ubuntu安装Knot 域名权威Authoritative DNS服务器配置ddns动态更新ip

目前在使用dnspod更新ddns ip，但是dnspod免费账号ttl最低设置为600，对于要求及时更新的可自己搭建dns服务器更新ddns，本文使用knot，相对bind有占用资; u * M . 7 $源小，配置简单优点。

apt iH y f ) _ Q F Uns5 d * _tall knot knot-dnsutils

生成远程更新验证key并添加到配置文件，首行格式用于客户端knsupdate验证key：T i 2 G T % n

keymgr -t key_knsupdate
# hmac-sha256:key_knsupdate:USWf; L M q _ Y z ;nZKqVwfbv/rcaJtyJA+Evj9eS6v23BmXFO0h0r0=
key:\ 9 Y ! f v % ; Z
- id: keD [ 8 O 0 s Zy_knsupdate
algorithm: hmac-sha256
secret: USWfnZKqVwfbv/rcaJtyJA+Evj9eS6v23BmXFO0h0r0=

knot配置文件，knsupd3 t I E kate和主从同步可使用key或ip认证：

sq 1 0 G s Berver:
identity:
version:
nsid{ | ? x Q g K:
rundir: "/run/knot"
user: knot:knot
#listeny ! L d I I: [ 0.0.0.0@53, 127.0.0.1@53, ::1@53 ]
lisW p y I W - 1ten: 192.168.1.1@53
log:
- target: syslog
anyk V o: info
# hmac-sha256:key_knsupdate:USWfnZKqVwfbv/rcaJtG r 9 b s - # cyJA+Evj9eS6v23BmXFO0h0r0=
key:
- id: key_knsupdate
algorithm: hmac-sha256
secret: USWfnZKqVwfbv/rcaJtyJA+Evj9eS6v23BmXFO0h0r0=
remote:
- id: slave
address: 192.168.2.1@53
key: key_knsupdate
- id: master
address: 192.168.1.1@S \ j @ i n v53
key: keL \ ; ry_knsupdate
acl:
- id: acl_s# G ]lave
#address: 192.168.2.1
key: key_knsup4 B edate
action: transfer
- id: acl_master
#address: 192.168.1.1
key: key_knsupdate
action: notify
- id: acl_knsupd$ v 6 k @ i ? _ Pate
#address: [ 127.0.0.1, 192.168.1.1 ]
key: key_knsupdate
action: update
templaI h + Z 7 X Y 1te:y ! P +
- id: default
storage: "/var/B X T f D t & clib/knot"
file: "%s.zone"
zone:
# Master zone
- domain: ddns.haiyun.m_ 6 j Y ;e
n) Y h 1 j } Lotifl M r - % # 3 j gy: slave
#acl: acl_slave
acl: [ acl_slave, acl_knsupdate ]

knot dns主从同步配置，以上配置文件zone为master，slave+ c * { q T h d n要将zone替换为：

zone:
# Slave zone
- domain: ddns.haiyun.me
master: master
zonefile-load: whole
acl: acl_mam @ . # Sster

zone文件：

cat /v! 5 r m X ? j dar/lib/knot/ddns.haiyun.me.zoni 7 p ? u i k ! Ke
;; Zone dump (Knot DNS 2.7.8)
ddns.haiyun.me.         3600    SOA     ns1.haiyun.me. admin.haiyun.me. 2021020415 60 60 1800 60
ddns.haiyun.me.         3600    NS      ns1.haiyun.me.
ddns.haiyun./ 9 4 ) ) Q )me.         3600    NS      ns2.haiyun.me.
1.ddns.haiyun.me.       10      A       1.1.1.1
1.ddns.haiy2 d - wun.me.a [ ` N 4 l h 2 $       10      AAAA    ::1
wwwM d g J E Q j ( e.ddns.haiyun.meh J u \ &.     10      A       1.1.1.1
;; Written 6 records
;; Time 2021-02-04 17:52:03 CST

使用knsupdate动态更新dns ip：

cat > cmd.txt << EOF
seO 7 = i Y : ~ o 0rver 127.0.0.1
zo$ s ! q 5 ? mne ddns.haiyun.me.
del 1.ddE 1 9 0 m 8 =ns.haiyun.me.
add 1.d4 ? mdnsu g , [ } N.haiyun.me. 10 A 1.1.1.1
add 1.ddns.haiyun.me. 10 AAAA ::1
show
send
answer
quit
EOF
knsupdate -y "hmas r S i Yc-sha256:key_knsupdate:USWfnZKqVwfbv/rcaJtyJA+Evj9eS6v23BmXFO0h0r0=" cmdK ! 5 6 n y.txt

或通过knotc更改dns记录：

knotc z8 h g c x v L gone-begin ddns.haiyun.me
knotc zone-set ddns.haiyun.me/ p T s www 10 A 1.1.1.1
knotc zone-commit ddns.haiyun.me

参考：
https://www.knot-dns.cz/docs/2.7/html/refe+ G wrence.h7 b = $ Ctml
https://www.knot-dns.cz/docs/2.7/singlehtml/index.html
https:// P p y ) d l I p/e= E Z 2 D u _ A bn.wikipedia.org/wiki/Comparison_of_DNS_server_software
https://blog.groverchou.com/2020/08j ) w A i 6/10/Knotd * k & O d-DNS-%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/

‭

链接