debian10 dns_如何在Debian 10上使用DNSControl部署和管理DNS

debian10 dns

The author selected the Electronic Frontier Foundation Inc to receive a donation as part of the Write for DOnations program.

作者选择Electronic Frontier Foundation Inc接受捐赠，作为Write for DOnations计划的一部分。

介绍 (Introduction)

DNSControl is an infrastructure-as-code tool that allows you to deploy and manage your DNS zones using standard software development principles, including version control, testing, and automated deployment. DNSControl was created by Stack Exchange and is written in Go.

DNSControl是一种基础结构编码工具，使您可以使用标准软件开发原则(包括版本控制，测试和自动部署)来部署和管理DNS区域。 DNSControl由Stack Exchange创建，并用Go编写。

Using DNSControl eliminates many of the pitfalls of manual DNS management, as zone files are stored in a programmable format. This allows you to deploy zones to multiple DNS providers simultaneously, identify syntax errors, and push out your DNS configuration automatically, reducing the risk of human error. Another common usage of DNSControl is to quickly migrate your DNS to a different provider; for example, in the event of a DDoS attack or system outage.

使用DNSControl可以消除手动DNS管理的许多陷阱，因为区域文件是以可编程格式存储的。这使您可以将区域同时部署到多个DNS提供程序，识别语法错误，并自动推出DNS配置，从而降低了人为错误的风险。 DNSControl的另一种常用用法是将DNS快速迁移到其他提供商。例如，在DDoS攻击或系统中断的情况下。

In this tutorial, you’ll install and configure DNSControl, create a basic DNS configuration, and begin deploying DNS records to a live provider. As part of this tutorial, we will use DigitalOcean as the example DNS provider. If you wish to use a different provider, the setup is very similar. When you’re finished, you’ll be able to manage and test your DNS configuration in a safe, offline environment, and then automatically deploy it to production.

在本教程中，您将安装和配置DNSControl，创建基本的DNS配置，并开始将DNS记录部署到实时提供程序。作为本教程的一部分，我们将使用DigitalOcean作为示例DNS提供程序。如果您想使用其他提供程序，则设置非常相似。完成后，您将能够在安全的脱机环境中管理和测试DNS配置，然后将其自动部署到生产环境中。

先决条件 (Prerequisites)

Before you begin this guide you’ll need the following:

在开始本指南之前，您需要满足以下条件：

One Debian 10 server set up by following the Initial Server Setup with Debian 10, including a sudo non-root user and enabled firewall to block non-essential ports. your-server-ipv4-address refers to the IP address of the server where you’re hosting your website or domain. your-server-ipv6-address refers to the IPv6 address of the server where you’re hosting your website or domain.
通过对Debian 10进行初始服务器设置来设置一台Debian 10服务器，包括sudo非root用户和已启用的防火墙以阻止非必需端口。 your-server-ipv4-address是指托管网站或域的服务器的IP地址。 your-server-ipv6-address指托管网站或域的服务器的IPv6地址。
A fully registered domain name with DNS hosted by a supported provider. This tutorial will use your_domain throughout and DigitalOcean as the service provider.
由支持的提供商托管的具有DNS的完全注册的域名。本教程将整个使用your_domain并将DigitalOcean用作服务提供者。
A DigitalOcean API key (Personal Access Token) with read and write permissions. To create one, visit How to Create a Personal Access Token.
具有读写权限的DigitalOcean API密钥(个人访问令牌)。要创建一个，请访问如何创建个人访问令牌。

Once you have these ready, log in to your server as your non-root user to begin.

准备就绪后，以非root用户身份登录到服务器以开始。

第1步-安装DNSControl (Step 1 — Installing DNSControl)

DNSControl is written in Go, so you’ll start this step by installing Go to your server and setting your GOPATH.

DNSControl是用Go编写的，因此您将从安装Go到服务器并设置GOPATH开始此步骤。

Go is available within Debian’s default software repositories, making it possible to install using conventional package management tools.

Go在Debian的默认软件存储库中可用，从而可以使用常规的软件包管理工具进行安装。

You’ll also need to install Git, as this is required to allow Go to download and install the DNSControl software from it’s repository on GitHub.

