-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathatom.xml
633 lines (310 loc) · 217 KB
/
atom.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>歸去如風</title>
<subtitle>一個自由自在的互聯網民工</subtitle>
<link href="https://yjz.hk/atom.xml" rel="self"/>
<link href="https://yjz.hk/"/>
<updated>2024-02-22T00:06:30.000Z</updated>
<id>https://yjz.hk/</id>
<author>
<name>小澤</name>
</author>
<generator uri="https://hexo.io/">Hexo</generator>
<entry>
<title>Nginx 編譯開啟 Quic 或 HTTP/3</title>
<link href="https://yjz.hk/articles/20230526.html"/>
<id>https://yjz.hk/articles/20230526.html</id>
<published>2023-05-26T14:30:30.000Z</published>
<updated>2024-02-22T00:06:30.000Z</updated>
<content type="html"><![CDATA[<blockquote><p>隨住最近 Nginx-Quic 分支被合併到咗 Nginx 主線,Nginx 1.25.0 版本官方二進制包已經支援 Quic/HTTP3,有興趣嘅朋友可以前往 <a href="https://nginx.org/en/download.html">https://nginx.org/en/download.html</a> 或 <a href="https://nginx.org/en/linux_packages.html">https://nginx.org/en/linux_packages.html</a> 下載安裝,體驗一下 Quic/HTTP3 嘅魅力,本文將主要為你介紹點樣透過編譯嘅方式開啟 Quic/HTTP3。</p></blockquote><blockquote><p>2024年02月20號更新:通過喺 Nginx 郵件社區討論得到咗一個解決方案,可以將 libssl 構建為共享庫嚟解決呢個問題,詳見 <a href="https://mailman.nginx.org/pipermail/nginx/2024-February/5N5IXG7BI66D5AIKORCYPVVVJTZYMUR6.html">https://mailman.nginx.org/pipermail/nginx/2024-February/5N5IXG7BI66D5AIKORCYPVVVJTZYMUR6.html</a> ,可以根據需要自行試。</p></blockquote><blockquote><p>2024年02月19號更新:因為谷歌嘅 BoringSSL 而家發佈咗一個破壞性嘅更新,所以導致編譯出錯,本文臨時將克隆到嘅 BoringSSL 版本修改為 c39e6cd9ec5acebb6de2adffc03cfe03b07f08ab 呢個 commit。<br>2023年11月19號更新:修正咗Nginx_brotli編譯錯誤嘅問題。<br>2023年06月22號更新:更新咗關於 HTTP/2 嘅配置,Nginx 已經廢棄咗 listen 指令中嘅 http2 參數,改為 <code>http2 on;</code>,詳見 <a href="https://hg.nginx.org/nginx/rev/08ef02ad5c54">https://hg.nginx.org/nginx/rev/08ef02ad5c54</a> 同 <a href="https://nginx.org/en/docs/http/ngx_http_v2_module.html">https://nginx.org/en/docs/http/ngx_http_v2_module.html</a> ,如果你之前參照過本文編譯安裝 Nginx,請你重新編譯安裝之後修改配置,可參照<a href="#%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6">示例配置</a>。</p></blockquote><h2 id="安装依赖"><a href="#安装依赖" class="headerlink" title="安装依赖"></a>安装依赖</h2><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># Debian 11/12</span></span><br><span class="line">apt update</span><br><span class="line">apt install build-essential ca-certificates zlib1g-dev libpcre3 libpcre3-dev tar unzip libssl-dev wget curl git cmake ninja-build mercurial libunwind-dev pkg-config</span><br><span class="line"><span class="comment"># Ubuntu 22.04/20.04</span></span><br><span class="line">sudo su</span><br><span class="line"><span class="built_in">cd</span> /root</span><br><span class="line">apt update</span><br><span class="line">apt install build-essential ca-certificates zlib1g-dev libpcre3 libpcre3-dev tar unzip libssl-dev wget curl git cmake ninja-build mercurial libunwind-dev pkg-config</span><br><span class="line"><span class="comment"># CentOS 8 Stream/TencentOS Server 3.1</span></span><br><span class="line">dnf update</span><br><span class="line">dnf install gcc gcc-c++ pcre-devel openssl-devel zlib-devel cmake make libunwind-devel hg git wget</span><br><span class="line"><span class="comment"># OpenCloudOS Server 8</span></span><br><span class="line">dnf update</span><br><span class="line">dnf install gcc gcc-c++ pcre-devel openssl-devel zlib-devel cmake make hg git wget</span><br></pre></td></tr></table></figure><h2 id="安裝Go"><a href="#安裝Go" class="headerlink" title="安裝Go"></a>安裝Go</h2><h3 id="下載並解壓"><a href="#下載並解壓" class="headerlink" title="下載並解壓"></a>下載並解壓</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">wget https://dl.google.com/go/go1.22.0.linux-amd64.tar.gz</span><br><span class="line"><span class="built_in">rm</span> -rf /usr/local/go && tar -C /usr/local -xzf go1.22.0.linux-amd64.tar.gz</span><br></pre></td></tr></table></figure><h3 id="添加环境变量"><a href="#添加环境变量" class="headerlink" title="添加环境变量"></a>添加环境变量</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">export</span> PATH=<span class="variable">$PATH</span>:/usr/local/go/bin</span><br></pre></td></tr></table></figure><p>具体可参考<a href="https://go.dev/doc/install">https://go.dev/doc/install</a></p><h3 id="验证是否安装成功"><a href="#验证是否安装成功" class="headerlink" title="验证是否安装成功"></a>验证是否安装成功</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">go version</span><br></pre></td></tr></table></figure><h2 id="編譯-boringssl"><a href="#編譯-boringssl" class="headerlink" title="編譯 boringssl"></a>編譯 boringssl</h2><h3 id="Debian-Ubuntu"><a href="#Debian-Ubuntu" class="headerlink" title="Debian/Ubuntu"></a>Debian/Ubuntu</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">git <span class="built_in">clone</span> https://github.com/google/boringssl.git</span><br><span class="line"><span class="built_in">cd</span> boringssl</span><br><span class="line">git reset --hard c39e6cd9ec5acebb6de2adffc03cfe03b07f08ab</span><br><span class="line"><span class="built_in">mkdir</span> build</span><br><span class="line"><span class="built_in">cd</span> build</span><br><span class="line">cmake -GNinja ..</span><br><span class="line">ninja</span><br><span class="line"><span class="built_in">cd</span> ../..</span><br></pre></td></tr></table></figure><h3 id="CentOS-8-Stream-TencentOS-Server-3-1-OpenCloudOS-Server-8"><a href="#CentOS-8-Stream-TencentOS-Server-3-1-OpenCloudOS-Server-8" class="headerlink" title="CentOS 8 Stream/TencentOS Server 3.1/OpenCloudOS Server 8"></a>CentOS 8 Stream/TencentOS Server 3.1/OpenCloudOS Server 8</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">git <span class="built_in">clone</span> https://github.com/google/boringssl.git</span><br><span class="line"><span class="built_in">cd</span> boringssl</span><br><span class="line">git reset --hard c39e6cd9ec5acebb6de2adffc03cfe03b07f08ab</span><br><span class="line"><span class="built_in">mkdir</span> build</span><br><span class="line"><span class="built_in">cd</span> build</span><br><span class="line">cmake -DCMAKE_BUILD_TYPE=Release .. </span><br><span class="line">make</span><br><span class="line"><span class="built_in">cd</span> ../..</span><br></pre></td></tr></table></figure><h2 id="安装-brotli-压缩"><a href="#安装-brotli-压缩" class="headerlink" title="安装 brotli 压缩"></a>安装 brotli 压缩</h2><blockquote><p>唔需要就跳过,編譯时删咗–add-module=/root/ngx_brotli</p></blockquote><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">git <span class="built_in">clone</span> --recurse-submodules -j8 https://github.com/google/ngx_brotli</span><br><span class="line"><span class="built_in">cd</span> ngx_brotli/deps/brotli</span><br><span class="line"><span class="built_in">mkdir</span> out && <span class="built_in">cd</span> out</span><br><span class="line">cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS=<span class="string">"-Ofast -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections"</span> -DCMAKE_CXX_FLAGS=<span class="string">"-Ofast -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections"</span> -DCMAKE_INSTALL_PREFIX=./installed ..</span><br><span class="line">cmake --build . --config Release --target brotlienc</span><br><span class="line"><span class="built_in">cd</span> ../../../..</span><br></pre></td></tr></table></figure><h2 id="編譯安裝quic"><a href="#編譯安裝quic" class="headerlink" title="編譯安裝quic"></a>編譯安裝quic</h2><blockquote><p>注意:<br>我係直接喺 /root 目錄下編寫嘅,如果你喺其它目錄下,請自行修改路徑;<br>如果你唔需要 brotli 壓縮,請刪除–add-module=/root/ngx_brotli<br>我將 Nginx 安裝喺 /www/server/nginx 目錄下,如果你需要修改,請自行修改路徑;</p></blockquote><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">hg <span class="built_in">clone</span> https://hg.nginx.org/nginx</span><br><span class="line"><span class="built_in">cd</span> nginx</span><br><span class="line">./auto/configure --user=www --group=www --prefix=/www/server/nginx --with-pcre --add-module=../ngx_brotli --with-http_v2_module --with-stream --with-stream_ssl_module --with-http_ssl_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --with-ld-opt=-Wl,-E --with-cc-opt=-Wno-error --with-ld-opt=-ljemalloc --with-http_dav_module --with-http_v3_module --with-cc-opt=-I../boringssl/include --with-ld-opt=<span class="string">'-L../boringssl/build/ssl -L../boringssl/build/crypto'</span></span><br><span class="line">make</span><br><span class="line">make install</span><br></pre></td></tr></table></figure><h2 id="添加-www-用户"><a href="#添加-www-用户" class="headerlink" title="添加 www 用户"></a>添加 www 用户</h2><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">groupadd www</span><br><span class="line">useradd -g www -s /sbin/nologin www</span><br></pre></td></tr></table></figure><h2 id="添加進程管理"><a href="#添加進程管理" class="headerlink" title="添加進程管理"></a>添加進程管理</h2><blockquote><p>我所使用的是systemd,如果你使用的是其他進程管理器,請自行修改</p></blockquote><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /usr/lib/systemd/system/nginx.service</span><br></pre></td></tr></table></figure><p>輸入嘅內容:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">[Unit]</span><br><span class="line">Description=nginx</span><br><span class="line">After=network.target</span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line">Type=forking</span><br><span class="line">ExecStart=/www/server/nginx/sbin/nginx</span><br><span class="line">ExecReload=/www/server/nginx/sbin/nginx -s reload</span><br><span class="line">ExecStop=/www/server/nginx/sbin/nginx -s quit</span><br><span class="line">PrivateTmp=<span class="literal">true</span></span><br><span class="line"></span><br><span class="line">[Install]</span><br><span class="line">WantedBy=multi-user.target</span><br></pre></td></tr></table></figure><h2 id="启动"><a href="#启动" class="headerlink" title="启动"></a>启动</h2><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl start nginx</span><br></pre></td></tr></table></figure><h2 id="开机自启"><a href="#开机自启" class="headerlink" title="开机自启"></a>开机自启</h2><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl <span class="built_in">enable</span> nginx</span><br></pre></td></tr></table></figure><h2 id="配置档"><a href="#配置档" class="headerlink" title="配置档"></a>配置档</h2><p>范例配置档咁,想知更多功能请参考官方文件:<a href="https://nginx.org/en/docs/http/ngx_http_v3_module.html">https://nginx.org/en/docs/http/ngx_http_v3_module.html</a></p><figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">server</span> {</span><br><span class="line"> <span class="attribute">listen</span> <span class="number">443</span> ssl;</span><br><span class="line"> <span class="attribute">listen</span> [::]:<span class="number">443</span> ssl;</span><br><span class="line"></span><br><span class="line"> <span class="comment">#用嚟支援Quic或者HTTP/3</span></span><br><span class="line"> <span class="attribute">listen</span> <span class="number">443</span> quic reuseport;</span><br><span class="line"> <span class="attribute">listen</span> [::]:<span class="number">443</span> quic reuseport;</span><br><span class="line"></span><br><span class="line"> <span class="comment">#用嚟支援HTTP/2</span></span><br><span class="line"> <span class="attribute">http2</span> <span class="literal">on</span>;</span><br><span class="line"></span><br><span class="line"> <span class="attribute">server_name</span> r2wind.com;</span><br><span class="line"></span><br><span class="line"> <span class="comment">#Quic或者HTTP/3响应头</span></span><br><span class="line"> <span class="attribute">add_header</span> Alt-Svc <span class="string">'h3=":443"; ma=86400'</span>;</span><br><span class="line"> <span class="comment">#HSTS</span></span><br><span class="line"> <span class="attribute">add_header</span> Strict-Transport-Security <span class="string">"max-age=63072000; includeSubdomains; preload"</span>;</span><br><span class="line"></span><br><span class="line"> <span class="section">location</span> / {</span><br><span class="line"> <span class="attribute">root</span> /www/wwwroot/r2wind.com; </span><br><span class="line"> <span class="attribute">index</span> index.html index.htm;</span><br><span class="line"> }</span><br><span class="line"></span><br><span class="line"> <span class="comment">#證書配置</span></span><br><span class="line"> <span class="attribute">ssl_certificate</span> /root/.acme.sh/smb.wiki/fullchain.cer; </span><br><span class="line"> <span class="attribute">ssl_certificate_key</span> /root/.acme.sh/smb.wiki/smb.wiki.key;</span><br><span class="line"> <span class="attribute">ssl_session_timeout</span> <span class="number">5m</span>;</span><br><span class="line"> <span class="attribute">ssl_protocols</span> TLSv1.<span class="number">2</span> TLSv1.<span class="number">3</span>; </span><br><span class="line"> <span class="attribute">ssl_ciphers</span> ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;</span><br><span class="line"> <span class="attribute">ssl_prefer_server_ciphers</span> <span class="literal">on</span>;</span><br><span class="line"> }</span><br></pre></td></tr></table></figure><p>配置做好咗之后,重新加载 Nginx 就可以生效咗</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl reload nginx</span><br></pre></td></tr></table></figure>]]></content>
