我正在尝试设置 Route53,以便与 consul 集群位于同一 VPC 上的实例可以访问 .consul 端点。
出于实验目的,我使用 BIND(私有 IP 172.31.56.55)设置了 DNS 转发设置的三个服务器节点之一,作为此处建议的名称服务器,并添加了allow-query { any; }和listen-on port 53 { any; };
我有一个“领事”。具有以下 SOA、NS 和 A(粘合)记录的托管区域:SOA:
ns1.consul. hostmaster.consul. 1 7200 900 1209600 86400
NS:
ns1.consul.
ns1.consul 答:
172.31.56.55
如果我在 dig 命令中指定 @ns1.consul ,它可以工作,但如果我把它排除在外,它就不会。我错过了什么/配置错误?
[ec2-user@ip-172-31-56-55 ~]$ dig @ns1.consul consul.service.dc1.consul
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.39.amzn1 <<>> @ns1.consul consul.service.dc1.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46403
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;consul.service.dc1.consul. IN A
;; ANSWER SECTION:
consul.service.dc1.consul. 0 IN A 172.31.51.192
consul.service.dc1.consul. 0 IN A 172.31.56.55
consul.service.dc1.consul. 0 IN A 172.31.52.9
;; Query time: 5 msec
;; SERVER: 172.31.56.55#53(172.31.56.55)
;; WHEN: Sat Oct 17 18:07:32 2015
;; MSG SIZE rcvd: 91
ec2-user@ip-172-31-56-55 ~]$ dig consul.service.dc1.consul
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.39.amzn1 <<>> consul.service.dc1.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24575
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;consul.service.dc1.consul. IN A
;; AUTHORITY SECTION:
consul. 60 IN SOA ns1.consul. hostmaster.consul. 1 7200 900 1209600 86400
;; Query time: 2 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Sat Oct 17 18:20:34 2015
;; MSG SIZE rcvd: 94