您还需要安装Git，因为这是允许Go从GitHub上的存储库下载并安装DNSControl软件所必需的。

Begin by updating the local package index to reflect any new upstream changes:

首先更新本地包索引以反映任何新的上游更改：

sudo apt update
sudo apt更新

Then, install the golang-go and git packages:

然后，安装golang-go和git软件包：

sudo apt install golang-go git
sudo apt安装golang-go git

After confirming the installation, apt will download and install Go and Git, as well as all of their required dependencies.

确认安装后， apt将下载并安装Go和Git及其所有必需的依赖项。

Next, you’ll configure the required path environment variables for Go. If you would like to know more about this, you can read this tutorial on Understanding the GOPATH. Start by editing the ~/.profile file:

接下来，您将为Go配置所需的路径环境变量。如果您想进一步了解这一点，可以阅读有关了解GOPATH的教程。首先编辑~/.profile文件：

nano ~/.profile
纳米〜/ .profile

Add the following lines to the very end of your file:

将以下行添加到文件的末尾：

~/.profile

〜/ .profile

...
export GOPATH="$HOME/go"
export PATH="$PATH:$GOPATH/bin"

Once you have added these lines to the bottom of the file, save and close it. Then reload your profile by either logging out and back in, or sourcing the file again:

将这些行添加到文件底部后，保存并关闭它。然后通过注销然后重新登录或重新寻找文件来重新加载您的配置文件：

source ~/.profile
来源〜/ .profile

Now you’ve installed and configured Go, you can install DNSControl.

现在，您已经安装并配置了Go，可以安装DNSControl。

The go get command can be used to fetch a copy of the code, automatically compile it, and install it into your Go directory:

go get命令可用于获取代码的副本，自动对其进行编译，然后将其安装到您的Go目录中：

go get github.com/StackExchange/dnscontrol
去获取github.com/StackExchange/dnscontrol

Once this is complete, you can check the installed version to make sure that everything is working:

完成此操作后，您可以检查已安装的版本以确保一切正常：

dnscontrol version
dnscontrol版本

Your output will look similar to the following:

您的输出将类似于以下内容：


   
    Output
   dnscontrol 2.9-dev

If you see a dnscontrol: command not found error, double-check your Go path setup.

如果看到dnscontrol: command not found错误，请仔细检查Go路径设置。

Now that you’ve installed DNSControl, you can create a configuration directory and connect DNSControl to your DNS provider in order to allow it to make changes to your DNS records.

现在，您已经安装了DNSControl，您可以创建一个配置目录并将DNSControl连接到您的DNS提供程序，以便允许它更改您的DNS记录。

第2步-配置DNSControl (Step 2 — Configuring DNSControl)

In this step, you’ll create the required configuration directories for DNSControl, and connect it to your DNS provider so that it can begin to make live changes to your DNS records.

在此步骤中，将为DNSControl创建所需的配置目录，并将其连接到DNS提供程序，以便它可以开始对DNS记录进行实时更改。

Firstly, create a new directory in which you can store your DNSControl configuration, and then move into it:

首先，创建一个新目录，您可以在其中存储DNSControl配置，然后移入该目录：

mkdir ~/dnscontrol
mkdir〜/ dnscontrol
cd ~/dnscontrol
cd〜/ dnscontrol

Note: This tutorial will focus on the initial set up of DNSControl; however for production use it is recommended to store your DNSControl configuration in a version control system (VCS) such as Git. The advantages of this include full version control, integration with CI/CD for testing, seamlessly rolling-back deployments, and so on.

注意：本教程将着重于DNSControl的初始设置。但是，对于生产用途，建议将DNSControl配置存储在版本控制系统(VCS)中，例如Git 。这样做的优点包括完整的版本控制，与CI / CD集成以进行测试，无缝回滚部署等。

If you plan to use DNSControl to write BIND zone files, you should also create the zones directory:

如果计划使用DNSControl编写BIND区域文件，则还应该创建zones目录：

mkdir ~/dnscontrol/zones
mkdir〜/ dnscontrol /区域

BIND zone files are a raw, standardized method for storing DNS zones/records in plain text format. They were originally used for the BIND DNS server software, but are now widely adopted as the standard method for storing DNS zones. BIND zone files produced by DNSControl are useful if you want to import them to a custom or self-hosted DNS server, or for auditing purposes.