<summary type="html"><blockquote>
<p>隨住最近 Nginx-Quic 分支被合併到咗 Nginx 主線,Nginx 1.25.0 版本官方二進制包已經支援 Quic&#x2F;HTTP3,有興趣嘅朋友可以前往 <a href="https://nginx.org/en/download</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="Nginx" scheme="https://yjz.hk/tags/Nginx/"/>
<category term="建站" scheme="https://yjz.hk/tags/%E5%BB%BA%E7%AB%99/"/>
</entry>
<entry>
<title>利用 Nginx 搭建 IP 查詢接口</title>
<link href="https://yjz.hk/articles/20230508.html"/>
<id>https://yjz.hk/articles/20230508.html</id>
<published>2023-05-08T13:27:04.000Z</published>
<updated>2023-05-08T15:03:04.000Z</updated>
<content type="html"><![CDATA[<blockquote><p>本文將介紹點样利用純 Nginx 搭建 IP 地址查詢接口(只查詢 IP 地址,唔查詢 IP 歸屬地),如果有查詢 IP 歸屬地嘅需求,可以參考另一位大佬嘅一篇文章 <a href="https://www.rehiy.com/post/467/">純 Nginx 打造 IP 地址查詢接口</a>。</p></blockquote><blockquote><p>好耐冇見,呢兩個月由於啲咩原因(考試、面試)一直冇有更新博客,今日終於有時間咗,就趕緊嚟更新。用 Nginx 嚟攞 IP 呢個方法係去年 8 月份喺處理DDNS Openwrt 插件無法更新 IP 嘅 case 時了解到嘅,當時插件裏頭攞 IP 嘅接口 ns1.dnspod.net:6666 由於係早啲年寫嘅一個程序僅支持 http/0.9 導致 DDNS 插件無法正常攞 IP 地址,之後一位大佬改用 Nginx 嚟攞 IP 地址,嗰次先知道 Nginx 原來仲可以噉用,簡直係學藝唔精哈哈哈。</p></blockquote><blockquote><p>安裝 Nginx 嘅方法就唔介紹咗,直接丟配置文件咗。</p></blockquote><blockquote><p>文末有現成嘅,如果你唔想自己搭建嘅話可以直接使用。</p></blockquote><h2 id="配置范例"><a href="#配置范例" class="headerlink" title="配置范例"></a>配置范例</h2><h3 id="获取-IP-JSON"><a href="#获取-IP-JSON" class="headerlink" title="获取 IP(JSON)"></a>获取 IP(JSON)</h3><figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">server</span> {</span><br><span class="line"> <span class="attribute">listen</span> <span class="number">80</span>;</span><br><span class="line"> <span class="attribute">listen</span> [::]:<span class="number">80</span>;</span><br><span class="line"></span><br><span class="line"> <span class="attribute">listen</span> <span class="number">443</span> ssl http2;</span><br><span class="line"> <span class="attribute">listen</span> [::]:<span class="number">443</span> ssl http2;</span><br><span class="line"></span><br><span class="line"> <span class="comment"># 以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可删掉注释</span></span><br><span class="line"> <span class="comment"># listen 443 http3;</span></span><br><span class="line"> <span class="comment"># listen [::]:443 http3;</span></span><br><span class="line"></span><br><span class="line"> <span class="attribute">server_name</span> ipv4.ddnsip.cn ipv6.ddnsip.cn ddnsip.cn;</span><br><span class="line"></span><br><span class="line"> <span class="comment"># 以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可删掉注释</span></span><br><span class="line"> <span class="comment"># add_header Alt-Svc 'h3=":443"; ma=86400';</span></span><br><span class="line"></span><br><span class="line"> <span class="comment"># HSTS</span></span><br><span class="line"> <span class="attribute">add_header</span> Strict-Transport-Security <span class="string">"max-age=63072000; includeSubdomains; preload"</span>;</span><br><span class="line"></span><br><span class="line"> <span class="comment"># 许跨域(喺其他站点调用接口时会使到)</span></span><br><span class="line"> <span class="attribute">add_header</span> Access-Control-Allow-Origin *;</span><br><span class="line"> <span class="attribute">add_header</span> Access-Control-Allow-Headers <span class="string">"Origin, X-Requested-With, Content-Type, Accept"</span>;</span><br><span class="line"> <span class="attribute">add_header</span> Access-Control-Allow-Methods <span class="string">"GET, POST, OPTIONS"</span>;</span><br><span class="line"> </span><br><span class="line"> <span class="comment"># 获取 IP 地址</span></span><br><span class="line"> <span class="section">location</span> / {</span><br><span class="line"> <span class="attribute">default_type</span> application/json;</span><br><span class="line"> <span class="attribute">return</span> <span class="number">200</span> <span class="string">'{"ip":"<span class="variable">$remote_addr</span>"}'</span>;</span><br><span class="line"> <span class="comment"># 若使緊 CDN 请将$remote_addr改为$http_x_forwarded_for</span></span><br><span class="line"> }</span><br><span class="line"> </span><br><span class="line"> <span class="comment"># 证书配置</span></span><br><span class="line"> <span class="attribute">ssl_certificate</span> /root/.acme.sh/<span class="regexp">*.ddnsip.cn</span>/fullchain.cer; </span><br><span class="line"> <span class="attribute">ssl_certificate_key</span> /root/.acme.sh/<span class="regexp">*.ddnsip.cn</span>/<span class="regexp">*.ddnsip.cn.key</span>;</span><br><span class="line"> <span class="attribute">ssl_session_timeout</span> <span class="number">5m</span>;</span><br><span class="line"> <span class="attribute">ssl_protocols</span> TLSv1.<span class="number">1</span> TLSv1.<span class="number">2</span> TLSv1.<span class="number">3</span>; </span><br><span class="line"> <span class="attribute">ssl_ciphers</span> ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; </span><br><span class="line"> <span class="attribute">ssl_prefer_server_ciphers</span> <span class="literal">on</span>;</span><br><span class="line"> }</span><br></pre></td></tr></table></figure><h3 id="获取-IP-纯文本"><a href="#获取-IP-纯文本" class="headerlink" title="获取 IP(纯文本)"></a>获取 IP(纯文本)</h3><figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">server</span> {</span><br><span class="line"> <span class="attribute">listen</span> <span class="number">80</span>;</span><br><span class="line"> <span class="attribute">listen</span> [::]:<span class="number">80</span>;</span><br><span class="line"></span><br><span class="line"> <span class="attribute">listen</span> <span class="number">443</span> ssl http2;</span><br><span class="line"> <span class="attribute">listen</span> [::]:<span class="number">443</span> ssl http2;</span><br><span class="line"></span><br><span class="line"> <span class="comment"># 用以支援 HTTP/3,若所用 Nginx 版本支援 HTTP/3,可去除注释</span></span><br><span class="line"> <span class="comment"># listen 443 http3;</span></span><br><span class="line"> <span class="comment"># listen [::]:443 http3;</span></span><br><span class="line"></span><br><span class="line"> <span class="attribute">server_name</span> ipv4.ddnsip.cn ipv6.ddnsip.cn ddnsip.cn;</span><br><span class="line"></span><br><span class="line"> <span class="comment"># 用以支援 HTTP/3,若所用 Nginx 版本支援 HTTP/3,可去除注释</span></span><br><span class="line"> <span class="comment"># add_header Alt-Svc 'h3=":443"; ma=86400';</span></span><br><span class="line"></span><br><span class="line"> <span class="comment"># HSTS</span></span><br><span class="line"> <span class="attribute">add_header</span> Strict-Transport-Security <span class="string">"max-age=63072000; includeSubdomains; preload"</span>;</span><br><span class="line"> </span><br><span class="line"> <span class="comment"># 获取 IP 地址</span></span><br><span class="line"> <span class="section">location</span> / {</span><br><span class="line"> <span class="attribute">default_type</span> text/plain;</span><br><span class="line"> <span class="attribute">return</span> <span class="number">200</span> <span class="variable">$remote_addr</span>;</span><br><span class="line"> <span class="comment"># 若使用 CDN 请将$remote_addr改为$http_x_forwarded_for</span></span><br><span class="line"> }</span><br><span class="line"> </span><br><span class="line"> <span class="comment"># 证书配置</span></span><br><span class="line"> <span class="attribute">ssl_certificate</span> /root/.acme.sh/<span class="regexp">*.ddnsip.cn</span>/fullchain.cer; </span><br><span class="line"> <span class="attribute">ssl_certificate_key</span> /root/.acme.sh/<span class="regexp">*.ddnsip.cn</span>/<span class="regexp">*.ddnsip.cn.key</span>;</span><br><span class="line"> <span class="attribute">ssl_session_timeout</span> <span class="number">5m</span>;</span><br><span class="line"> <span class="attribute">ssl_protocols</span> TLSv1.<span class="number">1</span> TLSv1.<span class="number">2</span> TLSv1.<span class="number">3</span>; </span><br><span class="line"> <span class="attribute">ssl_ciphers</span> ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; </span><br><span class="line"> <span class="attribute">ssl_prefer_server_ciphers</span> <span class="literal">on</span>;</span><br><span class="line"> }</span><br></pre></td></tr></table></figure><h3 id="获取-UA"><a href="#获取-UA" class="headerlink" title="获取 UA"></a>获取 UA</h3><p>呢啲係额外嘅内容,得閒冇嘢做嘅时候写嘅</p><figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">server</span> {</span><br><span class="line"> <span class="attribute">listen</span> <span class="number">80</span>;</span><br><span class="line"> <span class="attribute">listen</span> [::]:<span class="number">80</span>;</span><br><span class="line"></span><br><span class="line"> <span class="attribute">listen</span> <span class="number">443</span> ssl http2;</span><br><span class="line"> <span class="attribute">listen</span> [::]:<span class="number">443</span> ssl http2;</span><br><span class="line"></span><br><span class="line"> <span class="comment"># 用嚟支持 HTTP/3,如果用緊嗰個 Nginx 版本支持 HTTP/3,可以拎走註解</span></span><br><span class="line"> <span class="comment"># listen 443 http3;</span></span><br><span class="line"> <span class="comment"># listen [::]:443 http3;</span></span><br><span class="line"></span><br><span class="line"> <span class="attribute">server_name</span> ipv4.ddnsip.cn ipv6.ddnsip.cn ddnsip.cn;</span><br><span class="line"></span><br><span class="line"> <span class="comment"># 用嚟支持 HTTP/3,如果用緊嗰個 Nginx 版本支持 HTTP/3,可以拎走註解</span></span><br><span class="line"> <span class="comment"># add_header Alt-Svc 'h3=":443"; ma=86400';</span></span><br><span class="line"></span><br><span class="line"> <span class="comment"># HSTS</span></span><br><span class="line"> <span class="attribute">add_header</span> Strict-Transport-Security <span class="string">"max-age=63072000; includeSubdomains; preload"</span>;</span><br><span class="line"> </span><br><span class="line"> <span class="comment"># 攞 UA(純文字格式,想要 JSON 格式就用注釋咗嗰啲碼)</span></span><br><span class="line"> <span class="section">location</span> / {</span><br><span class="line"> <span class="attribute">default_type</span> text/plain;</span><br><span class="line"> <span class="attribute">return</span> <span class="number">200</span> <span class="variable">$http_user_agent</span>;</span><br><span class="line"> }</span><br><span class="line"></span><br><span class="line"> <span class="comment"># 攞 UA(JSON 格式)</span></span><br><span class="line"> <span class="comment"># location / {</span></span><br><span class="line"> <span class="comment"># default_type application/json;</span></span><br><span class="line"> <span class="comment"># return 200 '{"ua":"$http_user_agent"}';</span></span><br><span class="line"> <span class="comment"># }</span></span><br><span class="line"></span><br><span class="line"> <span class="comment"># SSL 配置</span></span><br><span class="line"> <span class="attribute">ssl_certificate</span> /root/.acme.sh/<span class="regexp">*.ddnsip.cn</span>/fullchain.cer; </span><br><span class="line"> <span class="attribute">ssl_certificate_key</span> /root/.acme.sh/<span class="regexp">*.ddnsip.cn</span>/<span class="regexp">*.ddnsip.cn.key</span>;</span><br><span class="line"> <span class="attribute">ssl_session_timeout</span> <span class="number">5m</span>;</span><br><span class="line"> <span class="attribute">ssl_protocols</span> TLSv1.<span class="number">1</span> TLSv1.<span class="number">2</span> TLSv1.<span class="number">3</span>; </span><br><span class="line"> <span class="attribute">ssl_ciphers</span> ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; </span><br><span class="line"> <span class="attribute">ssl_prefer_server_ciphers</span> <span class="literal">on</span>;</span><br><span class="line"> }</span><br></pre></td></tr></table></figure><h3 id="附言"><a href="#附言" class="headerlink" title="附言"></a>附言</h3><p>睇落好似好複雜噉,係咪懶得寫(/手動狗頭,冇關係,呢度有現成嘅<br>UA: <a href="https://ua.ddnsip.cn/">https://ua.ddnsip.cn</a> 或 <a href="https://ddnsip.cn/ua">https://ddnsip.cn/ua</a> (JSON)<br>IP: <a href="https://ddnsip.cn/">https://ddnsip.cn</a> 或 <a href="https://ddnsip.cn/json">https://ddnsip.cn/json</a><br>IPv4: <a href="https://ipv4.ddnsip.cn/">https://ipv4.ddnsip.cn</a> 或 <a href="https://ddnsip.cn/json">https://ddnsip.cn/json</a><br>IPv6: <a href="https://ipv6.ddnsip.cn/">https://ipv6.ddnsip.cn</a> 或 <a href="https://ipv6.ddnsip.cn/json">https://ipv6.ddnsip.cn/json</a></p><p>Linux底下使用直接睇下面鏈接入面嘅說明:<br><a href="https://www.ddnsip.cn/">https://www.ddnsip.cn</a></p><p>閒嘅冇嘢搞咗個查IP歸屬嘅(唔保證穩定同準確):<br><a href="https://ip.ddnsip.cn/">https://ip.ddnsip.cn/</a></p>]]></content>
