首先请允许我设置场景。
我们曾经使用Bind9,但是弃用PowerDNS,因为坦率地说,Bind很糟糕。
我们在DNS主服务器上有一个“主”区域。 london.wibblesplat.com还有其他的区域, oob.london.wibblesplat.com
非oob区域中的大部分地址范围是192.168.0.0/16. dns-1服务器的IP是192.168.123.140 。 (我不确定这是否相关)。
我想添加一些out-of-band(oob)访问IP到172.16.254.0/24范围内的oob.london.wibblesplat.com区域
这是驱动powerdns的数据库中的内容。
powerdns=# select * from records where name like '%switch%'; id | domain_id | name | type | content | ttl | prio | change_date | ordername | auth --------+-----------+----------------------------------------------------+------+---------------+------+------+-------------+-----------+------ 190709 | 24 | renderchassis-1-switch-A1.london.wibblesplat.com | A | 172.16.254.12 | 3600 | 0 | 1328715923 | | 190710 | 24 | renderchassis-1-switch-A2.london.wibblesplat.com | A | 172.16.254.3 | 3600 | 0 | 1328715923 | | 190711 | 24 | renderchassis-2-switch-A1.london.wibblesplat.com | A | 172.16.254.2 | 3600 | 0 | 1328715923 | | 190712 | 24 | renderchassis-2-switch-A2.london.wibblesplat.com | A | 172.16.254.13 | 3600 | 0 | 1328715923 | | (4 rows)
这是挖掘说。
tom.oconnor@charcoal-black:~$ dig renderchassis-1-switch-A1 +search ; <<>> DiG 9.7.0-P1 <<>> renderchassis-1-switch-A1 +search ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28586 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;renderchassis-1-switch-A1.london.wibblesplat.com. IN A ;; AUTHORITY SECTION: london.wibblesplat.com. 1800 IN SOA dns1.london.wibblesplat.com. hostmaster.london.wibblesplat.com. 2012020803 28800 7200 604800 86400 ;; Query time: 2 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 15:58:53 2012 ;; MSG SIZE rcvd: 120
为什么PowerDNS不能提供logging? 它存在。 查询应该没问题 。 如果Alogging不在服务器有权访问的子网中,那么对于没有被服务的区域有没有什么奇怪的东西? (我看不出这是正确的,如果我想(无论什么原因)重新发布Alogging8.8.8.8或其他)。
有什么想法吗?
编辑:
情节变厚了。 出于兴趣,我掩盖了旧的logging,并添加了一些新的,较短的logging。
powerdns=# select * from records where name like '%rc1sw%' or content like '%rc1sw%'; id | domain_id | name | type | content | ttl | prio | change_date | ordername | auth --------+-----------+-----------------------------+------+---------------+------+------+-------------+-----------+------ 190810 | 23 | rc1sw1.london.wibblesplat.com | A | 172.16.254.12 | 3600 | 0 | 1328720986 | | 190811 | 23 | rc1sw2.london.wibblesplat.com | A | 172.16.254.3 | 3600 | 0 | 1328720999 | |
而现在.. tom.oconnor@charcoal-black:〜$ dig rc1sw1 +search
; <<>> DiG 9.7.0-P1 <<>> rc1sw1 +search ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32849 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;rc1sw1.london.wibblesplat.com. IN A ;; ANSWER SECTION: rc1sw1.london.wibblesplat.com. 3600 IN A 172.16.254.12 ;; Query time: 0 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:10:35 2012 ;; MSG SIZE rcvd: 61
它工作。
似乎Powerdns可能不喜欢这么多-字符在名称。 我会记住这一点,继续下去。 不过,答案可能会很好。
好的,这是它不喜欢的-A1。
看看这个。
powerdns=# select * from records order by id desc limit 5; id | domain_id | name | type | content | ttl | prio | change_date | ordername | auth --------+-----------+---------------------------------+------+---------------------------------+------+------+-------------+-----------+------ 190830 | 23 | bunt-1-A1.london.wibblesplat.com | A | 127.0.0.1 | 120 | 0 | 1328722058 | | 190829 | 22 | 80.124.168.192.in-addr.arpa. | PTR | claret-red.london.wibblesplat.com | 3600 | 0 | 1328722007 | | 190828 | 23 | claret-red.london.wibblesplat.com | A | 192.168.124.80 | 3600 | 0 | 1328722007 | | 190825 | 23 | BUNT.london.wibblesplat.com | A | 127.0.0.1 | 120 | 0 | 1328721975 | | 190824 | 23 | bunt.london.wibblesplat.com | A | 127.0.0.1 | 120 | 0 | 1328721967 | |
和