BIND区域文件是一种原始的标准化方法，用于以纯文本格式存储DNS区域/记录。它们最初用于BIND DNS服务器软件，但现在已广泛用作存储DNS区域的标准方法。如果要将DNSControl生成的BIND区域文件导入到自定义或自托管的DNS服务器，或者用于审核目的，则很有用。

However, if you just want to use DNSControl to push DNS changes to a managed provider, the zones directory will not be needed.

但是，如果只想使用DNSControl将DNS更改推送到托管提供程序，则不需要zones目录。

Next, you need to configure the creds.json file, which is what will allow DNSControl to authenticate to your DNS provider and make changes. The format of creds.json differs slightly depending on the DNS provider that you are using. Please see the Service Providers list in the official DNSControl documentation to find the configuration for your own provider.

接下来，您需要配置creds.json文件，该文件将允许DNSControl向您的DNS提供程序进行身份验证并进行更改。 creds.json的格式根据所使用的DNS提供程序而略有不同。请查看官方DNSControl文档中的“ 服务提供商”列表，以查找您自己的提供商的配置。

Create the file creds.json in the ~/dnscontrol directory:

在~/dnscontrol目录中创建文件creds.json ：

cd ~/dnscontrol
cd〜/ dnscontrol
nano creds.json
纳米creds.json

Add the sample creds.json configuration for your DNS provider to the file. If you’re using DigitalOcean as your DNS provider, you can use the following:

将您的DNS提供程序的示例creds.json配置添加到文件中。如果您将DigitalOcean用作DNS提供程序，则可以使用以下内容：

~/dnscontrol/creds.json

〜/ dnscontrol / creds.json

{
"digitalocean": {
  "token": "your-digitalocean-oauth-token"
}
}

This file tells DNSControl to which DNS providers you want it to connect.

该文件告诉DNSControl您要将其连接到哪些DNS提供程序。

You’ll need to provide some form of authentication for your DNS provider. This is usually an API key or OAuth token, but some providers require extra information, as documented in the Service Providers list in the official DNSControl documentation.

您需要为您的DNS提供程序提供某种形式的身份验证。这通常是API密钥或OAuth令牌，但是某些提供商需要其他信息，如官方DNSControl文档中的“ 服务提供商”列表中所述。

Warning: This token will grant access to your DNS provider account, so you should protect it as you would a password. Also, ensure that if you’re using a version control system, either the file containing the token is excluded (e.g. using .gitignore), or is securely encrypted in some way.

警告：此令牌将授予对您的DNS提供程序帐户的访问权限，因此您应像使用密码一样保护它。另外，请确保如果使用的是版本控制系统，则排除包含令牌的文件(例如，使用.gitignore )，或以某种方式对其进行安全加密。

If you’re using DigitalOcean as your DNS provider, you can use the required OAuth token in your DigitalOcean account settings that you generated as part of the prerequisites.

如果您将DigitalOcean用作DNS提供程序，则可以在作为先决条件的一部分而生成的DigitalOcean帐户设置中使用所需的OAuth令牌。

If you have multiple different DNS providers—for example, for multiple domain names, or delegated DNS zones—you can define these all in the same creds.json file.

如果您有多个不同的DNS提供程序(例如，多个域名或委托的DNS区域)，则可以在同一creds.json文件中定义所有这些DNS creds.json程序。

You’ve set up the initial DNSControl configuration directories, and configured creds.json to allow DNSControl to authenticate to your DNS provider and make changes. Next you’ll create the configuration for your DNS zones.

您已经设置了初始DNSControl配置目录，并配置了creds.json以允许DNSControl向您的DNS提供程序进行身份验证并进行更改。接下来，您将为DNS区域创建配置。

步骤3 —创建DNS配置文件 (Step 3 — Creating a DNS Configuration File)

In this step, you’ll create an initial DNS configuration file, which will contain the DNS records for your domain name or delegated DNS zone.