<summary type="html"><blockquote>
<p>本文將介紹點样利用純 Nginx 搭建 IP 地址查詢接口(只查詢 IP 地址,唔查詢 IP 歸屬地),如果有查詢 IP 歸屬地嘅需求,可以參考另一位大佬嘅一篇文章 <a href="https://www.rehiy.com/post/467/"</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="Nginx" scheme="https://yjz.hk/tags/Nginx/"/>
<category term="建站" scheme="https://yjz.hk/tags/%E5%BB%BA%E7%AB%99/"/>
</entry>
<entry>
<title>騰訊雲建站 CloudPages 記錄(編輯網站)</title>
<link href="https://yjz.hk/articles/20230227.html"/>
<id>https://yjz.hk/articles/20230227.html</id>
<published>2023-02-27T02:35:33.000Z</published>
<updated>2023-02-27T02:35:33.000Z</updated>
<content type="html"><![CDATA[<blockquote><p>呢篇係编辑网站操作记录,完整嘅流程请参考 <a href="https://cloud.tencent.com/developer/article/2229893">腾讯云建站 CloudPages 快速构建您嘅企业网站</a>,等有时间再录个视频哈哈哈哈。</p></blockquote><h2 id="操作记录"><a href="#操作记录" class="headerlink" title="操作记录"></a>操作记录</h2><h3 id="清空全部页面同区块"><a href="#清空全部页面同区块" class="headerlink" title="清空全部页面同区块"></a>清空全部页面同区块</h3><p>因为冇适合笔者嘅模板,所以笔者选择咗清空全部页面同区块,跟住自己从头开始搭建。<br><img src="https://resources.r2wind.com/img/202302/20230227150447.png" alt="清空全部页面同区块"></p><blockquote><p>各种删删删,清空为止~</p></blockquote><h3 id="加区块改内容"><a href="#加区块改内容" class="headerlink" title="加区块改内容"></a>加区块改内容</h3><h3 id="编辑导航栏"><a href="#编辑导航栏" class="headerlink" title="编辑导航栏"></a>编辑导航栏</h3><p>更改logo,网站名称,同埋导航栏嘅菜单。<br><img src="https://resources.r2wind.com/img/202302/20230227154019.png" alt="编辑导航栏"></p><h3 id="加banner区块"><a href="#加banner区块" class="headerlink" title="加banner区块"></a>加banner区块</h3><p>页面总要有个头图,唔係总觉得有啲怪,所以我们加咗个 banner 区块,跟住替换内容就得嘞。</p><p>点击加区块,选择图文通栏,同埋根据自己嘅需要选择适合嘅版式:<br><img src="https://resources.r2wind.com/img/202302/20230227154659.png" alt="添加banner区块"></p><p>加好之后根据自己需要改区块内容同样式:<br><img src="https://resources.r2wind.com/img/202302/20230227160219.png" alt="修改banner区块"></p><h3 id="加介绍区块"><a href="#加介绍区块" class="headerlink" title="加介绍区块"></a>加介绍区块</h3><p>设定作 Banner之后就可以加各种版块用来介绍,冇咩特别限制,根据自己需要嚟。<br>我揀咗个功能特性嘅区块:<br><img src="https://resources.r2wind.com/img/202302/20230227161412.png" alt="添加介绍区块"></p><p>跟住编辑区块内容:<br><img src="https://resources.r2wind.com/img/202302/20230227163447.png" alt="编辑介绍区块"></p><h3 id="编辑页尾"><a href="#编辑页尾" class="headerlink" title="编辑页尾"></a>编辑页尾</h3><p>加完介绍区块之后我们就要开始编辑页尾啦,页尾内容可以根据自己需要嚟,我呢度简单嘅设定下联系方式等<br><img src="https://resources.r2wind.com/img/202302/20230227182022.png" alt="编辑页尾"></p><h3 id="加页面"><a href="#加页面" class="headerlink" title="加页面"></a>加页面</h3><p>一般来讲个页面肯定唔够用,所以我们要额外加下,加页面嘅话就比较简单啦,直接点击加页面,跟住根据自己需要加就得嘞,呢度我加咗个页面用做表单:<br><img src="https://resources.r2wind.com/img/202302/20230227182022.png" alt="添加页面"></p><p>根据自己需要设定下页面嘅标题,同路径,特别系路径,唔建议用系统默认嘅:<br><img src="https://resources.r2wind.com/img/202302/20230227192235.png" alt="设置页面"></p><p>加完之后我们重复刚刚步骤,先设好banner,跟住加表单区块:<br><img src="https://resources.r2wind.com/img/202302/20230227193647.png" alt="添加表单区块"></p><p>表单样式看起来都一样,所以揀边个其实差别唔大喇,加好之后根据我们自己需要设定关联问题:<br><img src="https://resources.r2wind.com/img/202302/20230227195639.png" alt="设置表单区块"></p><blockquote><p>到此笔者整完咗自己网站,大概用咗一个半小时,大家实际搭建嘅时候好多内容并唔系现成嘅,所以耗时可能会更长,一定要有耐心哦~</p></blockquote>]]></content>
<summary type="html"><blockquote>
<p>呢篇係编辑网站操作记录,完整嘅流程请参考 <a href="https://cloud.tencent.com/developer/article/2229893">腾讯云建站 CloudPages 快速构建您嘅企业网站</a>,等有时间再录个视频</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="DNSPod" scheme="https://yjz.hk/tags/DNSPod/"/>
<category term="騰訊雲建站 CloudPages" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2%E5%BB%BA%E7%AB%99-CloudPages/"/>
</entry>
<entry>
<title>點樣創建個性化嘅DNS服務器地址(用自己嘅域名做DNS服務器地址)</title>
<link href="https://yjz.hk/articles/20230208.html"/>
<id>https://yjz.hk/articles/20230208.html</id>
<published>2023-02-08T12:45:00.000Z</published>
<updated>2024-05-07T14:00:43.570Z</updated>
<content type="html"><![CDATA[<blockquote><p>分类写成教程了,其实就是闲谈,平时我们如果注意观察嘅话就会发现成日唔少大厂域名嘅DNS都比较有个性,比如qq.com呢个域名嘅DNS服务器系NS1.QQ.COM——NS4.QQ.COM,而我们自己嘅DNS服务器基本上就系千篇一律嘅f1g1ns1.dnspod.net/xxx.dnspod.net/dns(1-32).hichina.com/ns(1-8).alidns.com等等,噉点样用自己嘅域名做域名DNS服务器地址令我们嘅域名服务器看起上嚟更加个性化呢?答案就系贴牌(当然有能力你都可以自建)。<br>所谓贴牌DNS就系使用解析厂商提供嘅解析服务,但系DNS服务器嘅域名,换成你自己嘅,呢个东西叫法比较多,包括似系:贴牌DNS/Vanity Nameservers/DNS Branding/Custom Nameservers/white-label name servers等等,我比较喜欢Vanity Nameservers呢个名称,直译过嚟就系“虚荣嘅域名服务器”,满足自己嘅虚荣心哈哈哈(开个玩笑),呢个东西对一般人来讲其实冇咩用,不过如果你系域名代理商、云厂商呢种唔想自建DNS服务又想给用户提供解析搞个还系可以嘅,当然如果你有能力自建DNS服务嘅话,噉就更加好了。</p></blockquote><h2 id="前提条件"><a href="#前提条件" class="headerlink" title="前提条件"></a>前提条件</h2><ul><li>域名:呢个域名咩后缀都得,但注册商必须支持加DNS host(Glue record),国内我试过嘅有腾讯云同阿里,其他厂商唔太清楚(厂商基本上都有呢个能力,但系能唔能自助注册就系另一个问题喇),国外嘅话大多数都支持。</li><li>解析服务商:唔需要睇厂商本身系唔系支持贴牌DNS,但解析厂商需要满足以下条件:第一点,支持设置SOA同NS记录(首先可以排除DNSPod、Azure dns 同阿里云,甚至国内大部分嘅域名解析服务商喇),第二点,唔指向呢个厂商嘅DNS服务器厂商唔会把你解析停咗嘅。满足上面嗰两个条件嘅国内似乎太少喇(之前有华为云),国外嘅话还系挺多嘅,比如CloudNS、Route53、NS1、GCP DNS等等,当然除咗呢啲之外还有好多其他嘅厂商都支持,呢度就唔过多赘述喇。</li></ul><h2 id="操作步骤"><a href="#操作步骤" class="headerlink" title="操作步骤"></a>操作步骤</h2><blockquote><p>本来想以华为云为例写个详细教程嘅,写教程嘅时候发现华为云唔支持设置SOA喇,既然噉就只写流程啦。</p></blockquote><h3 id="找解析服务商"><a href="#找解析服务商" class="headerlink" title="找解析服务商"></a>找解析服务商</h3><p>按照上面嘅条件找一家解析服务商:</p><ol><li>支持设置SOA同NS记录<br>满足呢两个条件嘅国内厂商基本冇喇,似系阿里云、腾讯云DNSPod、华为云都仅支持设置NS记录,唔支持设置SOA(唔支持设置SOA好似也冇咩大问题),其中腾讯云设置NS记录还要通过API,唔能够直接操作,建议大家去国外搵搵,大多数都支持,我个人用嘅系cloudNS。<br>2.唔指向呢个厂商嘅DNS服务器厂商唔会把你解析停咗嘅<br>比如腾讯云DNSPod免费版,长时间唔指向佢哋嘅DNS服务器就会暂停解析,我们打造自己品牌嘅名称服务器肯定唔会指向佢哋嘅,噉呢种就唔得喇。</li></ol><h3 id="在解析服务商加域名"><a href="#在解析服务商加域名" class="headerlink" title="在解析服务商加域名"></a>在解析服务商加域名</h3><p>把域名加入到你选择嘅解析服务商平台,并记录下解析服务商比你分配嘅DNS服务器地址,比如谷歌比我嘅系ns-cloud-c1.googledomains.com,ns-cloud-c2.googledomains.com,ns-cloud-c3.googledomains.com,ns-cloud-c4.googledomains.com。</p><h3 id="获取服务商提供嘅DNS服务器对应嘅IP地址"><a href="#获取服务商提供嘅DNS服务器对应嘅IP地址" class="headerlink" title="获取服务商提供嘅DNS服务器对应嘅IP地址"></a>获取服务商提供嘅DNS服务器对应嘅IP地址</h3><p>喺呢度我们需要获取服务商提供嘅DNS服务器对应嘅IP地址,刚刚已经叫大家记住咗原本嘅NS记录,现在我们需要获取服务商提供嘅DNS服务器对应嘅IP地址,比如上面Google Cloud DNS比我嘅系ns-cloud-c1.googledomains.com,ns-cloud-c2.googledomains.com,ns-cloud-c3.googledomains.com,ns-cloud-c4.googledomains.com,噉我们就需要获取呢四个DNS服务器对应嘅IP地址,喺呢度我们可以用nslookup命令嚟获取,举个例子:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line">rttw@Kincaid:~$ nslookup ns-cloud-c1.googledomains.com</span><br><span class="line">Server: 192.168.160.1</span><br><span class="line">Address: 192.168.160.1<span class="comment">#53</span></span><br><span class="line"></span><br><span class="line">Non-authoritative answer:</span><br><span class="line">Name: ns-cloud-c1.googledomains.com</span><br><span class="line">Address: 216.239.32.108</span><br><span class="line">Name: ns-cloud-c1.googledomains.com</span><br><span class="line">Address: 2001:4860:4802:32::6c</span><br><span class="line"></span><br><span class="line">rttw@Kincaid:~$ nslookup ns-cloud-c2.googledomains.com</span><br><span class="line">Server: 192.168.160.1</span><br><span class="line">Address: 192.168.160.1<span class="comment">#53</span></span><br><span class="line"></span><br><span class="line">Non-authoritative answer:</span><br><span class="line">Name: ns-cloud-c2.googledomains.com</span><br><span class="line">Address: 216.239.34.108</span><br><span class="line">Name: ns-cloud-c2.googledomains.com</span><br><span class="line">Address: 2001:4860:4802:34::6c</span><br></pre></td></tr></table></figure><h3 id="去域名注册商添-DNS-host(Glue-Record)"><a href="#去域名注册商添-DNS-host(Glue-Record)" class="headerlink" title="去域名注册商添 DNS host(Glue Record)"></a>去域名注册商添 DNS host(Glue Record)</h3><p>我哋刚刚已经攞到咗服务商提供嘅 DNS 服务器对应嘅 IP 地址,而家我们用呢啲 IP 地址来添 DNS host(Glue Record):<br>添加 DNS host(Glue Record)嘅方法喺度唔会介绍,大家自己去睇吓啱啱嘅域名注册商嘅文档吧,下面系腾讯云和阿里云嘅添文档:<br>腾讯云: <a href="https://cloud.tencent.com/document/product/242/54158">https://cloud.tencent.com/document/product/242/54158</a><br>阿里云: <a href="https://help.aliyun.com/document_detail/59949.html">https://help.aliyun.com/document_detail/59949.html</a><br>示例图:<br><img src="https://resources.r2wind.com/img/202302/20230208200842.png" alt="添 DNS Host"></p><p><strong>留意:最少要有两组 DNS 服务器,比如作者想用嘅系 ns1.vanitydns.com同ns2.vanitydns.com,把上头攞到嘅 IP 地址平分到呢两组 DNS host 就得咯。</strong></p><blockquote><p>图文入面嘅域名同 IP 唔配套,大家唔使理,只系举个例子</p></blockquote><h3 id="去解析服务商度为名称服务器添-A-同-AAAA-记录"><a href="#去解析服务商度为名称服务器添-A-同-AAAA-记录" class="headerlink" title="去解析服务商度为名称服务器添 A 同 AAAA 记录"></a>去解析服务商度为名称服务器添 A 同 AAAA 记录</h3><p>喺呢度我哋要去解析服务商度为名称服务器添 A 同 AAAA 记录,比如作者嘅系 ns1.vanitydns.com同ns2.vanitydns.com,噉我哋就要去解析服务商度为呢两个名称服务器添 A 同 AAAA 记录指向 DNS 服务器 IP 地址,留意喺度指向 DNS 服务器 IP 地址设置嘅要同之前添 DNS host(Glue Record)嘅 IP 地址一致,比如作者设置 DNS host 时:<br>ns1.vanitydns.com 指向 1.12.34.55,1.12.34.56,2402:4e00::1<br>ns2.vanitydns.com 指向 1.23.34.57,1.12.34.58,2402:4e00::2<br>噉喺去解析服务商度为呢两个名称服务器添 A 同 AAAA 记录,同上头 host 保持一致:<br>ns1.vanitydns.com. 3600 IN A 1.12.34.55<br>ns1.vanitydns.com. 3600 IN A 1.12.34.56<br>ns1.vanitydns.com. 3600 IN AAAA 2402:4e00::1<br>ns2.vanitydns.com. 3600 IN A 1.23.34.57<br>ns2.vanitydns.com. 3600 IN A 1.23.34.58<br>ns2.vanitydns.com. 3600 IN AAAA 2402:4e00::2</p><h3 id="修改-NS-同-SOA-记录"><a href="#修改-NS-同-SOA-记录" class="headerlink" title="修改 NS 同 SOA 记录"></a>修改 NS 同 SOA 记录</h3><p>添咗解析之后喺解析服务商度修改 NS 同 SOA 记录,NS 记录指嘅系你自定义名称服务器,好似笔者嘅系NS1.VANITYDNS.COM同NS2.VANITYDNS.COM,噉就把 NS 记录嘅值改做呢两个,留意 TTL 尽量设嘅长啲,好似 3600-86400,SOA 记录主要留意修改主 NS 服务器同电邮地址,其他嘅可以唔使理,好似笔者嘅系:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vanitydns.com. 300 IN SOA ns1.vanitydns.com. admin.vanitydns.com. 2023020601 3600 180 1209600 300</span><br></pre></td></tr></table></figure><p>当中 300 係 TTL,ns1.vanitydns.com 係主 NS 服务器,admin.vanitydns.com 係电子邮件地址,2023020601 係序列号,3600 係刷新时间,180 係重试时间,1209600 係过期时间,300 係最小 TTL。需要改嘅就只有主 NS 服务器同电子邮件地址,其他嘅可以唔使理。<br>听落可能有啲难明,放个修改示例嘅截图啦:<br>呢个系笔者用嘅 cloudNS,修改示例:<br><img src="https://resources.r2wind.com/img/202302/20230208172725.png" alt="修改示例1"></p><p>呢个系Google Cloud DNS,修改示例:<br><img src="https://resources.r2wind.com/img/202302/20230208173058.png" alt="修改示例2"></p><blockquote><p>PS:喺 DNS 记录当中,电子邮件地址中嘅 @ 符号需要用 . 来代替。系唔系有同学仲想问主名称服务器系咩嘢,假如你想自定义嘅 NS 系 ns1.vanitydns.com 同 ns2.vanitydns.com,噉 ns1.vanitydns.com 就系主名称服务器,ns2.vanitydns.com 就系备用名称服务器。(明白嘅自然明白,唔明白跟住做就得)</p></blockquote><h3 id="修改域名-DNS-服务器"><a href="#修改域名-DNS-服务器" class="headerlink" title="修改域名 DNS 服务器"></a>修改域名 DNS 服务器</h3><p>完成上述所有步骤之后,你就可以改域名嘅 DNS 服务器地址做自己个嘅,点改就要参考下你域名服务商提供嘅帮助文件。<br><em><strong>改好之后就可以睇效果啦:</strong></em></p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line">rttw@Kincaid:~$ whois vanitydns.com</span><br><span class="line"> Domain Name: VANITYDNS.COM</span><br><span class="line"> Registry Domain ID: 2754575975_DOMAIN_COM-VRSN</span><br><span class="line"> Registrar WHOIS Server: whois.google.com</span><br><span class="line"> Registrar URL: http://domains.google.com</span><br><span class="line"> Updated Date: 2023-01-29T07:52:29Z</span><br><span class="line"> Creation Date: 2023-01-29T00:16:12Z</span><br><span class="line"> Registry Expiry Date: 2024-01-29T00:16:12Z</span><br><span class="line"> Registrar: Google LLC</span><br><span class="line"> Registrar IANA ID: 895</span><br><span class="line"> Registrar Abuse Contact Email: [email protected]</span><br><span class="line"> Registrar Abuse Contact Phone: +1.8772376466</span><br><span class="line"> Domain Status: clientTransferProhibited https://icann.org/epp<span class="comment">#clientTransferProhibited</span></span><br><span class="line"> Name Server: NS1.VANITYDNS.COM</span><br><span class="line"> Name Server: NS2.VANITYDNS.COM</span><br><span class="line"> DNSSEC: signedDelegation</span><br><span class="line"> DNSSEC DS Data: 49548 13 2 D6D5E60B35B2F10CA1052FAA6045E0BC0B201D46547AC3ED1DF5FC9A797BAD0A</span><br><span class="line"> URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/</span><br><span class="line">>>> Last update of whois database: 2023-02-08T12:31:14Z <<<</span><br></pre></td></tr></table></figure><h2 id="常見問題"><a href="#常見問題" class="headerlink" title="常見問題"></a>常見問題</h2><ol><li>睇完之後覺得有啲懵?<br>確實,呢篇文章寫嘅有啲唔啱小白,遇到任何問題發電郵或者前往<a href="https://github.com/KincaidYang/r2w-cn"> GitHub 倉庫</a>提 issue 都得。</li><li>更改 DNS 伺服器失敗?<br>睇嚟大概係底下嘅樣子,如果您係騰訊雲註冊嘅域名,可以喺騰訊雲域名控制台搵到“技術交流群”點擊掃碼加群尋求幫助,其他域名服務商可以俾筆者發電郵或者前往 <a href="https://github.com/KincaidYang/r2w-cn">Github 倉庫</a>提 issue。<br><img src="https://resources.r2wind.com/img/202302/20230208203817.png" alt="修改失敗"></li></ol>]]></content>
