在 google 云中设置私有 DNS

Setting up Private DNS in google cloud

2 年前 Google 引入了私有 DNS,这对于内部域通信非常重要。

我使用下面的文档指南设置了一个私有 DNS 来了解 DNS https://cloud.google.com/sdk/gcloud/reference/dns/managed-zones/create https://www.jhanley.com/google-cloud-private-dns-zones/

以下是创建示例区域所遵循的步骤

创建了一个私有区域“private-zone”

gcloud dns managed-zones create --dns-name="example.com" --description="Private Zone" --visibility=private --networks=default "private-zone"

然后在google云中创建了一个虚拟机,运行为域名nslookup。 但是没有解决

testdns:~$ nslookup example.com
Server:         169.254.169.254
Address:        169.254.169.254#53
Non-authoritative answer:
*** Can't find example.com: No answer

我在创建的 Vm 实例上使用 Debian OS

Linux testdns 4.19.0-12-cloud-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64 GNU/Linux

这是

中NS和SOA记录以外的两条A记录
test.example.com.   A   300  192.0.0.9
www.example.com.    A   300  192.0.0.91
example.com.        A   3600 192.0.1.1

下面的例子已经过测试

nslookup when "example.com" 没有添加一条记录

mymach@testdns:~$ nslookup example.com ns-gcp-private.googledomains.com
Server:         ns-gcp-private.googledomains.com
Address:        169.254.169.254#53
Non-authoritative answer:
*** Can't find example.com: No answer

#dig example.com 使用名称服务器,添加了 'A' 记录

testdns:~$ dig example.com @ns-gcp-private.googledomains.com
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> example.com @ns-gcp-private.googledomains.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41534
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com.                   IN      A
;; ANSWER SECTION:
example.com.            3600    IN      A       192.0.1.1
;; Query time: 12 msec
;; SERVER: 169.254.169.254#53(169.254.169.254)
;; WHEN: Tue Dec 08 23:03:58 UTC 2020
;; MSG SIZE  rcvd: 56

添加example.com

后再次nslookup
testdns:~$ nslookup example.com ns-gcp-private.googledomains.com
Server:         ns-gcp-private.googledomains.com
Address:        169.254.169.254#53
Non-authoritative answer:
Name:   example.com
Address: 192.0.1.1

挖掘

testdns:~$ dig example.com 
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24673
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com.                   IN      A
;; ANSWER SECTION:
example.com.            3600    IN      A       192.0.1.1
;; Query time: 11 msec
;; SERVER: 169.254.169.254#53(169.254.169.254)
;; WHEN: Tue Dec 08 23:06:30 UTC 2020
;; MSG SIZE  rcvd: 56

使用本地主机挖掘

dig example.com @127.0.0.1
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> example.com @127.0.0.1
;; global options: +cmd
;; connection timed out; no servers could be reached

我是不是漏掉了一些步骤?

在您创建区域后:

gcloud dns managed-zones create --dns-name="example.com" --description="Private Zone" --visibility=private --networks=default "private-zone"

您必须为其创建 DNS 注册中心,例如:

gcloud dns record-sets transaction start --zone="private-zone"
gcloud dns record-sets transaction add 10.2.3.4 --name="example.com" --ttl="3600" --type="A" --zone="private-zone"
gcloud dns record-sets transaction execute --zone="private-zone"

给 GCP 1 分钟时间赶上,然后使用默认的“/etc/resolv.conf”文件重试。