tom.oconnor@charcoal-black:~$ dig bunt +search ; <<>> DiG 9.7.0-P1 <<>> bunt +search ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34027 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;bunt.london.wibblesplat.com. IN A ;; ANSWER SECTION: bunt.london.wibblesplat.com. 120 IN A 127.0.0.1 ;; Query time: 1 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:27:15 2012 ;; MSG SIZE rcvd: 59 tom.oconnor@charcoal-black:~$ dig BUNT +search ; <<>> DiG 9.7.0-P1 <<>> BUNT +search ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60125 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;BUNT.london.wibblesplat.com. IN A ;; ANSWER SECTION: BUNT.london.wibblesplat.com. 120 IN A 127.0.0.1 ;; Query time: 0 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:27:20 2012 ;; MSG SIZE rcvd: 59 tom.oconnor@charcoal-black:~$ dig bunt-1-A1 +search ; <<>> DiG 9.7.0-P1 <<>> bunt-1-A1 +search ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22009 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ; ; QUESTION SECTION: ;bunt-1-A1. IN A ;; AUTHORITY SECTION: . 1800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2012020801 1800 900 604800 86400 ;; Query time: 59 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:27:53 2012 ;; MSG SIZE rcvd: 102
PostgreSQL至less在默认的PowerDNS表模式下是区分大小写的。 PowerDNS降低了所有的查询。 所以,一定要小写你的名字。
所以,看起来PowerDNS在某些configuration中对大写string有很大的帮助。
它会接受BUNT和bunt,但不是bunt-1-A1或其变体。
查看关于问题的编辑,以及这个挖掘块。
tom.oconnor@charcoal-black:~$ dig bunt-A0000.london.wibblesplat.com ; <<>> DiG 9.7.0-P1 <<>> bunt-A0000.london.wibblesplat.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21482 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;bunt-A0000.london.wibblesplat.com. IN A ;; AUTHORITY SECTION: london.wibblesplat.com. 86400 IN SOA dns-1.london.wibblesplat.com. root.london.wibblesplat.com. 2012020835 28800 14400 2419200 86400 ;; Query time: 1 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:39:01 2012 ;; MSG SIZE rcvd: 116 tom.oconnor@charcoal-black:~$ dig bunt-B.london.wibblesplat.com ; <<>> DiG 9.7.0-P1 <<>> bunt-B.london.wibblesplat.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41445 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;bunt-B.london.wibblesplat.com. IN A ;; AUTHORITY SECTION: london.wibblesplat.com. 86400 IN SOA dns-1.london.wibblesplat.com. root.london.wibblesplat.com. 2012020835 28800 14400 2419200 86400 ;; Query time: 1 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:39:09 2012 ;; MSG SIZE rcvd: 112 tom.oconnor@charcoal-black:~$ dig bunt-BUNT.london.wibblesplat.com ; <<>> DiG 9.7.0-P1 <<>> bunt-BUNT.london.wibblesplat.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57635 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;bunt-BUNT.london.wibblesplat.com. IN A ;; AUTHORITY SECTION: london.wibblesplat.com. 86400 IN SOA dns-1.london.wibblesplat.com. root.london.wibblesplat.com. 2012020835 28800 14400 2419200 86400 ;; Query time: 1 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:39:14 2012 ;; MSG SIZE rcvd: 115 tom.oconnor@charcoal-black:~$ dig buntA1.london.wibblesplat.com ; <<>> DiG 9.7.0-P1 <<>> buntA1.london.wibblesplat.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29929 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;buntA1.london.wibblesplat.com. IN A ;; AUTHORITY SECTION: london.wibblesplat.com. 86400 IN SOA dns-1.london.wibblesplat.com. root.london.wibblesplat.com. 2012020835 28800 14400 2419200 86400 ;; Query time: 1 msec ;; SERVER: 192.168.123.140#53(192.168.123.140) ;; WHEN: Wed Feb 8 17:39:18 2012 ;; MSG SIZE rcvd: 112