<summary type="html"><blockquote>
<p>分类写成教程了,其实就是闲谈,平时我们如果注意观察嘅话就会发现成日唔少大厂域名嘅DNS都比较有个性,比如qq.com呢个域名嘅DNS服务器系NS1.QQ.COM——NS4.QQ.COM,而我们自己嘅DNS服务器基本上就系千篇一律嘅f1g1ns1.d</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="解析" scheme="https://yjz.hk/tags/%E8%A7%A3%E6%9E%90/"/>
</entry>
<entry>
<title>使用华為雲DNS拉平CNAME記錄(CDN場景)</title>
<link href="https://yjz.hk/articles/20230109.html"/>
<id>https://yjz.hk/articles/20230109.html</id>
<published>2023-01-09T04:29:50.000Z</published>
<updated>2023-05-10T12:29:50.000Z</updated>
<content type="html"><![CDATA[<blockquote><p>接上一篇文章<a href="https://r2wind.com/articles/20230108.html">使用 DNSPod 拉平 CNAME 記錄(CDN 場景)</a>呢篇文章將介紹如何使用華為雲 DNS 拉平 CNAME 記錄(CDN 場景)。</p></blockquote><h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><p>本文將指導您如何使用華為雲 DNS 的 API 實現拉平 CNAME 記錄,以解決相關記錄衝突嘅問題。</p><h2 id="方法說明"><a href="#方法說明" class="headerlink" title="方法說明"></a>方法說明</h2><p>唔再重複說明咗,如有興趣請看<a href="https://r2wind.com/articles/20230108.html#%E6%96%B9%E6%B3%95%E8%AA%AA%E6%98%8E">使用 DNSPod 拉平 CNAME 記錄(CDN 場景)</a></p><h2 id="前提條件"><a href="#前提條件" class="headerlink" title="前提條件"></a>前提條件</h2><ul><li>域名解析託管在華為雲 DNS</li></ul><h2 id="項目地址"><a href="#項目地址" class="headerlink" title="項目地址"></a>項目地址</h2><p><a href="https://github.com/KincaidYang/CNAMEFlattening">https://github.com/KincaidYang/CNAMEFlattening</a></p><h2 id="操作步驟"><a href="#操作步驟" class="headerlink" title="操作步驟"></a>操作步驟</h2><h3 id="获取腳本"><a href="#获取腳本" class="headerlink" title="获取腳本"></a>获取腳本</h3><h4 id="Flame-版本"><a href="#Flame-版本" class="headerlink" title="Flame 版本"></a>Flame 版本</h4><p>該版本適用於騰訊雲 CDN、華為雲 CDN<br>IPv4 腳本:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget https://dl.r2wind.com/script/CNAMEFlattening/HuaweiCloud/Flame/Huaweicloud-Flame-IPv4.py</span><br></pre></td></tr></table></figure><p>IPv6 腳本:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget https://dl.r2wind.com/script/CNAMEFlattening/HuaweiCloud/Flame/Huaweicloud-Flame-IPv6.py</span><br></pre></td></tr></table></figure><h4 id="Frost-版本"><a href="#Frost-版本" class="headerlink" title="Frost 版本"></a>Frost 版本</h4><p>該版本適用於騰訊雲 EdgeOne、阿里雲 CDN、天翼雲 CDN<br>IPv4 腳本:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget https://dl.r2wind.com/script/CNAMEFlattening/HuaweiCloud/Frost/Huaweicloud-Frost-IPv4.py</span><br></pre></td></tr></table></figure><p>IPv6 腳本:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget https://dl.r2wind.com/script/CNAMEFlattening/HuaweiCloud/Frost/Huaweicloud-Frost-IPv6.py</span><br></pre></td></tr></table></figure><h4 id="使用-git-clone-命令下載腳本"><a href="#使用-git-clone-命令下載腳本" class="headerlink" title="#### 使用 git clone 命令下載腳本"></a>#### 使用 git clone 命令下載腳本</h4><p>使用 git clone 命令:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git <span class="built_in">clone</span> https://github.com/KincaidYang/CNAMEFlattening.git</span><br></pre></td></tr></table></figure><h3 id="配置變量"><a href="#配置變量" class="headerlink" title="配置變量"></a>配置變量</h3><p>打開腳本,根據腳本提示修改如下變量。</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 配置參數</span></span><br><span class="line"><span class="comment"># domanin替換為自己嘅域名,例如'example.com'或者'example.cn'</span></span><br><span class="line">domain=<span class="string">''</span></span><br><span class="line"><span class="comment"># sub_domain替換為自己嘅主機記錄或者域名前綴,例如'www'或者'dl'如果係根域名則寫'@'或者留空</span></span><br><span class="line">subdomain=<span class="string">''</span></span><br><span class="line"><span class="comment"># CDNCNAME請替換為CDN提供嘅CNAME地址,例如'r2wind.com.cdn.qcloudcdn.cn'或者'r2wind.com.cdn.dnsv1.com'</span></span><br><span class="line">CDNCNAME=<span class="string">''</span></span><br><span class="line"><span class="comment"># ak請替換為自己嘅華為雲Access Key Id,可以前往https://console.huaweicloud.com/iam/?locale=zh-cn#/mine/accessKey 攞到</span></span><br><span class="line">ak=<span class="string">'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'</span></span><br><span class="line"><span class="comment"># sk請替換為自己嘅華為雲Secret Access Key,可以前往https://console.huaweicloud.com/iam/?locale=zh-cn#/mine/accessKey 攞到</span></span><br><span class="line">sk=<span class="string">'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'</span></span><br><span class="line"><span class="comment"># URL為 DNSPod DOH接口地址,用嚟攞CDN實時解析情況,可以自行替換</span></span><br><span class="line">DoH=<span class="string">'https://1.12.12.12/resolve'</span></span><br><span class="line"><span class="comment"># 記錄類型("A"表示IPv4,"AAAA"表示IPv6)</span></span><br><span class="line">record_type=<span class="string">'A'</span></span><br><span class="line"><span class="comment"># ttl為解析記錄生存時間,單位係秒,可以自行修改</span></span><br><span class="line">TTL=<span class="number">120</span></span><br></pre></td></tr></table></figure><p>本站示例配置</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 配置参数</span></span><br><span class="line"><span class="comment"># domanin 替換為自己嘅域名,好似 'example.com' 或者 'example.cn'</span></span><br><span class="line">domain=<span class="string">'dnstest.work'</span></span><br><span class="line"><span class="comment"># sub_domain 替換為自己嘅主機記錄或者域名前綴,好似 'www' 或者 'dl' 如果系根域名就寫 '@' 或者留空</span></span><br><span class="line">subdomain=<span class="string">'@'</span></span><br><span class="line"><span class="comment"># CDNCNAME 請替換為CDN提供嘅CNAME地址,好似 'r2wind.com.cdn.qcloudcdn.cn' 或者 'r2wind.com.cdn.dnsv1.com'</span></span><br><span class="line">CDNCNAME=<span class="string">'r2wind.com.cdn.qcloudcdn.cn'</span></span><br><span class="line"><span class="comment"># ak 請替換為自己嘅華為雲Access Key Id,可以前往 https://console.huaweicloud.com/iam/?locale=zh-cn#/mine/accessKey 攞到</span></span><br><span class="line">ak=<span class="string">'BHHDNAIOTBZGJZSU92ZE'</span></span><br><span class="line"><span class="comment"># sk 請替換為自己嘅華為雲Secret Access Key,可以前往 https://console.huaweicloud.com/iam/?locale=zh-cn#/mine/accessKey 攞到</span></span><br><span class="line">sk=<span class="string">'HigvKrrmvasu8e8NpGXvdgTsd5xvV0txmL7ErVdk'</span></span><br><span class="line"><span class="comment"># URL為 DNSPod DOH介面地址,用咗攞CDN實時解析情況,可以自行替換</span></span><br><span class="line">DoH=<span class="string">'https://1.12.12.12/resolve'</span></span><br><span class="line"><span class="comment"># 記錄類型("A"係IPv4,"AAAA"係IPv6)</span></span><br><span class="line">record_type=<span class="string">'A'</span></span><br><span class="line"><span class="comment"># ttl為解析記錄生存時間,單位為秒,可以自行修改</span></span><br><span class="line">TTL=<span class="number">120</span></span><br></pre></td></tr></table></figure><blockquote><p>说明:<br>若觉得下方用于 ECS 协议的 IP 子网存在问题,可自行修改。</p></blockquote><h3 id="安装依赖"><a href="#安装依赖" class="headerlink" title="安装依赖"></a>安装依赖</h3><p>脚本使用 Python3(一般镜像都会预装 Python3)、requests 库、华为云DNS SDK 若未安装请执行以下命令安装。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># CentOS/RedHat:</span></span><br><span class="line">yum install python3</span><br><span class="line">pip3 install requests</span><br><span class="line">pip3 install huaweicloudsdkdns</span><br><span class="line"><span class="comment"># Debian/Ubuntu:</span></span><br><span class="line">apt install python3</span><br><span class="line">pip3 install requests</span><br><span class="line">pip3 install huaweicloudsdkdns</span><br></pre></td></tr></table></figure><blockquote><p>说明:<br>喺某啲系统下可能要將 pip3 替換做 pip。</p></blockquote><h3 id="导入记录"><a href="#导入记录" class="headerlink" title="导入记录"></a>导入记录</h3><p>使用前请您前往<a href="https://console.huaweicloud.com/dns/?locale=zh-cn#/dns/publiczones">华为云 DNS 控制台</a>添加或使用下方模板导入记录,否则脚本无咩正常运行。</p><h4 id="下载记录模板"><a href="#下载记录模板" class="headerlink" title="下载记录模板"></a>下载记录模板</h4><p>IPv4模板:<a href="https://dl.r2wind.com/template/HuaweicloudDNS-IPv4.xlsx">https://dl.r2wind.com/template/HuaweicloudDNS-IPv4.xlsx</a><br>IPv6模板:<a href="https://dl.r2wind.com/template/HuaweicloudDNS-IPv6.xlsx">https://dl.r2wind.com/template/HuaweicloudDNS-IPv6.xlsx</a></p><blockquote><p>说明:<br>导入之前请自己改吓模板裏面嘅域名,模板裏面嘅域名系域名前缀,似’www’噉嘅,根域名请留空。<br>导入之前请自己改吓模板裏面嘅记录值为当前 CDN 节点 IP,唔系嘅话会影响域名正常访问。(节点 IP 可以通过nslookup查询CDN CNAME地址获取)<br>若系要导入嘅记录之前喺控制台加过,请删咗原有记录之后再导入。</p></blockquote><h4 id="导入记录-1"><a href="#导入记录-1" class="headerlink" title="导入记录"></a>导入记录</h4><ol><li>登入<a href="https://console.huaweicloud.com/dns/?locale=zh-cn#/dns/publiczones">华为云 DNS 控制台</a>。</li><li>点击对应嘅域名</li><li>切换到<strong>批量导入/导出</strong>选项卡,点击<strong>批量导入</strong>上传模板</li><li>等导入完成,留意吓导入结果,如果有导入失败嘅记录,睇吓嘅咩原因修正之后手动加记录,唔好重复导入。</li></ol><h3 id="调试脚本"><a href="#调试脚本" class="headerlink" title="调试脚本"></a>调试脚本</h3><p>请先喺本地使用编辑器(好似VScode)调试脚本,如果调试成功嘅话就可以继续部署。<br>如果脚本正常运行,您会睇到类似下面嘅输出:</p><h3 id="部署脚本"><a href="#部署脚本" class="headerlink" title="部署脚本"></a>部署脚本</h3><h3 id="部署运行"><a href="#部署运行" class="headerlink" title="部署运行"></a>部署运行</h3><p>脚本使嘅系 cron 定时运行,所以您需要安装 cron。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># CentOS/RHEL</span></span><br><span class="line">yum install cronie</span><br><span class="line"><span class="comment"># Debian/Ubuntu</span></span><br><span class="line">apt install cron</span><br></pre></td></tr></table></figure><p>安装完成之后,你需要编辑crontab文件,加入定时任务。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">crontab -e</span><br></pre></td></tr></table></figure><p>喺 crontab 文件入面加入如下內容:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">*/5 * * * * python3 /root/HuaweicloudDNSCDN-IPv4.py</span><br></pre></td></tr></table></figure><blockquote><p>说明:<br>呢个配置每5分钟运行一次,你可以按自己需要去改。<br>请将/root/HuaweicloudDNSCDN-IPv4.py 替换成你个脚本路径。<br>如果你用緊IPv6个脚本,请将上述内容替换成 */5 * * * * python3 /root/HuaweicloudDNSCDN-IPv6.py</p></blockquote><h3 id="验證效果"><a href="#验證效果" class="headerlink" title="验證效果"></a>验證效果</h3><p>你可以喺<a href="https://console.huaweicloud.com/dns/?locale=zh-cn#/dns/publiczones">華為雲 DNS 控制台</a>檢查對應域名嘅相關記錄,若記錄值已經更新為 CDN 節點 IP,咁就表示腳本運行成功。</p><h2 id="問題反饋"><a href="#問題反饋" class="headerlink" title="問題反饋"></a>問題反饋</h2><p>若您喺使用過程中遇到任何問題,歡迎您提交 <a href="https://github.com/KincaidYang/CNAMEFlattening/issues">Issue</a>。</p>]]></content>
<summary type="html"><blockquote>
<p>接上一篇文章<a href="https://r2wind.com/articles/20230108.html">使用 DNSPod 拉平 CNAME 記錄(CDN 場景)</a>呢篇文章將介紹如何使用華為雲 DNS 拉平 CNAME 記錄(CD</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="解析" scheme="https://yjz.hk/tags/%E8%A7%A3%E6%9E%90/"/>
<category term="作品集" scheme="https://yjz.hk/tags/%E4%BD%9C%E5%93%81%E9%9B%86/"/>
<category term="華為雲" scheme="https://yjz.hk/tags/%E8%8F%AF%E7%82%BA%E9%9B%B2/"/>
</entry>
<entry>
<title>使用 DNSPod 扁平化 CNAME 記錄(CDN 場景)</title>
<link href="https://yjz.hk/articles/20230108.html"/>
<id>https://yjz.hk/articles/20230108.html</id>
<published>2023-01-08T04:29:50.000Z</published>
<updated>2023-05-10T12:29:50.000Z</updated>