在此步骤中，您将创建一个初始DNS配置文件，其中将包含您的域名或委派DNS区域的DNS记录。

dnsconfig.js is the main DNS configuration file for DNSControl. In this file, DNS zones and their corresponding records are defined using JavaScript syntax. This is known as a DSL, or Domain Specific Language. The JavaScript DSL page in the official DNSControl documentation provides further details.

dnsconfig.js是DNSControl的主要DNS配置文件。在此文件中，使用JavaScript语法定义DNS区域及其相应的记录。这称为DSL或域特定语言。官方DNSControl文档中的JavaScript DSL页面提供了更多详细信息。

To begin, create the DNS configuration file in the ~/dnscontrol directory:

首先，在~/dnscontrol目录中创建DNS配置文件：

cd ~/dnscontrol
cd〜/ dnscontrol
nano dnsconfig.js
纳米dnsconfig.js

Then, add the following sample configuration to the file:

然后，将以下示例配置添加到文件中：

~/dnscontrol/dnsconfig.js

〜/ dnscontrol / dnsconfig.js

// Providers:

var REG_NONE = NewRegistrar('none', 'NONE');
var DNS_DIGITALOCEAN = NewDnsProvider('digitalocean', 'DIGITALOCEAN');

// Domains:

D('your_domain', REG_NONE, DnsProvider(DNS_DIGITALOCEAN),
  A('@', 'your-server-ipv4-address')
);

This sample file defines a domain name or DNS zone at a particular provider, which in this case is your_domain hosted by DigitalOcean. An example A record is also defined for the zone root (@), pointing to the IPv4 address of the server that you’re hosting your domain/website on.

该样本文件定义了特定提供商处的域名或DNS区域，在这种情况下，该域名是由DigitalOcean托管的your_domain 。还为区域根( @ )定义了一个示例A记录，该记录指向您托管域/网站所在的服务器的IPv4地址。

There are three main functions that make up a basic DNSControl configuration file:

组成基本DNSControl配置文件的三个主要功能是：

NewRegistrar(name, type, metadata): defines the domain registrar for your domain name. DNSControl can use this to make required changes, such as modifying the authoritative nameservers. If you only want to use DNSControl to manage your DNS zones, this can generally be left as NONE.
NewRegistrar(name, type, metadata) ：为您的域名定义域名注册商。 DNSControl可以使用它来进行所需的更改，例如修改权威名称服务器。如果只想使用DNSControl来管理DNS区域，通常可以将其保留为NONE 。
NewDnsProvider(name, type, metadata): defines a DNS service provider for your domain name or delegated zone. This is where DNSControl will push the DNS changes that you make.
NewDnsProvider(name, type, metadata) ：为您的域名或委派区域定义DNS服务提供商。这是DNSControl将推送您所做的DNS更改的地方。
D(name, registrar, modifiers): defines a domain name or delegated DNS zone for DNSControl to manage, as well as the DNS records present in the zone.
D(name, registrar, modifiers) ：定义要由DNSControl管理的域名或委托的DNS区域，以及该区域中存在的DNS记录。

You should configure NewRegistrar(), NewDnsProvider(), and D() accordingly using the Service Providers list in the official DNSControl documentation.

您应该使用官方DNSControl文档中的“ 服务提供者”列表相应地配置NewRegistrar() ， NewDnsProvider()和D() 。

If you’re using DigitalOcean as your DNS provider, and only need to be able to make DNS changes (rather than authoritative nameservers as well), the sample in the preceding code block is already correct.

如果您将DigitalOcean用作DNS提供商，并且仅需要进行DNS更改(而不是权威的名称服务器)，那么前面的代码块中的示例已经是正确的。

Once complete, save and close the file.

完成后，保存并关闭文件。

In this step, you set up a DNS configuration file for DNSControl, with the relevant providers defined. Next, you’ll populate the file with some useful DNS records.

在此步骤中，您为DNSControl设置了DNS配置文件，并定义了相关的提供程序。接下来，您将使用一些有用的DNS记录填充文件。

步骤4 —填充您的DNS配置文件 (Step 4 — Populating Your DNS Configuration File)

Next, you can populate the DNS configuration file with useful DNS records for your website or service, using the DNSControl syntax.

接下来，您可以使用DNSControl语法为网站或服务添加有用的DNS记录的DNS配置文件。

Unlike traditional BIND zone files, where DNS records are written in a raw, line-by-line format, DNS records within DNSControl are defined as a function parameter (domain modifier) to the D() function, as shown briefly in Step 3.

与传统的BIND区域文件不同，在传统的BIND区域文件中，DNS记录以原始的逐行格式写入，DNSControl中的DNS记录被定义为D()函数的函数参数(域修饰符)，如步骤3所示。

A domain modifier exists for each of the standard DNS record types, including A, AAAA, MX, TXT, NS, CAA, and so on. A full list of available record types is available in the Domain Modifiers section of the DNSControl documentation.

