在 google 云中设置私有 DNS
Setting up Private DNS in google cloud
2 年前 Google 引入了私有 DNS,这对于内部域通信非常重要。
我使用下面的文档指南设置了一个私有 DNS 来了解 DNS
https://cloud.google.com/sdk/gcloud/reference/dns/managed-zones/create
https://www.jhanley.com/google-cloud-private-dns-zones/
以下是创建示例区域所遵循的步骤
创建了一个私有区域“private-zone”
gcloud dns managed-zones create --dns-name="example.com" --description="Private Zone" --visibility=private --networks=default "private-zone"
然后在google云中创建了一个虚拟机,运行为域名nslookup
。
但是没有解决
testdns:~$ nslookup example.com
Server: 169.254.169.254
Address: 169.254.169.254#53
Non-authoritative answer:
*** Can't find example.com: No answer
我在创建的 Vm 实例上使用 Debian OS
Linux testdns 4.19.0-12-cloud-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64 GNU/Linux
这是
中NS和SOA记录以外的两条A记录
test.example.com. A 300 192.0.0.9
www.example.com. A 300 192.0.0.91
example.com. A 3600 192.0.1.1
下面的例子已经过测试
nslookup when "example.com" 没有添加一条记录
mymach@testdns:~$ nslookup example.com ns-gcp-private.googledomains.com
Server: ns-gcp-private.googledomains.com
Address: 169.254.169.254#53
Non-authoritative answer:
*** Can't find example.com: No answer
#dig example.com 使用名称服务器,添加了 'A' 记录
testdns:~$ dig example.com @ns-gcp-private.googledomains.com
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> example.com @ns-gcp-private.googledomains.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41534
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 3600 IN A 192.0.1.1
;; Query time: 12 msec
;; SERVER: 169.254.169.254#53(169.254.169.254)
;; WHEN: Tue Dec 08 23:03:58 UTC 2020
;; MSG SIZE rcvd: 56
添加example.com
后再次nslookup
testdns:~$ nslookup example.com ns-gcp-private.googledomains.com
Server: ns-gcp-private.googledomains.com
Address: 169.254.169.254#53
Non-authoritative answer:
Name: example.com
Address: 192.0.1.1
挖掘
testdns:~$ dig example.com
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24673
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 3600 IN A 192.0.1.1
;; Query time: 11 msec
;; SERVER: 169.254.169.254#53(169.254.169.254)
;; WHEN: Tue Dec 08 23:06:30 UTC 2020
;; MSG SIZE rcvd: 56
使用本地主机挖掘
dig example.com @127.0.0.1
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> example.com @127.0.0.1
;; global options: +cmd
;; connection timed out; no servers could be reached
我是不是漏掉了一些步骤?
在您创建区域后:
gcloud dns managed-zones create --dns-name="example.com" --description="Private Zone" --visibility=private --networks=default "private-zone"
您必须为其创建 DNS 注册中心,例如:
gcloud dns record-sets transaction start --zone="private-zone"
gcloud dns record-sets transaction add 10.2.3.4 --name="example.com" --ttl="3600" --type="A" --zone="private-zone"
gcloud dns record-sets transaction execute --zone="private-zone"
给 GCP 1 分钟时间赶上,然后使用默认的“/etc/resolv.conf”文件重试。
2 年前 Google 引入了私有 DNS,这对于内部域通信非常重要。
我使用下面的文档指南设置了一个私有 DNS 来了解 DNS https://cloud.google.com/sdk/gcloud/reference/dns/managed-zones/create https://www.jhanley.com/google-cloud-private-dns-zones/
以下是创建示例区域所遵循的步骤
创建了一个私有区域“private-zone”
gcloud dns managed-zones create --dns-name="example.com" --description="Private Zone" --visibility=private --networks=default "private-zone"
然后在google云中创建了一个虚拟机,运行为域名nslookup
。
但是没有解决
testdns:~$ nslookup example.com
Server: 169.254.169.254
Address: 169.254.169.254#53
Non-authoritative answer:
*** Can't find example.com: No answer
我在创建的 Vm 实例上使用 Debian OS
Linux testdns 4.19.0-12-cloud-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64 GNU/Linux
这是
中NS和SOA记录以外的两条A记录test.example.com. A 300 192.0.0.9
www.example.com. A 300 192.0.0.91
example.com. A 3600 192.0.1.1
下面的例子已经过测试
nslookup when "example.com" 没有添加一条记录
mymach@testdns:~$ nslookup example.com ns-gcp-private.googledomains.com
Server: ns-gcp-private.googledomains.com
Address: 169.254.169.254#53
Non-authoritative answer:
*** Can't find example.com: No answer
#dig example.com 使用名称服务器,添加了 'A' 记录
testdns:~$ dig example.com @ns-gcp-private.googledomains.com
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> example.com @ns-gcp-private.googledomains.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41534
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 3600 IN A 192.0.1.1
;; Query time: 12 msec
;; SERVER: 169.254.169.254#53(169.254.169.254)
;; WHEN: Tue Dec 08 23:03:58 UTC 2020
;; MSG SIZE rcvd: 56
添加example.com
后再次nslookuptestdns:~$ nslookup example.com ns-gcp-private.googledomains.com
Server: ns-gcp-private.googledomains.com
Address: 169.254.169.254#53
Non-authoritative answer:
Name: example.com
Address: 192.0.1.1
挖掘
testdns:~$ dig example.com
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24673
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 3600 IN A 192.0.1.1
;; Query time: 11 msec
;; SERVER: 169.254.169.254#53(169.254.169.254)
;; WHEN: Tue Dec 08 23:06:30 UTC 2020
;; MSG SIZE rcvd: 56
使用本地主机挖掘
dig example.com @127.0.0.1
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> example.com @127.0.0.1
;; global options: +cmd
;; connection timed out; no servers could be reached
我是不是漏掉了一些步骤?
在您创建区域后:
gcloud dns managed-zones create --dns-name="example.com" --description="Private Zone" --visibility=private --networks=default "private-zone"
您必须为其创建 DNS 注册中心,例如:
gcloud dns record-sets transaction start --zone="private-zone"
gcloud dns record-sets transaction add 10.2.3.4 --name="example.com" --ttl="3600" --type="A" --zone="private-zone"
gcloud dns record-sets transaction execute --zone="private-zone"
给 GCP 1 分钟时间赶上,然后使用默认的“/etc/resolv.conf”文件重试。