<content type="html"><![CDATA[<blockquote><p>由於 CNAME 與任何記錄都衝突的特性,在根域(@)下添加 CNAME 記錄指向 CDN(或其他服務)會導致 mx(郵箱記錄)、TXT(一些站長驗證)、DS 等常用記錄衝突等且多級 CNAME 會導致解析性能下降等問題,所以拉平是一個很不錯的解決方案。但目前 DNSPod 並沒有提供拉平的功能,所以需要自己寫腳本調用 API 實現。(本文以腾讯云 CDN 為例,但是其他 CDN 服務商也可以使用,替換腳本裡面的 CNAME 域名即可。)</p></blockquote><p>PS:自2019年1月接觸互聯網行業以來一直在做運營相關的工作,本身也不是學計算機相關專業的,代碼寫的可能不是很好,歡迎大佬們指正。</p><h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><p>本文將指導您如何使用 DNSPod 的 API 實現拉平 CNAME 記錄,以解決相關記錄衝突的問題。(以腾讯云 CDN 為例)</p><h2 id="前提條件"><a href="#前提條件" class="headerlink" title="前提條件"></a>前提條件</h2><p>域名解析托管在腾讯云 DNSPod。<br>域名已綁定企業版或更高版本套餐</p><h2 id="方法說明"><a href="#方法說明" class="headerlink" title="方法說明"></a>方法說明</h2><h3 id="流程圖"><a href="#流程圖" class="headerlink" title="流程圖"></a>流程圖</h3><p><img src="https://resources.r2wind.com/img/202301/DNSPodFlattening.png" alt="流程圖"><br>實現嘅方法大體如上圖所示,獲取 CDN 在 31 個省份三大運營商嘅調度結果,然後將調度結果更新到 DNSPod 上。</p><h3 id="相關說明"><a href="#相關說明" class="headerlink" title="相關說明"></a>相關說明</h3><ul><li>因本人海外訪問全部由 Cloudflare 提供服務,且由於服務 IP 基本固定,故本腳本中未考慮海外使用 CDN 嘅情況,如果 CDN 有海外節點,可以喺腳本中自行添加海外 CDN 調度部分。</li><li>需要企業版或更高版本套餐嘅原因係因為從企業版開始先支持分省分運營商解析調度。(或許有時間寫個華為雲 DNS 嘅)</li><li>考慮 CDN 存在多級 CNAME 嘅情況,本腳本從 DoH 获取嘅調度結果第二個 “data” 先開始取值,由於 CDN 每次返回嘅 IP 數量唔一,僅取兩個 IP,能滿足目前大部分 CDN 嘅情況,當然唔排除有啲 CDN 存在多級 CNAME 嘅情況,呢種情況下需要自行修改腳本。</li><li>考慮到並非所有人都開啟咗 IPv6,故本腳本分為 IPv4 和 IPv6 兩個版本,您可根據自身情況選擇使用。</li></ul><h3 id="腳本"><a href="#腳本" class="headerlink" title="腳本"></a>腳本</h3><h4 id="項目地址"><a href="#項目地址" class="headerlink" title="項目地址"></a>項目地址</h4><p>GitHub 地址:<a href="https://github.com/KincaidYang/CNAMEFlattening">https://github.com/KincaidYang/CNAMEFlattening</a></p><h4 id="Flame-版本"><a href="#Flame-版本" class="headerlink" title="Flame 版本"></a>Flame 版本</h4><p>該版本適用於騰訊雲 CDN、華為雲 CDN<br>直接下載(IPv4 腳本):<a href="https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Flame/DNSPod-Flame-IPv4.py">https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Flame/DNSPod-Flame-IPv4.py</a><br>直接下載(IPv6 腳本):<a href="https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Flame/DNSPod-Flame-IPv6.py">https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Flame/DNSPod-Flame-IPv6.py</a></p><h4 id="Frost-版本"><a href="#Frost-版本" class="headerlink" title="Frost 版本"></a>Frost 版本</h4><p>該版本適用於騰訊雲 EdgeOne、阿里云 CDN、天翼雲 CDN<br>直接下載(IPv4 腳本):<a href="https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Frost/DNSPod-Frost-IPv4.py">https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Frost/DNSPod-Frost-IPv4.py</a><br>直接下載(IPv6 腳本):<a href="https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Frost/DNSPod-Frost-IPv6.py">https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Frost/DNSPod-Frost-IPv6.py</a></p><h2 id="操作步驟"><a href="#操作步驟" class="headerlink" title="操作步驟"></a>操作步驟</h2><h3 id="获取腳本"><a href="#获取腳本" class="headerlink" title="获取腳本"></a>获取腳本</h3><p>您可直接下載腳本,或者使用 git clone 命令下載本腳本。<br>直接下載:</p><h4 id="Flame-版本-1"><a href="#Flame-版本-1" class="headerlink" title="Flame 版本"></a>Flame 版本</h4><p>該版本適用於騰訊雲 CDN、華為雲 CDN:<br>IPv4 腳本:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Flame/DNSPod-Flame-IPv4.py</span><br></pre></td></tr></table></figure><p>IPv6 腳本:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Flame/DNSPod-Flame-IPv6.py</span><br></pre></td></tr></table></figure><h4 id="Frost-版本-1"><a href="#Frost-版本-1" class="headerlink" title="Frost 版本"></a>Frost 版本</h4><p>該版本適用於騰訊雲 EdgeOne、阿裡雲 CDN、天翼雲 CDN:<br>IPv4 腳本:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Frost/DNSPod-Frost-IPv4.py</span><br></pre></td></tr></table></figure><p>IPv6 腳本:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget https://dl.r2wind.com/script/CNAMEFlattening/DNSPod/Frost/DNSPod-Frost-IPv6.py</span><br></pre></td></tr></table></figure><h4 id="使用-git-clone-命令下載腳本"><a href="#使用-git-clone-命令下載腳本" class="headerlink" title="使用 git clone 命令下載腳本"></a>使用 git clone 命令下載腳本</h4><p>使用 git clone 命令:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git <span class="built_in">clone</span> https://github.com/KincaidYang/CNAMEFlattening.git</span><br></pre></td></tr></table></figure><h3 id="修改變量配置"><a href="#修改變量配置" class="headerlink" title="修改變量配置"></a>修改變量配置</h3><p>打開腳本,修改以下變量:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 配置參數</span></span><br><span class="line"><span class="comment"># domanin 替換為自己的域名,如'r2wind.com'</span></span><br><span class="line">domain=<span class="string">'xxx.cn'</span></span><br><span class="line"><span class="comment"># sub_domain 替換為自己的子域名,如'@'或'www'</span></span><br><span class="line">subdomain=<span class="string">'xxx'</span></span><br><span class="line"><span class="comment"># CDNCNAME 請替換為 CDN 提供的 CNAME 地址,如'r2wind.com.cdn.dnsv1.com'</span></span><br><span class="line">CDNCNAME=<span class="string">'xxx.xxx.xxx.cn'</span></span><br><span class="line"><span class="comment"># SecretId 請替換為自己的騰訊雲 SecretId,可前往 https://console.cloud.tencent.com/cam/capi 获取</span></span><br><span class="line">SecretId=<span class="string">'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'</span></span><br><span class="line"><span class="comment"># SecretKey 請替換為自己的騰訊雲 SecretKey,可前往 https://console.cloud.tencent.com/cam/capi 获取</span></span><br><span class="line">SecretKey=<span class="string">'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'</span></span><br><span class="line"><span class="comment"># URL 為 DNSPod DOH 接口地址,用以獲取 CDN 實時解析情況,可自行替換為其他廠商的 DoH 接口</span></span><br><span class="line">DoH=<span class="string">'https://1.12.12.12/resolve'</span></span><br><span class="line"><span class="comment"># 記錄類型("A"為 IPv4,"AAAA"為 IPv6)</span></span><br><span class="line">record_type=<span class="string">'A'</span></span><br></pre></td></tr></table></figure><p>本站配置示例:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 配置參數</span></span><br><span class="line"><span class="comment"># domanin 替換為自己的域名</span></span><br><span class="line">domain=<span class="string">'r2wind.com'</span></span><br><span class="line"><span class="comment"># sub_domain 替換為自己的子域名</span></span><br><span class="line">subdomain=<span class="string">'@'</span></span><br><span class="line"><span class="comment"># CDNCNAME 請替換為 CDN 提供的 CNAME 地址</span></span><br><span class="line">CDNCNAME=<span class="string">'r2wind.com.cdn.qcloudcdn.cn'</span></span><br><span class="line"><span class="comment"># SecretId 請替換為自己的騰訊雲 SecretId</span></span><br><span class="line">SecretId=<span class="string">'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'</span></span><br><span class="line"><span class="comment"># SecretKey 請替換為自己的騰訊雲 SecretKey</span></span><br><span class="line">SecretKey=<span class="string">'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'</span></span><br><span class="line"><span class="comment"># URL 為 DNSPod DOH 接口地址,用以獲取 CDN 實時解析情況,可自行替換</span></span><br><span class="line">DoH=<span class="string">'https://1.12.12.12/resolve'</span></span><br><span class="line"><span class="comment"># 記錄類型("A"為 IPv4,"AAAA"為 IPv6)</span></span><br><span class="line">record_type=<span class="string">'A'</span></span><br></pre></td></tr></table></figure><blockquote><p>說明:<br>若覺得下方用於 ECS 協議的 IP 子網存在問題,可自行修改</p></blockquote><h3 id="安裝依賴"><a href="#安裝依賴" class="headerlink" title="安裝依賴"></a>安裝依賴</h3><p>腳本使用 Python3 運行,故您需要安裝 Python3 環境。(一般鏡像都會預裝 Python3)</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># CentOS/RHEL</span></span><br><span class="line">yum install python3</span><br><span class="line"><span class="comment"># Debian/Ubuntu</span></span><br><span class="line">apt install python3</span><br></pre></td></tr></table></figure><p>本腳本使用了 requests 庫和騰訊雲 SDK,故您還需要安裝 requests 庫和 SDK。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># requests 庫</span></span><br><span class="line">pip3 install requests</span><br><span class="line"><span class="comment"># 騰訊雲 SDK</span></span><br><span class="line">pip3 install tencentcloud-sdk-python</span><br></pre></td></tr></table></figure><blockquote><p>說明:<br>某些系統下可能需要將 pip3 替換為 pip。<br>使用前請您前往<a href="https://console.dnspod.cn/dns/list">DNSPod 控制台</a>添加相應記錄,否則本腳本將無法正常運行,或參照下述方式導入記錄。</p></blockquote><h4 id="下載記錄模板"><a href="#下載記錄模板" class="headerlink" title="下載記錄模板"></a>下載記錄模板</h4><h5 id="Flame-版本-2"><a href="#Flame-版本-2" class="headerlink" title="Flame 版本"></a>Flame 版本</h5><p>適用於騰訊雲 CDN、華為雲 CDN<br>IPv4 模板:<a href="https://dl.r2wind.com/template/DNSPod-IPv4-Flame.xls">https://dl.r2wind.com/template/DNSPod-IPv4-Flame.xls</a><br>IPv6 模板:<a href="https://dl.r2wind.com/template/DNSPod-IPv6-Flame.xls">https://dl.r2wind.com/template/DNSPod-IPv6-Flame.xls</a></p><h5 id="Frost-版本-2"><a href="#Frost-版本-2" class="headerlink" title="Frost 版本"></a>Frost 版本</h5><p>適用於騰訊雲 EdgeOne、阿里雲 CDN、天翼雲 CDN<br>IPv4 模板:<a href="https://dl.r2wind.com/template/DNSPod-IPv4-Frost.xls">https://dl.r2wind.com/template/DNSPod-IPv4-Frost.xls</a><br>IPv6 模板:<a href="https://dl.r2wind.com/template/DNSPod-IPv6-Frost.xls">https://dl.r2wind.com/template/DNSPod-IPv6-Frost.xls</a></p><blockquote><p>說明:<br>請根據版本選擇相應模板。<br>導入前請自行修改模板中的主機記錄。(若有需要)<br>導入前請自行修改模板中的記錄值為當前 CDN 節點 IP,否則會影響域名正常訪問。(節點 IP 可以通過 nslookup 查询 CDN CNAME 地址獲取)<br>若需要導入的記錄已在控制台添加過,請刪除原有記錄後再導入。</p></blockquote><h4 id="導入記錄"><a href="#導入記錄" class="headerlink" title="導入記錄"></a>導入記錄</h4><ol><li>登錄 <a href="https://console.dnspod.cn/dns/batch/import-record">DNSPod 控制台</a>,進入<strong>批量操作-導入記錄</strong>頁面。</li><li>輸入需要導入的域名,上傳已經修改好的模板,點擊<strong>導入</strong>。</li><li>等待導入完成,請注意查看導入結果,若有導入失敗的記錄,查看原因修正後手動添加記錄,不要重複導入。</li></ol><h3 id="調試腳本"><a href="#調試腳本" class="headerlink" title="調試腳本"></a>調試腳本</h3><p>請先在本地使用編輯器(如 VScode)調試腳本,若調試成功則可繼續部署。<br>若腳本正常運行,您將看到類似如下輸出:<br>{“RecordId”: 1300xxxxxx, “RequestId”: “b690601d-b97f-46fa-a5fb-xxxxxxxxxx”}<br>或<br>[TencentCloudSDKException] code:InvalidParameter.DomainRecordExist message:記錄已經存在,無需再次添加</p><h3 id="部署運行"><a href="#部署運行" class="headerlink" title="部署運行"></a>部署運行</h3><p>腳本使用 cron 定時運行,故您需要安裝 cron。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># CentOS/RHEL</span></span><br><span class="line">yum install cronie</span><br><span class="line"><span class="comment"># Debian/Ubuntu</span></span><br><span class="line">apt install cron</span><br></pre></td></tr></table></figure><p>安裝完成後,您需要編輯 crontab 文件,添加定時任務。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">crontab -e</span><br></pre></td></tr></table></figure><p>在 crontab 文件中添加如下内容:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">*/5 * * * * python3 /root/DNSPodCDNv4.py</span><br></pre></td></tr></table></figure><blockquote><p>說明:<br>本配置每 5 分鐘運行一次,您可以根據需要自行修改。<br>請將 /root/DNSPodCDNv4.py 替換為您的腳本路徑。<br>若您使用的是 IPv6 腳本,請將上述內容替換為 */5 * * * * python3 /root/DNSPodCDNv6.py</p></blockquote><h3 id="驗證效果"><a href="#驗證效果" class="headerlink" title="驗證效果"></a>驗證效果</h3><p>你可以喺 <a href="https://console.dnspod.cn/dns/list">DNSPod 控制台</a>查看對應域名嘅相關記錄,若記錄值已經更新為 CDN 節點 IP,則說明腳本運行成功。</p><h3 id="D-監控"><a href="#D-監控" class="headerlink" title="D 監控"></a>D 監控</h3><p>可開啟 D 監控配合使用,注意調整監控頻率,監控頻率應小於更新頻率。<br>注:D 監控僅支持 IPv4。</p><h2 id="問題反饋"><a href="#問題反饋" class="headerlink" title="問題反饋"></a>問題反饋</h2><p>若你喺使用過程中遇到任何問題,歡迎你提交 <a href="https://github.com/KincaidYang/CNAMEFlattening/issues">Issue</a>。</p>]]></content>
<summary type="html"><blockquote>
<p>由於 CNAME 與任何記錄都衝突的特性,在根域(@)下添加 CNAME 記錄指向 CDN(或其他服務)會導致 mx(郵箱記錄)、TXT(一些站長驗證)、DS 等常用記錄衝突等且多級 CNAME 會導致解析性能下降等問題,所以拉平是一個很不錯的解決</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="解析" scheme="https://yjz.hk/tags/%E8%A7%A3%E6%9E%90/"/>
<category term="DNSPod" scheme="https://yjz.hk/tags/DNSPod/"/>
<category term="作品集" scheme="https://yjz.hk/tags/%E4%BD%9C%E5%93%81%E9%9B%86/"/>
</entry>
<entry>
<title>本站現已支持 HTTPS 記錄(Type65)</title>
<link href="https://yjz.hk/articles/20221111.html"/>
<id>https://yjz.hk/articles/20221111.html</id>
<published>2022-11-11T04:29:50.000Z</published>
<updated>2022-11-11T04:29:50.000Z</updated>