每个标准DNS记录类型都存在一个域修饰符，包括A ， AAAA ， MX ， TXT ， NS ， CAA等等。 DNSControl文档的“ 域修饰符”部分提供了可用记录类型的完整列表。

Modifiers for individual records are also available (record modifiers). Currently these are primarily used for setting the TTL (time to live) of individual records. A full list of available record modifiers is available in the Record Modifiers section of the DNSControl documentation. Record modifiers are optional, and in most basic use cases can be left out.

也可以使用单个记录的修改器(记录修改器)。当前，这些主要用于设置单个记录的TTL(生存时间)。 DNSControl文档的“ 记录修饰符”部分提供了可用记录修饰符的完整列表。记录修饰符是可选的，在大多数基本用例中都可以省略。

The syntax for setting DNS records varies slightly for each record type. Following are some examples for the most common record types:

设置DNS记录的语法因每种记录类型而略有不同。以下是一些最常见的记录类型的示例：

A records:

A记录：
- Purpose: To point to an IPv4 address.
  目的：指向一个IPv4地址。
- Syntax: A('name', 'address', optional record modifiers)
  语法： A(' name ', ' address ', optional record modifiers)
- Example: A('@', 'your-server-ipv4-address', TTL(30))
  例如： A(' @ ', ' your-server-ipv4-address ', TTL( 30 ))
AAAA records:

AAAA记录：
- Purpose: To point to an IPv6 address.
  目的：指向一个IPv6地址。
- Syntax: AAAA('name', 'address', optional record modifiers)
  语法： AAAA(' name ', ' address ', optional record modifiers)
- Example: AAAA('@', 'your-server-ipv6-address') (record modifier left out, so default TTL will be used)
  例如： AAAA(' @ ', ' your-server-ipv6-address ') (记录修饰符被省略，因此将使用默认TTL)
CNAME records:

CNAME记录：
- Purpose: To make your domain/subdomain an alias of another.
  目的：使您的域/子域成为另一个的别名。
- Syntax: CNAME('name', 'target', optional record modifiers)
  语法： CNAME(' name ', ' target ', optional record modifiers)
- Example: CNAME('subdomain1', 'example.org.') (note that a trailing . must be included if there are any dots in the value)
  示例： CNAME(' subdomain1 ', ' example.org. ') (请注意，如果值中包含任何点，则必须包含尾部. )
MX records:

MX记录：
- Purpose: To direct email to specific servers/addresses.
  目的：将电子邮件定向到特定的服务器/地址。
- Syntax: MX('name', 'priority', 'target', optional record modifiers)
  语法： MX(' name ', ' priority ', ' target ', optional record modifiers)
- Example: MX('@', 10, 'mail.example.net') (note that a trailing . must be included if there are any dots in the value)
  示例： MX(' @ ', 10 , ' mail.example.net ') (请注意，如果值中包含任何点，则必须包含尾部. )
TXT records:

TXT记录：
- Purpose: To add arbitrary plain text, often used for configurations without their own dedicated record type.
  目的：添加任意纯文本，通常用于没有自己专用记录类型的配置。
- Syntax: TXT('name', 'content', optional record modifiers)
  语法： TXT(' name ', ' content ', optional record modifiers)
- Example: TXT('@', 'This is a TXT record.')
  示例： TXT(' @ ', ' This is a TXT record. ')
CAA records:

CAA记录：
- Purpose: To restrict and report on Certificate Authorities (CAs) who can issue TLS certificates for your domain/subdomains.
  目的：限制和报告可以为您的域/子域颁发TLS证书的证书颁发机构(CA)。
- Syntax: CAA('name', 'tag', 'value', optional record modifiers)
  语法： CAA(' name ', ' tag ', ' value ', optional record modifiers)
- Example: CAA('@', 'issue', 'letsencrypt.org')
  示例： CAA(' @ ', ' issue ', ' letsencrypt.org ')

In order to begin adding DNS records for your domain or delegated DNS zone, edit your DNS configuration file:

为了开始为您的域或委派DNS区域添加DNS记录，请编辑您的DNS配置文件：

nano dnsconfig.js
纳米dnsconfig.js

Next, you can begin populating the parameters for the existing D() function using the syntax described in the previous list, as well as the Domain Modifiers section of the official DNSControl documentation. A comma (,) must be used in-between each record.

