run/wntime.com.zone 
zone wntime.com/IN: loaded serial 1

named-checkzone是bind自带的工具,用于检查zone文件合规,结果是OK代表zone文件能正常加载,解析测试如下

[root@localhost ~]# dig @192.168.86.160 hello.wntime.com

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-vfdy34cD-1664437191498)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/image-20220929114038708.png)]

创建反向文件

编辑etc/named.zone追加下面内容

# vim etc/named.conf
//
zone "86.168.192.in-addr.arpa" {
    type master;
    file "wntime.192.168.86";
    allow-transfer { any; };
};

在指定的目录下创建文件名称wntime.192.168.86内容如下。

# vim var/run/wntime.192.168.86
$TTL 3h
@       IN SOA 86.168.192.in-addr.arpa manager.wntime.com. (
                1       ;Serial
                3h      ;Refresh after 3 hours
                1h      ;Retry after 1 hour
                1w      ;Expire after 1 week
                1h)     ;Negative caching TTL of 1 hour
;
@       IN NS dns1.wntime.com.
@       IN NS dns2.wntime.com.
;
;server domain
;
dns1     3600    IN      A       192.168.86.100
dns2     3600    IN      A       192.168.86.200
111      300     IN      PTR     hello.wntime.com.
112      300     IN      PTR     hello.wntime.com.

测试

dig -x 192.168.86.111 @192.168.86.100
dig -x 192.168.86.112 @192.168.86.200

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-xV8cejRB-1664437191499)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/image-20220929120841484.png)]

主从配置

调整192.168.86.200 为从DNS

# vim etc/named.conf
//创建 wntime.com权威区
zone "wntime.com" {
        type slave;
        masters { 192.168.86.100; };
        file "slaves/wntime.com.zone";
};

//
zone "86.168.192.in-addr.arpa" {
        type slave;
        masters { 192.168.86.100; };
        file "slaves/wntime.192.168.86";
};

mkdir -p /usr/local/bind9/var/run/slaves
chown -R named:named /usr/local/bind9

bin/named-checkconf etc/named.conf
systemctl restart named

# 测试
ls -lvh /usr/local/bind9/var/run/slaves

dig @192.168.86.200 hello.wntime.com
dig -x 192.168.86.112 @192.168.86.200

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-BbyrGWEe-1664437191500)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/image-20220929123835229.png)]

修改主DNS上的wntime.com.zone配置, 增加一条A记录,从DNS上可以看到[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-wMMnwYqu-1664437191501)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/image-20220929124312468.png)]

nsupdate动态更新

编译etc/named.conf

# 生成key
sbin/tsig-keygen -a hmac-md5 wntime > wntime.key

# vim etc/named.conf
key "wntime" {
        algorithm hmac-md5;
        secret "ow/epgEiRTvGnBw/7cARjw==";
};

//创建 wntime.com权威区
zone "wntime.com" {
        type master;
        file "wntime.com.zone";
        allow-update { key rndc-key; };
};

//
zone "86.168.192.in-addr.arpa" {
        type master;
        file "wntime.192.168.86";
        allow-update { key rndc-key; };
};

bin/named-checkconf etc/named.conf
systemctl restart named

# 动态更新

cat >etc/nsupdate.sh<<EOF
    server 192.168.86.100
    zone wntime.com
    update add www.wntime.com. 86400 IN A 192.168.86.233
    show
    send
EOF
secret=$(cat wntime.key |grep secret|sed -e 's/"//g' -e 's/;//g'|awk '{print $2}')
nsupdate -y key-wntime:$secret < etc/nsupdate.sh

# 查看当前生效的DNS记录
dig +noquestion +nocmd +nostat +nocomments @192.168.86.100 AXFR wntime.com

更新脚本

#!/bin/bash
#
## Update DNS Records Interactive
## Rahul Patil
#
## Functions
#
ask() {
    while [[ $ans == "" ]]
    do
        read -p "${@}" ans
    done
    echo $ans
}
forward_zone_update() {
    local rr=${@}
    echo "
    server $DNS_SERVER
    zone $DNS_ZONE
    update add $rr
    show
    send" | nsupdate
}
delete_record() {
    local rr=${@}
    echo "
    server $DNS_SERVER
    zone $DNS_ZONE
    update delete $rr
    show
    send" | nsupdate
}

#
## Global Variable
#
DNS_IP="192.168.86.100"
DNS_SERVER="dns1.wntime.com"
DNS_ZONE="wntime.com"
DIG_CMD='dig +noquestion +nocmd +nostat +nocomments'
update_rr_a=$( ask "Enter FQDN of Record (Ex. xyz.${DNS_ZONE}) :-")
update_rr=$( ask "Enter IP of Record :-")
found_rr=$($DIG_CMD @${DNS_IP} AXFR ${DNS_ZONE} | grep ^"${update_rr_a%.$DNS_ZONE}" | tee /tmp/rr.tmp )
echo "Checking ${update_rr_a}..."
if [[ -z "${found_rr}" ]]
then
    echo "${update_rr_a} does exists"
    echo "${update_rr_a} adding to ${DNS_ZONE}"
    forward_zone_update "${update_rr_a} 86400 IN A ${update_rr}"
    echo "Done!!"
else
    echo "${update_rr_a} already exists"
    ans=$(ask "Do you want to Delete RR and want to re-add(y/n?)")
    case $ans in
        [yY]|[yY][eE][sS]) while read r;
                do delete_record $r ;
            	done < /tmp/rr.tmp ;;
        [nN]|[nN][oO]) exit 1 ;;
    esac
    
    forward_zone_update "${update_rr_a} 86400 IN A ${update_rr}"
    echo "Done!!"
fi

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Axm4AcOZ-1664437191501)(.%E6%9E%84%E5%BB%BA%E4%BC%81%E4%B8%9A%E7%BA%A7DNS%E7%B3%BB%E7%BB%9F/image-20220929152505317.png)]

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值