<content type="html"><![CDATA[<blockquote><p>基於 DNSPod 提供的解析能力,本站現已支持 HTTPS 記錄 (HTTPS record) 即 Type65 記錄,截至發文時,該記錄相關規範仍在處理中,尚未最終確定,但已有部分廠商開始使用,如 CloudFlare、Apple 等。在 ios14 以後的版本上,系統會優先查詢 HTTPS 記錄,因此合理的配置 HTTPS 記錄可以有效的提升 ios 用戶的訪問體驗。其他瀏覽器如 Chrome 對該記錄的支持目前還處於試驗階段,可通過 chrome://flags/ 配置開啟。</p></blockquote><h2 id="記錄相關介紹"><a href="#記錄相關介紹" class="headerlink" title="記錄相關介紹"></a>記錄相關介紹</h2><p>HTTPS 記錄是一種新的 DNS 記錄類型,關於其詳細介紹請參閱:<a href="https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-11.txt">draft-ietf-dnsop-svcb-https-11</a>。</p><h2 id="配置方法"><a href="#配置方法" class="headerlink" title="配置方法"></a>配置方法</h2><p>由於該記錄仍在草案處理中,本文不再詳細介紹配置方法,具體可參見:<a href="https://docs.dnspod.cn/dns/help-https/">設置 HTTPS 記錄</a>。</p><h2 id="相關測試"><a href="#相關測試" class="headerlink" title="相關測試"></a>相關測試</h2><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">; <<>> DiG 9.16.30 <<>> r2wind.com https</span><br><span class="line">;; global options: +cmd</span><br><span class="line">;; Got answer:</span><br><span class="line">;; ->>HEADER<<- <span class="string">opcode: QUERY, status: NOERROR, id: 21184</span></span><br><span class="line"><span class="string">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; OPT PSEUDOSECTION:</span></span><br><span class="line"><span class="string">; EDNS: version: 0, flags:; udp: 4096</span></span><br><span class="line"><span class="string">;; QUESTION SECTION:</span></span><br><span class="line"><span class="string">;r2wind.com. IN HTTPS</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; ANSWER SECTION:</span></span><br><span class="line"><span class="string">r2wind.com. 10 IN HTTPS 1 alpn="h3,h3-29,h2" ipv4hint=104.26.15.53,172.67.70.22,104.26.14.53 ipv6hint=2606:4700:20::681a:f35,2606:4700:20::681a:e35,2606:4700:20::ac43:4616</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; Query time: 5 msec</span></span><br><span class="line"><span class="string">;; SERVER: 192.168.3.1#53(192.168.3.1)</span></span><br><span class="line"><span class="string">;; WHEN: Fri Nov 11 13:16:08 ;; MSG SIZE rcvd: 96</span></span><br></pre></td></tr></table></figure><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line">; <<>> DiG 9.19.5-1+0~20220921.84+debian11~1.gbp190ab0-Debian <<>> r2wind.com https @8.8.4.4 +subnet=1.1.1.0/24</span><br><span class="line">;; global options: +cmd</span><br><span class="line">;; Got answer:</span><br><span class="line">;; ->>HEADER<<- <span class="string">opcode: QUERY, status: NOERROR, id: 59916</span></span><br><span class="line"><span class="string">;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; OPT PSEUDOSECTION:</span></span><br><span class="line"><span class="string">; EDNS: version: 0, flags:; udp: 512</span></span><br><span class="line"><span class="string">; CLIENT-SUBNET: 1.1.1.0/24/24</span></span><br><span class="line"><span class="string">;; QUESTION SECTION:</span></span><br><span class="line"><span class="string">;r2wind.com. IN HTTPS</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; ANSWER SECTION:</span></span><br><span class="line"><span class="string">r2wind.com. 120 IN HTTPS 1 cloudflare.r2wind.com. alpn="h3,h3-29,h2" ipv4hint=104.26.15.53,172.67.70.22,104.26.14.53 ipv6hint=2606:4700:20::681a:f35,2606:4700:20::681a:e35,2606:4700:20::ac43:4616</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; Query time: 109 msec</span></span><br><span class="line"><span class="string">;; SERVER: 8.8.4.4#53(8.8.4.4) (UDP)</span></span><br><span class="line"><span class="string">;; WHEN: Fri Nov 11 13:17:53 CST 2022</span></span><br><span class="line"><span class="string">;; MSG SIZE rcvd: 170</span></span><br></pre></td></tr></table></figure>]]></content>
<summary type="html"><blockquote>
<p>基於 DNSPod 提供的解析能力,本站現已支持 HTTPS 記錄 (HTTPS record) 即 Type65 記錄,截至發文時,該記錄相關規範仍在處理中,尚未最終確定,但已有部分廠商開始使用,如 CloudFlare、Apple 等。在 io</summary>
<category term="公告" scheme="https://yjz.hk/categories/%E5%85%AC%E5%91%8A/"/>
<category term="DNSPOD" scheme="https://yjz.hk/tags/DNSPOD/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="解析" scheme="https://yjz.hk/tags/%E8%A7%A3%E6%9E%90/"/>
</entry>
<entry>
<title>如何正確變更 DNSPod 解析套餐(降級場景)</title>
<link href="https://yjz.hk/articles/20221020.html"/>
<id>https://yjz.hk/articles/20221020.html</id>
<published>2022-10-20T13:15:26.000Z</published>
<updated>2022-10-20T15:15:26.000Z</updated>
<content type="html"><![CDATA[<h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><p>本文將指導您如何完成 DNSPod 解析套餐的變更,適用於降級場景(將套餐由高版本改至低版本,如企業版更換為專業版)。</p><h2 id="前提條件"><a href="#前提條件" class="headerlink" title="前提條件"></a>前提條件</h2><ul><li>擁有需變更套餐域名的管理權限。</li><li>已購買其他版本套餐,若降級至免費版本,請忽略。</li></ul><h2 id="操作步驟"><a href="#操作步驟" class="headerlink" title="操作步驟"></a>操作步驟</h2><h3 id="將域名-DNS-伺服器更改為免費版本"><a href="#將域名-DNS-伺服器更改為免費版本" class="headerlink" title="將域名 DNS 伺服器更改為免費版本"></a>將域名 DNS 伺服器更改為免費版本</h3><blockquote><p>說明:<br>由於降級 DNS 套餐版本需要解綁當前套餐,解綁套餐後若域名 DNS 伺服器仍為原套餐版本的 DNS 伺服器地址將導致域名無法解析;且受各地運營商遞歸 DNS 緩存影響,即使在變更套餐後及時修改域名 DNS 伺服器地址為當前版本套餐地址,也可能導致在 72 小時內出現解析異常等影響業務的情況。所以在變更套餐前請您將域名 DNS 伺服器更換為免費版本,以確保降級套餐不會影響正常解析。</p></blockquote><h4 id="獲取免費版本-DNS-伺服器地址"><a href="#獲取免費版本-DNS-伺服器地址" class="headerlink" title="獲取免費版本 DNS 伺服器地址"></a>獲取免費版本 DNS 伺服器地址</h4><ol><li>登錄<a href="https://console.dnspod.cn/dns/list">騰訊雲 DNSPod控制台</a>。<br><img src="https://resources.r2wind.com/img/202210/20221020213203.png" alt="解析控制台"></li><li>單擊 <strong>DNS解析</strong>,在<strong>我的域名</strong>頁面點擊需要變更套餐的域名。<br><img src="https://resources.r2wind.com/img/202210/20221020213908.png" alt="選擇域名"></li><li>進入後單擊<strong>域名設置</strong>並點擊<strong>查看免費版的 DNS 伺服器</strong>。<br><img src="https://resources.r2wind.com/img/202210/20221020214130.png" alt="查看免費版域名伺服器"></li><li>記錄免費版本 DNS 伺服器並前往域名註冊商將 DNS 伺服器變更為免費版本。<br><img src="https://resources.r2wind.com/img/202210/20221020214511.png" alt="免費版本 NS 地址"></li></ol><h4 id="更改域名-DNS-伺服器"><a href="#更改域名-DNS-伺服器" class="headerlink" title="更改域名 DNS 伺服器"></a>更改域名 DNS 伺服器</h4><h5 id="域名在騰訊雲"><a href="#域名在騰訊雲" class="headerlink" title="域名在騰訊雲"></a>域名在騰訊雲</h5><p>若您為騰訊雲平台註冊域名,請登錄<a href="https://console.cloud.tencent.com/domain/all-domain">騰訊雲域名控制台</a>,找到需要設置的域名,單擊<strong>更多</strong>→<strong>修改 DNS 伺服器</strong>→<strong>自定義 DNS</strong>,輸入免費版 DNS 並點擊保存,如下述圖片所示:<br><img src="https://resources.r2wind.com/img/202210/20221020230311.png" alt="修改 DNS"><br><img src="https://resources.r2wind.com/img/202210/20221020230711.png" alt="保存修改"></p><h5 id="域名不在騰訊雲"><a href="#域名不在騰訊雲" class="headerlink" title="域名不在騰訊雲"></a>域名不在騰訊雲</h5><p>若您的域名註冊平台非騰訊雲,請參考<a href="https://docs.dnspod.cn/dns/paid-dns-downgrade-free-dns/#%E6%AD%A5%E9%AA%A4%E4%BA%8C%EF%BC%9A%E5%9F%9F%E5%90%8D-dns-%E4%BF%AE%E6%94%B9%E4%B8%BA%E5%85%8D%E8%B4%B9%E7%89%88-dns-%E6%9C%8D%E5%8A%A1%E5%99%A8">付費套餐 DNS 修改為免費套餐 DNS地址</a>完成修改,若文檔中未包含您的域名註冊商,請諮詢您的域名註冊商客服完成修改。</p><h3 id="變更套餐"><a href="#變更套餐" class="headerlink" title="變更套餐"></a>變更套餐</h3><blockquote><p>重要提示:<br>警告,請在修改域名 DNS 伺服器為免費版 72 小時後再繼續進行操作,否則可能影響解析!<br>警告,請在修改域名 DNS 伺服器為免費版 72 小時後再繼續進行操作,否則可能影響解析!<br>警告,請在修改域名 DNS 伺服器為免費版 72 小時後再繼續進行操作,否則可能影響解析!</p></blockquote><h4 id="解綁套餐"><a href="#解綁套餐" class="headerlink" title="解綁套餐"></a>解綁套餐</h4><ol><li>登錄<a href="https://console.dnspod.cn/dns/plans">DNSPod 控制台——套餐管理</a>,找到需要變更套餐的域名,單擊<strong>解綁</strong><br><img src="https://resources.r2wind.com/img/202210/20221020231303.png" alt="解綁套餐"></li><li>按照界面提示再次確認是否<strong>已經將域名 DNS 伺服器切換為免費版本</strong>,<strong>確認無誤</strong>後點擊<strong>確定解綁</strong>。<br><img src="https://resources.r2wind.com/img/202210/16662790897535.png" alt="確定解綁"></li></ol><h4 id="綁定套餐"><a href="#綁定套餐" class="headerlink" title="綁定套餐"></a>綁定套餐</h4><ol><li>找到變更後的套餐並單擊<strong>綁定</strong><br><img src="https://resources.r2wind.com/img/202210/20221020232128.png" alt="綁定"></li><li>選擇需要變更套餐的域名單擊<strong>確定</strong>完成綁定<br><img src="https://resources.r2wind.com/img/202210/20221020232234.png" alt="完成綁定"></li></ol><h4 id="更改域名-DNS-伺服器為當前套餐對應地址"><a href="#更改域名-DNS-伺服器為當前套餐對應地址" class="headerlink" title="更改域名 DNS 伺服器為當前套餐對應地址"></a>更改域名 DNS 伺服器為當前套餐對應地址</h4><p>完成綁定後請前往域名註冊商將域名 DNS 伺服器地址修改為當前套餐所對應的 DNS 伺服器地址,具體可參考:<a href="https://docs.dnspod.cn/dns/changedns/">域名如何配置為 DNSPod 的 DNS 伺服器</a>。<br><strong>各版本對應 DNS 伺服器地址如下:</strong></p><table><thead><tr><th>解析套餐版本</th><th>DNS 地址</th></tr></thead><tbody><tr><td>免費版</td><td>DNS 解析 DNSPod 為每個用戶隨機分配了2個組合 DNS 地址,若需要查詢您專屬的 DNS 地址,請您 <a href="https://cloud.tencent.com/document/product/302/5518#.E6.9F.A5.E7.9C.8B-dns-.E6.9C.8D.E5.8A.A1.E5.99.A8">查看 DNS 伺服器</a>。</td></tr><tr><td>專業版</td><td>ns3.dnsv2.com/ns4.dnsv2.com</td></tr><tr><td>企業版</td><td>ns3.dnsv4.com/ns4.dnsv4.com</td></tr><tr><td>尊享版</td><td>ns3.dnsv5.com/ns4.dnsv5.com</td></tr></tbody></table>]]></content>
<summary type="html"><h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><p>本文將指導您如何完成 DNSPod 解析套餐的變更,適用於降級場景(將套餐由高版本改至低版本,如企業版更換為專業版)。</p</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="DNSPOD" scheme="https://yjz.hk/tags/DNSPOD/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="解析" scheme="https://yjz.hk/tags/%E8%A7%A3%E6%9E%90/"/>
<category term="作品集" scheme="https://yjz.hk/tags/%E4%BD%9C%E5%93%81%E9%9B%86/"/>
</entry>
<entry>
<title>關於“指向 Github 靜態託管頁面引起騰訊雲免費證書無法簽發”問題的解決方案</title>
<link href="https://yjz.hk/articles/20221006.html"/>
<id>https://yjz.hk/articles/20221006.html</id>
<published>2022-10-06T08:05:50.000Z</published>
<updated>2022-10-06T08:05:50.000Z</updated>
<content type="html"><![CDATA[<h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><h3 id="操作目的"><a href="#操作目的" class="headerlink" title="操作目的"></a>操作目的</h3><p>本文將指導您解決當您的網站使用 Github 靜態託管時導致騰訊雲免費證書無法簽發的問題。</p><h3 id="問題背景"><a href="#問題背景" class="headerlink" title="問題背景"></a>問題背景</h3><ol><li>自2022年03月03日22:00:00起,TrustAsia 根證書籤發由 Digicert 根證書變更為 Sectigo 根證書。</li><li>用戶使用 Github 靜態託管時通常會將域名指向 Github 提供的CNAME記錄值,如”username.github.io”。</li><li>將域名指向 Github 提供的CNAME記錄值意味着該域名(子域名)所有解析記錄類型(含CAA)的紀錄值均由”username.github.io”提供。</li><li>由於 Github 提供的CNAME記錄值”username.github.io”中包含 CAA 記錄(如下述示例),且改該域名 CAA 記錄中不包含 Sectigo 根證書的授權,因此將導致騰訊雲免費證書無法簽發。</li></ol><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line">rttw@Kincaid:~$ dig username.github.io caa</span><br><span class="line"></span><br><span class="line">; <<>> DiG 9.19.5-1+0~20220921.84+debian11~1.gbp190ab0-Debian <<>> username.github.io caa</span><br><span class="line">;; global options: +cmd</span><br><span class="line">;; Got answer:</span><br><span class="line">;; ->>HEADER<<- <span class="string">opcode: QUERY, status: NOERROR, id: 19362</span></span><br><span class="line"><span class="string">;; flags: qr rd ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0</span></span><br><span class="line"><span class="string">;; WARNING: recursion requested but not available</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; QUESTION SECTION:</span></span><br><span class="line"><span class="string">;username.github.io. IN CAA</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; ANSWER SECTION:</span></span><br><span class="line"><span class="string">username.github.io. 0 IN CAA 0 issue "letsencrypt.org"</span></span><br><span class="line"><span class="string">username.github.io. 0 IN CAA 0 issuewild "digicert.com"</span></span><br><span class="line"><span class="string">username.github.io. 0 IN CAA 0 issue "digicert.com"</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; Query time: 90 msec</span></span><br><span class="line"><span class="string">;; SERVER: 172.17.128.1#53(172.17.128.1) (UDP)</span></span><br><span class="line"><span class="string">;; WHEN: Thu Oct 06 16:28:14 CST 2022</span></span><br><span class="line"><span class="string">;; MSG SIZE rcvd: 154</span></span><br></pre></td></tr></table></figure><ol start="5"><li>域名所有者通過設置 CAA 解析記錄來授權指定的 CA 機構為其頒發 SSL 證書,同時 CA 機構根據規範要求,在頒發 SSL 證書時會強制性檢查域名 CAA 記錄,如果檢查發現未獲得授權,將拒絕為該域名頒發 SSL 證書,從而防止未授權的 SSL 證書錯誤頒發,規避安全風險。</li></ol><h2 id="操作步驟"><a href="#操作步驟" class="headerlink" title="操作步驟"></a>操作步驟</h2><ol><li><p>登錄 <a href="https://console.dnspod.cn/dns/list">DNSPod解析控制台</a>,找到並單擊申請證書的域名。<br><img src="https://resources.r2wind.com/img/202210/20221006163725.png" alt="解析控制台"></p></li><li><p>找到指向 Github 的 CNAME 記錄,單擊右側的暫停按鈕並暫停解析。</p><blockquote><p>說明:</p><ol><li>僅需要暫停當前申請證書域名及主域名上指向 Github靜態託管 的 CNAME 記錄,其他指向記錄不需要暫停。(例如我為”blogs.dnstest.cc”申請證書,那我僅需暫停主機記錄為”@”和”blogs”的指向 Github靜態託管 的 CNAME 記錄,其他指向記錄不需要暫停。)</li><li>若您為主域名申請證書,請暫停主機記錄為”www”和”@”的指向 Github靜態託管 的 CNAME 記錄,其他指向記錄不需要暫停。</li><li>僅需要暫停指向 Github靜態託管 的 CNAME 記錄,其他記錄不需要暫停。</li></ol></blockquote></li></ol><p><img src="https://resources.r2wind.com/img/202210/20221006165402.png" alt="暫停解析"></p><ol start="3"><li>單擊<strong>添加記錄</strong>添加A記錄&AAAA記錄指向 Github 靜態託管的 IP 地址,以避免影響站點正常訪問。<blockquote><p>說明:</p><ol><li>暫停哪些主機記錄就為哪些主機記錄添加 A 記錄 & AAAA 記錄,其他主機記錄不需要添加。</li><li>Github 靜態託管的 IP 地址為:<table><thead><tr><th>IPv4</th><th>IPv6(可選)</th></tr></thead><tbody><tr><td>185.199.108.153</td><td>2606:50c0:8000::153</td></tr><tr><td>185.199.109.153</td><td>2606:50c0:8001::153</td></tr><tr><td>185.199.110.153</td><td>2606:50c0:8002::153</td></tr><tr><td>185.199.111.153</td><td>2606:50c0:8003::153</td></tr></tbody></table></li><li>任選一個 IP 地址添加即可,不需要添加所有 IP 地址:</li></ol></blockquote></li></ol><p><img src="https://resources.r2wind.com/img/202210/20221006170511.png" alt="添加記錄"></p><ol start="4"><li>待證書籤發後刪除添加的 A 記錄 & AAAA 記錄,單擊已暫停的 CNAME 記錄右側的開啟按鈕恢復原有解析。</li></ol>]]></content>