接下来，您可以使用上一列表以及官方DNSControl文档的“ 域修饰符”部分中描述的语法开始为现有D()函数填充参数。逗号( , )必须-之间使用每个记录。

For reference, the code block here contains a full sample configuration for a basic, initial DNS setup:

作为参考，此处的代码块包含基本的初始DNS设置的完整示例配置：

~/dnscontrol/dnsconfig.js

〜/ dnscontrol / dnsconfig.js

...

D('your_domain', REG_NONE, DnsProvider(DNS_DIGITALOCEAN),
  A('@', 'your-server-ipv4-address'),
  A('www', 'your-server-ipv4-address'),
  A('mail', 'your-server-ipv4-address'),
  AAAA('@', 'your-server-ipv6-address'),
  AAAA('www', 'your-server-ipv6-address'),
  AAAA('mail', 'your-server-ipv6-address'),
  MX('@', 10, 'mail.your_domain.'),
  TXT('@', 'v=spf1 -all'),
  TXT('_dmarc', 'v=DMARC1; p=reject; rua=mailto:abuse@your_domain; aspf=s; adkim=s;')
);

Once you have completed your initial DNS configuration, save and close the file.

完成初始DNS配置后，保存并关闭文件。

In this step, you set up the initial DNS configuration file, containing your DNS records. Next, you will test the configuration and deploy it.

在此步骤中，您将设置包含DNS记录的初始DNS配置文件。接下来，您将测试配置并部署它。

第5步-测试和部署DNS配置 (Step 5 — Testing and Deploying Your DNS Configuration)

In this step, you will run a local syntax check on your DNS configuration, and then deploy the changes to the live DNS server/provider.

在此步骤中，您将对DNS配置运行本地语法检查，然后将更改部署到实时DNS服务器/提供程序。

Firstly, move into your dnscontrol directory:

首先，进入您的dnscontrol目录：

cd ~/dnscontrol
cd〜/ dnscontrol

Next, use the preview function of DNSControl to check the syntax of your file, and output what changes it will make (without actually making them):

接下来，使用DNSControl的preview功能检查文件的语法，并输出它将进行的更改(实际上没有进行更改)：

dnscontrol preview
dnscontrol预览

If the syntax of your DNS configuration file is correct, DNSControl will output an overview of the changes that it will make. This should look similar to the following:

如果您的DNS配置文件的语法正确，则DNSControl将输出对其所做更改的概述。这看起来应该类似于以下内容：


   
    Output
   ******************** Domain: your_domain
----- Getting nameservers from: digitalocean
----- DNS Provider: digitalocean...8 corrections
#1: CREATE A your_domain your-server-ipv4-address ttl=300
#2: CREATE A www.your_domain your-server-ipv4-address ttl=300
#3: CREATE A mail.your_domain your-server-ipv4-address ttl=300
#4: CREATE AAAA your_domain your-server-ipv6-address ttl=300
#5: CREATE TXT _dmarc.your_domain "v=DMARC1; p=reject; rua=mailto:abuse@your_domain; aspf=s; adkim=s;" ttl=300
#6: CREATE AAAA www.your_domain your-server-ipv6-address ttl=300
#7: CREATE AAAA mail.your_domain your-server-ipv6-address ttl=300
#8: CREATE MX your_domain 10 mail.your_domain. ttl=300
----- Registrar: none...0 corrections
Done. 8 corrections.

If you see an error warning in your output, DNSControl will provide details on what and where the error is located within your file.

如果在输出中看到错误警告，则DNSControl将提供有关文件中错误的位置和位置的详细信息。

Warning: The next command will make live changes to your DNS records and possibly other settings. Please ensure that you are prepared for this, including taking a backup of your existing DNS configuration, as well as ensuring that you have the means to roll back if needed.