<summary type="html"><h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><h3 id="操作目的"><a href="#操作目的" class="headerlink" title="操作目的"></a</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="DNSPOD" scheme="https://yjz.hk/tags/DNSPOD/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="作品集" scheme="https://yjz.hk/tags/%E4%BD%9C%E5%93%81%E9%9B%86/"/>
<category term="SSL" scheme="https://yjz.hk/tags/SSL/"/>
</entry>
<entry>
<title>為甚麼添加一些解析的時候記錄值(域名)後面會帶個點?</title>
<link href="https://yjz.hk/articles/20220908.html"/>
<id>https://yjz.hk/articles/20220908.html</id>
<published>2022-09-08T01:16:16.000Z</published>
<updated>2022-09-08T01:49:16.000Z</updated>
<content type="html"><![CDATA[<blockquote><p>很多朋友可能會發現,在添加 CNAME、MX、NS 等記錄的時候,記錄值後面通常會自動補充一個”.”(如下圖),那為甚麼會自動添加這個”.”呢?<br><img src="https://resources.r2wind.com/img/202209/20220907093624.png" alt="DNSPod控制台"></p></blockquote><h2 id="為甚麼會自動添加”-”呢?"><a href="#為甚麼會自動添加”-”呢?" class="headerlink" title="為甚麼會自動添加”.”呢?"></a>為甚麼會自動添加”.”呢?</h2><h3 id="DNS-命名空間結構"><a href="#DNS-命名空間結構" class="headerlink" title="DNS 命名空間結構"></a>DNS 命名空間結構</h3><p>要知到答案,那首先我們應該了解一下 DNS 的層次結構,域名空間實際上是一個樹狀結構(大概像下圖),在這個“樹”中任何一個節點完整的域名都是從root到該節點路徑上所有標籤的逆序組合,或從該節點到root路徑上所有標籤的順序組合,中間以”.”分隔。<br><img src="https://resources.r2wind.com/img/202209/domains.png" alt="域名空間"><br>以本站首頁域名為例,從”r2wind”到根域名”root”,所以該節點完整的域名則為”r2wind.com.”(最後面的”.”代表 root,實際上是以”.”和一個空標籤結尾的),但為了方便通常寫成一個單獨的”.”這種寫法也被稱為完全限定域名 (FQDN) 。</p><p>只不過平時在訪問的時候,我們通常不會寫成”r2wind.com.”這種形式,而是直接寫成”r2wind.com”,但是在解析系統中這個點是不允許被省略的,不然可能會出現一些奇奇怪怪的問題,當然最重要的是要符合RFC的相關規範。</p><blockquote><p>有關 RFC 的詳細訊息,可訪問互聯網工程工作組 (IETF) 的官網查看:<a href="https://www.ietf.org/">IETF | Internet Engineering Task Force</a></p></blockquote><h3 id="遞歸-DNS-解析過程"><a href="#遞歸-DNS-解析過程" class="headerlink" title="遞歸 DNS 解析過程"></a>遞歸 DNS 解析過程</h3><p>估計到現在大家可能還可能有點懵,那我們再來看看遞歸 DNS 解析過程,來幫助大家的理解:<br>下面是一個完整的遞歸 DNS 解析過程:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br></pre></td><td class="code"><pre><span class="line">rttw@Kincaid:~$ dig www.r2wind.com +trace</span><br><span class="line"></span><br><span class="line">; <<>> DiG 9.19.4-1+0~20220818.83+debian11~1.gbp3f0f1b-Debian <<>> www.r2wind.com +trace</span><br><span class="line">;; global options: +cmd</span><br><span class="line">. 0 IN NS f.root-servers.net.</span><br><span class="line">. 0 IN NS e.root-servers.net.</span><br><span class="line">. 0 IN NS j.root-servers.net.</span><br><span class="line">. 0 IN NS i.root-servers.net.</span><br><span class="line">. 0 IN NS g.root-servers.net.</span><br><span class="line">. 0 IN NS b.root-servers.net.</span><br><span class="line">. 0 IN NS d.root-servers.net.</span><br><span class="line">. 0 IN NS h.root-servers.net.</span><br><span class="line">. 0 IN NS c.root-servers.net.</span><br><span class="line">. 0 IN NS k.root-servers.net.</span><br><span class="line">. 0 IN NS l.root-servers.net.</span><br><span class="line">. 0 IN NS m.root-servers.net.</span><br><span class="line">. 0 IN NS a.root-servers.net.</span><br><span class="line">;; Received 432 bytes from 192.168.192.1<span class="comment">#53(192.168.192.1) in 859 ms</span></span><br><span class="line"><span class="comment"># 遞歸返回根域名伺服器的 NS 記錄</span></span><br><span class="line"></span><br><span class="line">cn. 172800 IN NS a.dns.cn.</span><br><span class="line">cn. 172800 IN NS d.dns.cn.</span><br><span class="line">cn. 172800 IN NS e.dns.cn.</span><br><span class="line">cn. 172800 IN NS c.dns.cn.</span><br><span class="line">cn. 172800 IN NS b.dns.cn.</span><br><span class="line">cn. 172800 IN NS ns.cernet.net.</span><br><span class="line">cn. 172800 IN NS g.dns.cn.</span><br><span class="line">cn. 172800 IN NS f.dns.cn.</span><br><span class="line">cn. 86400 IN DS 57724 8 2 5D0423633EB24A499BE78AA22D1C0C9BA36218FF49FD95A4CDF1A4AD 97C67044</span><br><span class="line">cn. 86400 IN RRSIG DS 8 1 86400 20220920040000 20220907030000 20826 . Pir1xOUL//xWJtc9ey7zZJDmwSPnXHGGLTHpxxuOKwxchQkQvoSYGtCG L6YrRWEpFputpuFpK3DvPCbtPZQMje1Mr2H4vT7nZ47ht0Xr2brWSDlR maELk8iKsuNYwoJ3fL75yn1N0jEABxnYFfo9r4Pp0nfN0XVAIHvAiGE8 nhEFSmmmEZidrLfPT84+QKeXOc8fotDme/Byi5F3Uc3IRu8mq7BE/N/+ 4nXAVgXbWhO9/ULnlAK76bFqoz0qZmvrcrmSB08K//QVG4io+4nbpFyl dUlziRCAiT6h7L6WwK9XDBeWNhSMptvYJRVS01rC2X7OWqKvnU2fL/Bs FYzCSg==</span><br><span class="line">;; Received 708 bytes from 202.12.27.33<span class="comment">#53(m.root-servers.net) in 99 ms</span></span><br><span class="line"><span class="comment"># 根域名伺服器返回 cn 域名的 NS 記錄</span></span><br><span class="line"></span><br><span class="line">;; UDP setup with 2001:dc7::1<span class="comment">#53(2001:dc7::1) for www.r2wind.com failed: network unreachable.</span></span><br><span class="line">;; UDP setup with 2001:dc7::1<span class="comment">#53(2001:dc7::1) for www.r2wind.com failed: network unreachable.</span></span><br><span class="line">;; UDP setup with 2001:dc7::1<span class="comment">#53(2001:dc7::1) for www.r2wind.com failed: network unreachable.</span></span><br><span class="line">r2wind.com. 86400 IN NS ns3.dnsv4.com.</span><br><span class="line">r2wind.com. 86400 IN NS ns4.dnsv4.com.</span><br><span class="line">3QDAQA092EE5BELP64A74EBNB8J53D7E.cn. 21600 IN NSEC3 1 1 10 AEF123AB 3QHKTF6LTFG8AAFUUAJSR8RVAJP99SFU NS SOA RRSIG DNSKEY NSEC3PARAM</span><br><span class="line">3QDAQA092EE5BELP64A74EBNB8J53D7E.cn. 21600 IN RRSIG NSEC3 8 2 21600 20220929034902 20220830024902 38388 cn. nQpTOptIW40mn9r1uPSO/yIvyEcdfV/zhfXVU/nZptRs+gDk8MYnqO7c i3yXB2XYzZFXM3ofDWXIJHgHq42agy02zSkDKN3XabB0Y6F2Oy3FhFBP O5fNM97I5Nu1NEE2ZZ5XyGAfMZyNhjsOry66+56C4s/Dlu1LcE151vey ecY=</span><br><span class="line">8TF4MEBDESE2OSVH717D9VC1F7BFN1VI.cn. 21600 IN NSEC3 1 1 10 AEF123AB 8TKMCNJ923RR3GI4UAK4FF8RHB788CNF CNAME RRSIG</span><br><span class="line">8TF4MEBDESE2OSVH717D9VC1F7BFN1VI.cn. 21600 IN RRSIG NSEC3 8 2 21600 20220929034902 20220830024902 38388 cn. MgMG/eoy7e3ugs4TjsTxf5Ji9mvFsYYJpM+e4LayayDIMzs3JpkdKgEn ba3BmaaKclE6aDe8iL0uYSNiUMRgfMJb10yg066tDn+6bQH7BHl0paNY REZMB/+idFumyB3icj+JjCxrQe7j2fPp6aQUv3VBaEVLrp22XbnWZsbx scI=</span><br><span class="line">;; Received 608 bytes from 202.112.0.44<span class="comment">#53(ns.cernet.net) in 29 ms</span></span><br><span class="line"><span class="comment"># cn 域名伺服器返回 r2wind.com. 的 NS 記錄</span></span><br><span class="line"></span><br><span class="line">www.r2wind.com. 600 IN A 120.78.190.225</span><br><span class="line">r2wind.com. 86400 IN NS ns4.dnsv4.com.</span><br><span class="line">r2wind.com. 86400 IN NS ns3.dnsv4.com.</span><br><span class="line">;; Received 112 bytes from 1.12.0.25<span class="comment">#53(ns3.dnsv4.com) in 39 ms</span></span><br><span class="line"><span class="comment"># r2wind.com 域名伺服器返回 www.r2wind.com. 的 A 記錄</span></span><br></pre></td></tr></table></figure><p>由上面一大串的流程中可以看到查詢是從根開始進行查詢的,然後根據返回的各個域名 NS 記錄進行查詢,直到查詢到最終的 A 記錄。</p><p>可能你會好奇,為甚麼要有根?</p><p>根的主要作用是管理互聯網的主目錄。可以設想一下,如果沒有根,以查詢 <strong>tencent.com</strong> 為例,在查詢解析的時候你得先找到 com 的 NS 記錄及其對應的 IP 地址,然後才能獲取到 <strong>tencent.com</strong> 的 NS記錄 繼續進行遞歸查詢。</p><p>不知道這裏會不會有人說那我挨個獲取就好了,何必需要根呢?<br>不得不說這是個好問題,但理想很豐滿,現實很骨感,目前全球共有1591個 TLD ,你可以試想一下,你獲取這些 TLD 的 NS 記錄需要多長時間,而且這些 TLD 的 NS 記錄是不斷變化的,如果你要想自己維護的話,頭大不說,還可能會有很多隱患。交給根他不香嘛?</p><h3 id="域名分級"><a href="#域名分級" class="headerlink" title="域名分級"></a>域名分級</h3><p>提到這裏,那我們再說說域名分級,我們平時能註冊到的域名到底是幾級域名呢?</p><p>答案是二級。</p><p>那域名究竟是如何分級的?<br>回到上面的樹狀圖,我們可以看到,root 下面有若干個頂級域名,例如:cn、com、org、edu等等,這些被稱為頂級域名或者一級域名;這些頂級域名下面又分為若干個二級域名,以 cn 為例,下面有若干個二級域名,例如:dnspod、r2wind,而二級域名下面可能又會分為若干個三級域名,以 dnspod 為例,下面又分為了若干個三級域名,例如:www、docs、console 等等,以此類推,這就是域名的分級。</p><p>總結一下域名分級規則:</p><ul><li>頂級域名(TLD):頂級域是root的子域,例如:com;</li><li>一級域名(FLD):一級域也是root的子域(一級域和頂級域是同一個概念);</li><li>二級域名(SLD):二級域是一級域的子域,例如:tencent.com是 com 的子域;</li><li>依此類推…..</li></ul><h2 id="加”-”會影響解析嘛?"><a href="#加”-”會影響解析嘛?" class="headerlink" title="加”.”會影響解析嘛?"></a>加”.”會影響解析嘛?</h2><p>仔細看看上面的解析過程,除了一開始輸入命令的時候後面沒有”.”,剩下其他域名哪個後面沒有”.”呢?<br>在 DNS 中,加”.”不會影響解析,但是不加”.”可能就是另一個故事(事故)啦。所以當你設置相關的紀錄不能解析的時候,別再怪後面自動加了”.”,找找其他的原因吧。</p><p>下面是一個有趣的例子,我查詢的是 me,卻返回了 me.r2wind.com的 A 記錄:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">root@Kincaid:~<span class="comment"># nslookup me 8.8.8.8</span></span><br><span class="line">Server: 8.8.8.8</span><br><span class="line">Address: 8.8.8.8<span class="comment">#53</span></span><br><span class="line"></span><br><span class="line">Non-authoritative answer:</span><br><span class="line">Name: me.r2wind.com</span><br><span class="line">Address: 106.52.72.124</span><br></pre></td></tr></table></figure><p>這是因為我設置了主機的本地域名,所以系統會自動在後面添加上 r2wind.com,但當我在查詢 me 加了”.”後,可以看到報錯了,如下:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">root@Kincaid:~<span class="comment"># nslookup me. 8.8.8.8</span></span><br><span class="line">;; communications error to 8.8.8.8<span class="comment">#53: timed out</span></span><br><span class="line">Server: 8.8.8.8</span><br><span class="line">Address: 8.8.8.8<span class="comment">#53</span></span><br><span class="line"></span><br><span class="line">Non-authoritative answer:</span><br><span class="line">*** Can<span class="string">'t find me: No answer</span></span><br></pre></td></tr></table></figure><p>報錯的原因也很簡單,加”.”系統會認為你查詢的是一個完整的域名,這種情況下系統不會在後面添加本地域名,而是直接進行遞歸查詢,但 me 這個域是沒有解析 A/AAAA 記錄的,所以就會報錯。</p><p>這裏不知道會不會有人說頂級域哪有解析 A/AAAA 記錄的,感興趣的話你可以去訪問一下 <a href="http://ai./">http://ai./</a> 這個頂級域。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line">root@Kincaid:~<span class="comment"># dig ai. @8.8.8.8</span></span><br><span class="line"></span><br><span class="line">; <<>> DiG 9.19.4-1+0~20220818.83+debian11~1.gbp3f0f1b-Debian <<>> ai. @8.8.8.8</span><br><span class="line">;; global options: +cmd</span><br><span class="line">;; Got answer:</span><br><span class="line">;; ->>HEADER<<- <span class="string">opcode: QUERY, status: NOERROR, id: 15833</span></span><br><span class="line"><span class="string">;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; OPT PSEUDOSECTION:</span></span><br><span class="line"><span class="string">; EDNS: version: 0, flags:; udp: 512</span></span><br><span class="line"><span class="string">;; QUESTION SECTION:</span></span><br><span class="line"><span class="string">;ai. IN A</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; ANSWER SECTION:</span></span><br><span class="line"><span class="string">ai. 21600 IN A 209.59.119.34</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">;; Query time: 319 msec</span></span><br><span class="line"><span class="string">;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)</span></span><br><span class="line"><span class="string">;; WHEN: Thu Sep 08 08:29:01 CST 2022</span></span><br><span class="line"><span class="string">;; MSG SIZE rcvd: 47</span></span><br></pre></td></tr></table></figure><p>是不是有人想問域名 ai 的後綴是甚麼?是根 (root) 。</p><h2 id="總結"><a href="#總結" class="headerlink" title="總結"></a>總結</h2><p>好像說了好多廢話哈哈哈,總結一下吧:</p><ul><li>不要覺得加”.”很奇怪,如果你覺得奇怪,建議抽空了解一下 DNS 相關的知識吧。</li><li>加”.”不會影響解析!加”.”不會影響解析!加”.”不會影響解析!——重要的事情說三遍</li><li>由於博主的水平有限,文章中可能會有一些錯誤,歡迎各位大佬批評指正。</li></ul><h2 id="參考"><a href="#參考" class="headerlink" title="參考"></a>參考</h2><ul><li><a href="https://tools.ietf.org/html/rfc1034">RFC 1034</a></li><li><a href="https://tools.ietf.org/html/rfc1035">RFC 1035</a></li><li><a href="https://www.iana.org/domains/root/db">Root Zone Database</a></li><li>DNS and BIND, 5th Edition,by Cricket Lliu and Paul Albitz(O’Reilly).Copyright 2006, O’Reilly Media, Inc. ISBN: 0-596-10057-4.</li><li><a href="https://docs.microsoft.com/zh-cn/windows/win32/dns/dns-standards-documents">DNS 標準文檔</a></li></ul><h2 id="其他"><a href="#其他" class="headerlink" title="其他"></a>其他</h2><p>附上一些區域文件:<br><a href="https://www.internic.net/domain/db.cache">https://www.internic.net/domain/db.cache</a><br><a href="https://www.internic.net/domain/root.zone">https://www.internic.net/domain/root.zone</a><br><a href="https://www.internic.net/domain/arpa.zone">https://www.internic.net/domain/arpa.zone</a><br><a href="https://www.internic.net/domain/ip6.arpa.zone">https://www.internic.net/domain/ip6.arpa.zone</a></p>]]></content>