警告：下一条命令将实时更改您的DNS记录和其他可能的设置。请确保为此做好准备，包括备份现有的DNS配置，以及确保您有必要时进行回滚的方法。

Finally, you can push out the changes to your live DNS provider:

最后，您可以将更改推送到实时DNS提供商：

dnscontrol push
dnscontrol推送

You’ll see an output similar to the following:

您将看到类似于以下内容的输出：


   
    Output
   ******************** Domain: your_domain
----- Getting nameservers from: digitalocean
----- DNS Provider: digitalocean...8 corrections
#1: CREATE TXT _dmarc.your_domain "v=DMARC1; p=reject; rua=mailto:abuse@your_domain; aspf=s; adkim=s;" ttl=300
SUCCESS!
#2: CREATE A your_domain your-server-ipv4-address ttl=300
SUCCESS!
#3: CREATE AAAA your_domain your-server-ipv6-address ttl=300
SUCCESS!
#4: CREATE AAAA www.your_domain your-server-ipv6-address ttl=300
SUCCESS!
#5: CREATE AAAA mail.your_domain your-server-ipv6-address ttl=300
SUCCESS!
#6: CREATE A www.your_domain your-server-ipv4-address ttl=300
SUCCESS!
#7: CREATE A mail.your_domain your-server-ipv4-address ttl=300
SUCCESS!
#8: CREATE MX your_domain 10 mail.your_domain. ttl=300
SUCCESS!
----- Registrar: none...0 corrections
Done. 8 corrections.

Now, if you check the DNS settings for your domain in the DigitalOcean control panel, you’ll see the changes.

现在，如果您在DigitalOcean控制面板中检查域的DNS设置，您将看到更改。

You can also check the record creation by running a DNS query for your domain/delegated zone using dig.

您还可以通过使用dig为您的域/委派区域运行DNS查询来检查记录的创建。

If you don’t have dig installed, you’ll need to install the dnsutils package:

如果没有安装dig ，则需要安装dnsutils软件包：

sudo apt install dnsutils
sudo apt安装dnsutils

Once you’ve installed dig, you can use it to make a DNS lookup for your domain. You’ll see that the records have been updated accordingly:

安装dig ，您可以使用它为您的域进行DNS查找。您会看到记录已相应更新：

dig +short your_domain
挖+ short your_domain

You’ll see output showing the IP address and relevant DNS record from your zone that was deployed using DNSControl. DNS records can take some time to propagate, so you may need to wait and run this command again.

您将看到显示使用DNSControl部署的区域中的IP地址和相关DNS记录的输出。 DNS记录可能需要一些时间才能传播，因此您可能需要等待并再次运行此命令。

In this final step, you ran a local syntax check of the DNS configuration file, then deployed it to your live DNS provider, and tested that the changes were made successfully.

在最后一步中，您对DNS配置文件进行了本地语法检查，然后将其部署到实时DNS提供程序中，并测试了更改是否成功完成。

结论 (Conclusion)

In this article you set up DNSControl and deployed a DNS configuration to a live provider. Now you can manage and test your DNS configuration changes in a safe, offline environment before deploying them to production.

在本文中，您将设置DNSControl并将DNS配置部署到实时提供程序。现在，您可以在安全的脱机环境中管理和测试DNS配置更改，然后再将其部署到生产环境中。

If you wish to explore this subject further, DNSControl is designed to be integrated into your CI/CD pipeline, allowing you to run in-depth tests and have more control over your deployment to production. You could also look into integrating DNSControl into your infrastructure build/deployment processes, allowing you to deploy servers and add them to DNS completely automatically.

如果您希望进一步探索该主题，则可以将DNSControl设计为集成到CI / CD管道中，从而使您可以进行深入的测试，并更好地控制生产部署。您还可以考虑将DNSControl集成到基础结构的构建/部署过程中，从而允许您部署服务器并将其完全自动添加到DNS中。

If you wish to go further with DNSControl, the following DigitalOcean articles provide some interesting next steps to help integrate DNSControl into your change management and infrastructure deployment workflows:

如果您想进一步了解DNSControl，以下DigitalOcean文章提供了一些有趣的后续步骤，以帮助将DNSControl集成到您的变更管理和基础结构部署工作流中：

An Introduction to Continuous Integration, Delivery, and Deployment
持续集成，交付和部署简介
CI/CD Tools Comparison: Jenkins, GitLab CI, Buildbot, Drone, and Concourse
CI / CD工具比较：Jenkins，GitLab CI，Buildbot，Drone和Concourse
Getting Started with Configuration Management
配置管理入门