<summary type="html"><blockquote>
<p>很多朋友可能會發現,在添加 CNAME、MX、NS 等記錄的時候,記錄值後面通常會自動補充一個”.”(如下圖),那為甚麼會自動添加這個”.”呢?<br><img src="https://resources.r2wind.com/img/20220</summary>
<category term="隨筆" scheme="https://yjz.hk/categories/%E9%9A%A8%E7%AD%86/"/>
<category term="DNSPOD" scheme="https://yjz.hk/tags/DNSPOD/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="解析" scheme="https://yjz.hk/tags/%E8%A7%A3%E6%9E%90/"/>
</entry>
<entry>
<title>騰訊企業郵箱向 Gmail(Google郵箱)發送郵件被退回(550 5.7.26)問題的解決方案</title>
<link href="https://yjz.hk/articles/20220810.html"/>
<id>https://yjz.hk/articles/20220810.html</id>
<published>2022-08-10T11:41:48.000Z</published>
<updated>2024-05-07T14:00:43.570Z</updated>
<content type="html"><![CDATA[<blockquote><p>近期有小伙伴反應使用騰訊企業郵箱向 Gmail 發送郵件遇到被退回的情況,退信提示中包含:550 5.7.26,協助排查了幾個case,發現原因基本都是沒有添加SPF記錄導致的,下面給大家分享一下排查解決方案:</p></blockquote><h2 id="前提條件"><a href="#前提條件" class="headerlink" title="前提條件"></a>前提條件</h2><p>本教程僅適用於使用騰訊雲企業郵箱且域名託管在騰訊雲 DNSPod 的用戶,若您域名託管在其他服務商,此教程僅可做部分參考:</p><h2 id="操作步驟"><a href="#操作步驟" class="headerlink" title="操作步驟"></a>操作步驟</h2><h3 id="登錄騰訊雲-DNSPod-控制台"><a href="#登錄騰訊雲-DNSPod-控制台" class="headerlink" title="登錄騰訊雲 DNSPod 控制台"></a>登錄騰訊雲 DNSPod 控制台</h3><p>1、登錄 <a href="https://console.dnspod.cn/dns/list">DNSPod 解析控制台</a>,如下圖所示:<br><img src="https://resources.r2wind.com/img/202208/dnspod-login.png" alt="騰訊雲控制台"><br>2、點擊對應的域名進入記錄詳情頁面,如下圖所示:<br><img src="https://resources.r2wind.com/img/202208/dnspod-record-detail.png" alt="記錄詳情"></p><h3 id="添加記錄"><a href="#添加記錄" class="headerlink" title="添加記錄"></a>添加記錄</h3><h4 id="添加SPF記錄"><a href="#添加SPF記錄" class="headerlink" title="添加SPF記錄"></a>添加SPF記錄</h4><blockquote><p><strong>說明:</strong><br>1、發件人策略框架 SPF(Sender Policy Framework):可用於指定發送郵件的伺服器,是一種廣泛部署且非常高效的垃圾郵件解決方案。<br>2、SPF記錄對於新手來講整體較為複雜,不建議大家自行編寫添加,請使用企業郵箱提供的模板添加。<br><strong>記錄內容:</strong><br>主機記錄:@<br>記錄類型:選擇TXT和SPF均可,建議選擇TXT(SPF記錄是TXT記錄的一種特殊形式)<br>記錄值(文本內容):v=spf1 include:spf.mail.qq.com ~all<br>其他:未涉及到的保持默認即可</p></blockquote><p><strong>1、點擊”添加記錄”,按上述”記錄內容”進行填寫,如下圖所示:</strong><br><strong>界面一:</strong><br><img src="https://resources.r2wind.com/img/202208/dnspod-add-record-spf-1.png" alt="添加記錄"><br><strong>界面二:</strong><br><img src="https://resources.r2wind.com/img/202208/dnspod-add-record-spf-2.png" alt="添加記錄"><br><strong>2、填寫完成後點擊確認保存即可</strong></p><h4 id="添加DMARC記錄(可選)"><a href="#添加DMARC記錄(可選)" class="headerlink" title="添加DMARC記錄(可選)"></a>添加DMARC記錄(可選)</h4><blockquote><p><strong>說明:</strong><br>1、DMARC(Domain-based Message Authentication, Authorization & Reporting):是一種基於現有的SPF和DKIM協議的可擴展電子郵件認證協議,郵件收發雙方建立了郵件反饋機制,便於郵件發送方和郵件接收方共同對域名的管理進行完善和監督<br><strong>記錄內容:</strong><br>主機記錄:_dmarc<br>記錄類型:TXT<br>記錄值(文本內容):v=DMARC1; p=none; rua=mailto:<a href="mailto:mailauth-reports@qq.com">mailauth-reports@qq.com</a><br>說明:<a href="mailto:mailauth-reports@qq.com">mailauth-reports@qq.com</a>請替換成專用於接收您網域DMARC活動報告的郵箱地址,或者專門處理DMARC報告的第三方服務,若您不需要接收報告,請刪除”rua=mailto:<a href="mailto:mailauth-reports@qq.com">mailauth-reports@qq.com</a>“字段<br>其他:未涉及到的保持默認即可</p></blockquote><p><strong>1、點擊”添加記錄”,按上述”記錄內容”進行填寫,如下圖所示:</strong><br><strong>界面一:</strong><br><img src="https://resources.r2wind.com/img/202208/dnspod-add-record-dmarc-1.png" alt="添加記錄"><br><strong>界面二:</strong><br><img src="https://resources.r2wind.com/img/202208/dnspod-add-record-dmarc-2.png" alt="添加記錄"><br><strong>2、填寫完成後點擊確認保存即可</strong></p><h3 id="驗證記錄是否生效"><a href="#驗證記錄是否生效" class="headerlink" title="驗證記錄是否生效"></a>驗證記錄是否生效</h3><h4 id="驗證SPF記錄是否生效"><a href="#驗證SPF記錄是否生效" class="headerlink" title="驗證SPF記錄是否生效"></a>驗證SPF記錄是否生效</h4><p><strong>1、打開 <a href="https://tool.dnspod.cn/">DNSPod 域名檢測工具</a>,輸入域名後點擊檢測,如下圖所示:</strong><br><img src="https://resources.r2wind.com/img/202208/dnspod-check-domain.png" alt="檢測域名"><br><strong>2、下滑找到 DNS 服務商解析結果,點擊詳情,結果中包含”v=spf1 include:spf.mail.qq.com ~all”即可,如下圖所示:</strong><br><img src="https://resources.r2wind.com/img/202208/dnspod-check-result-spf.png" alt="檢測結果"></p><h4 id="驗證DMARC記錄是否生效"><a href="#驗證DMARC記錄是否生效" class="headerlink" title="驗證DMARC記錄是否生效"></a>驗證DMARC記錄是否生效</h4><p>暫無法通過工具驗證,可在linux下使用dig進行驗證</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">dig _dmarc.+域名 txt</span><br></pre></td></tr></table></figure><p>示例</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">dig _dmarc.r2wind.org txt</span><br></pre></td></tr></table></figure>]]></content>
<summary type="html"><blockquote>
<p>近期有小伙伴反應使用騰訊企業郵箱向 Gmail 發送郵件遇到被退回的情況,退信提示中包含:550 5.7.26,協助排查了幾個case,發現原因基本都是沒有添加SPF記錄導致的,下面給大家分享一下排查解決方案:</p>
</blockquote>
</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="DNSPOD" scheme="https://yjz.hk/tags/DNSPOD/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="解析" scheme="https://yjz.hk/tags/%E8%A7%A3%E6%9E%90/"/>
<category term="作品集" scheme="https://yjz.hk/tags/%E4%BD%9C%E5%93%81%E9%9B%86/"/>
<category term="企業郵箱" scheme="https://yjz.hk/tags/%E4%BC%81%E6%A5%AD%E9%83%B5%E7%AE%B1/"/>
</entry>
<entry>
<title>騰訊雲免費 SSL 證書驗證指引(DNS驗證)</title>
<link href="https://yjz.hk/articles/20220808.html"/>
<id>https://yjz.hk/articles/20220808.html</id>
<published>2022-08-08T00:04:39.000Z</published>
<updated>2022-08-08T02:59:39.000Z</updated>
<content type="html"><![CDATA[<h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><p>本文檔將指導您申請騰訊雲免費 SSL 證書且域名驗證方式為 DNS 驗證時,如何添加解析記錄以完成域名驗證。</p><h2 id="前提條件"><a href="#前提條件" class="headerlink" title="前提條件"></a>前提條件</h2><p>本文檔暫僅適用於解析託管在騰訊雲 DNSPod 、阿里雲、百度智能雲、華為雲、火山引擎的域名,後續將根據實際情況進行補充。</p><h2 id="操作步驟"><a href="#操作步驟" class="headerlink" title="操作步驟"></a>操作步驟</h2><h3 id="獲取驗證記錄"><a href="#獲取驗證記錄" class="headerlink" title="獲取驗證記錄"></a>獲取驗證記錄</h3><p>1、登錄<a href="https://console.cloud.tencent.com/ssl">證書管理控制台</a>。<br>2、找到狀態為”驗證中”的證書,如下圖:<br><img src="https://resources.r2wind.com/img/202208/ssl-verify.png" alt="查看驗證"><br>3、點擊”查看驗證”進入”驗證詳情”頁面,如下圖:<br><img src="https://resources.r2wind.com/img/202208/ssl-verify-detail.png" alt="查看驗證詳情"><br>4、記錄主機記錄和記錄值,驗證完成前請不要關閉此頁面。</p><h3 id="添加解析記錄"><a href="#添加解析記錄" class="headerlink" title="添加解析記錄"></a>添加解析記錄</h3><blockquote><p>說明:<br>1、請嚴格按照”證書驗證詳情”頁面提示的主機記錄、記錄類型、記錄值進行填寫,記錄類型和記錄值直接複製黏貼對應輸入框即可,請勿篡改。<br>2、驗證界面未涉及到的解析線路、TTL的內容請保持默認,不要自行修改。<br>4、完成添加記錄10分鐘後返回到”驗證詳情”頁面,點擊”查看域名驗證狀態”。</p></blockquote><h4 id="DNSPod"><a href="#DNSPod" class="headerlink" title="DNSPod"></a>DNSPod</h4><p>1、登錄<a href="https://console.dnspod.cn/dns/list">DNSPod 解析控制台</a>,如下圖:<br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-dnspod.png" alt="DNSPod解析控制台"><br>2、點擊對應的域名,進入解析詳情頁面→點擊”添加記錄”,並按照”證書驗證詳情”頁面提示的主機記錄、記錄類型、記錄值進行填寫選擇,如下圖:<br><strong>界面一:</strong><br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-dnspod-1.png" alt="添加記錄"><br><strong>界面二:</strong><br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-dnspod-add.png" alt="添加記錄"><br>3、點擊”確認”保存。</p><h4 id="阿里雲"><a href="#阿里雲" class="headerlink" title="阿里雲"></a>阿里雲</h4><p>1、登錄<a href="https://dns.console.aliyun.com/#/dns/domainList">阿里云云解析控制台</a>,如下圖:<br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-aliyun.png" alt="阿里云云解析控制台"><br>2、找到對應的域名,並點擊”解析設置”進入解析詳情頁面→點擊”添加記錄”,並按照”證書驗證詳情”頁面提示的主機記錄、記錄類型、記錄值進行填寫選擇,如下圖:<br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-aliyun-add.png" alt="添加記錄"><br>3、點擊”確認”保存。</p><h4 id="百度智能雲"><a href="#百度智能雲" class="headerlink" title="百度智能雲"></a>百度智能雲</h4><p>1、登錄<a href="https://console.bce.baidu.com/dns/#/dns/manage/list">百度 DNS 智能雲解析控制台</a>,如下圖:<br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-baidu.png" alt="百度 DNS 智能雲解析控制台"><br>2、找到對應的域名,點擊”解析”進入解析詳情頁面→點擊”添加解析”,並按照”證書驗證詳情”頁面提示的主機記錄、記錄類型、記錄值進行填寫選擇,如下圖:<br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-baidu-add.png" alt="添加記錄"><br>3、點擊”確定”保存。<br>4、完成添加記錄10分鐘後返回到”驗證詳情”頁面,點擊”查看域名驗證狀態”。 </p><h4 id="華為雲"><a href="#華為雲" class="headerlink" title="華為雲"></a>華為雲</h4><p>1、登錄<a href="https://console.huaweicloud.com/dns/">華為雲解析控制台</a>,如下圖:<br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-huaweicloud.png" alt="華為雲解析控制台"><br>2、找到對應的域名,點擊”管理解析”進入解析詳情頁面→點擊”添加記錄集”,並按照”證書驗證詳情”頁面提示的主機記錄、記錄類型、記錄值進行填寫選擇,如下圖:<br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-huaweicloud-add.png" alt="添加記錄"><br>3、點擊”確定”保存。</p><h4 id="火山引擎"><a href="#火山引擎" class="headerlink" title="火山引擎"></a>火山引擎</h4><p>1、登錄<a href="https://console.volcengine.com/TrafficRoute/dns/domain">火山引擎-TrafficRoute 套件-雲解析 DNS</a>,如下圖:<br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-volcengine.png" alt="火山引擎-TrafficRoute 套件-雲解析 DNS"><br>2、點擊對應的域名進入解析詳情頁面→點擊”添加記錄”,並按照”證書驗證詳情”頁面提示的主機記錄、記錄類型、記錄值進行填寫選擇,如下圖:<br><img src="https://resources.r2wind.com/img/202208/add-ssl-verify-volcengine-add.png" alt="添加記錄"><br>3、點擊”確定”保存。</p>]]></content>
<summary type="html"><h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><p>本文檔將指導您申請騰訊雲免費 SSL 證書且域名驗證方式為 DNS 驗證時,如何添加解析記錄以完成域名驗證。</p>
<h2</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="DNSPOD" scheme="https://yjz.hk/tags/DNSPOD/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="作品集" scheme="https://yjz.hk/tags/%E4%BD%9C%E5%93%81%E9%9B%86/"/>
<category term="SSL" scheme="https://yjz.hk/tags/SSL/"/>
</entry>
<entry>
<title>Windows 接入使用DNSPod Public DNS(DoH方式)</title>
<link href="https://yjz.hk/articles/20220730.html"/>
<id>https://yjz.hk/articles/20220730.html</id>
<published>2022-07-30T00:16:08.000Z</published>
<updated>2022-07-30T00:16:08.000Z</updated>
<content type="html"><![CDATA[<h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><p>本文檔將指導您如何在Windows11系統接入DNSPod Public DNS (DoH方式)。</p><blockquote><p>說明:本文檔方式二也適用於Windows10和Windows server 2022系統,但設置界面與本文檔描述可能存在差異</p></blockquote><h2 id="操作步驟"><a href="#操作步驟" class="headerlink" title="操作步驟"></a>操作步驟</h2><h3 id="獲取配置訊息"><a href="#獲取配置訊息" class="headerlink" title="獲取配置訊息"></a>獲取配置訊息</h3><blockquote><p>說明:若您使用公共解析 Public DNS 基礎服務請跳過該步驟,專業版和基礎服務區別請參見<a href="https://docs.dnspod.cn/public-dns/faq-public-dns/">常見問題</a></p></blockquote><p>1、登錄<a href="https://console.dnspod.cn/publicdns/config">DNSPod管理控制台</a>,單擊側邊欄【公共解析】→【我的配置】。<br>2、在【使用專屬配置】頁簽中即可獲得DNS over HTTPS專屬地址:<br><img src="https://resources.r2wind.com/img/202207/doh-config.png" alt="DoH Config"></p><h3 id="配置DNSPod公共解析(DoH)"><a href="#配置DNSPod公共解析(DoH)" class="headerlink" title="配置DNSPod公共解析(DoH)"></a>配置DNSPod公共解析(DoH)</h3><p>1、在開始菜單中打開【設置】,單擊【網絡和Internet】→【屬性】。<br><img src="https://resources.r2wind.com/img/202207/setting-Internet.png" alt="Network and Internet"><br>2、在屬性頁面中找到【DNS伺服器分配】,單擊右側的【編輯】按鈕。<br><img src="https://resources.r2wind.com/img/202207/setting-DNS-Server.png" alt="DNS Server"><br>3、在彈出的【編輯網絡DNS設置】窗口中選擇手動,並開啟IPv4配置。<br><img src="https://resources.r2wind.com/img/202207/setting-DNS-Server-Manual.png" alt="DNS Server"><br>4、下面請根據實際情況選擇方式一或方式二進行配置</p><h4 id="方式一:"><a href="#方式一:" class="headerlink" title="方式一:"></a>方式一:</h4><p>1、在【編輯網絡DNS設置】→【首選DNS】中填入<strong>1.12.34.56</strong>,在【DNS over HTTPS】選擇【開(手動模板)】,在【DNS over HTTPS模板】填入上述步驟獲得到的DNS over HTTPS專屬地址。如下圖所示:</p><blockquote><p>說明:<br>1、若您使用公共解析 Public DNS 基礎服務請在【首選DNS】和【備選DNS】分別填入<strong>1.12.12.12</strong>和<strong>120.53.53.53</strong>,在兩處【DNS over HTTPS模板】全部填入<strong><a href="https://doh.pub/dns-query">https://doh.pub/dns-query</a></strong><br>2、若您的設置界面無法找到【DNS over HTTPS模板】請參見方式二。</p></blockquote><p><img src="https://resources.r2wind.com/img/202207/setting-DNS-Server-Manual-DoH.png" alt="DNS over HTTPS"><br>2、單擊【保存】退出,即可完成 Windows 11 系統接入 Public DNS(DoH方式)。</p><h4 id="方式二:"><a href="#方式二:" class="headerlink" title="方式二:"></a>方式二:</h4><p>1、在【開始菜單】中搜索【終端】右鍵單擊【終端】並選擇以管理員身份運行。<br><img src="https://resources.r2wind.com/img/202207/Search-Terminal.png" alt="Terminal"><br>2、在終端中輸入以下命令:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">netsh dns add encryption server=1.12.34.56 dohtemplate=上述步驟獲得到的專屬地址 autoupgrade=yes udpfallback=no</span><br></pre></td></tr></table></figure><p>PS:若您使用公共解析 Public DNS 基礎服務請分別運行以下命令:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">netsh dns add encryption server=1.12.12.12 dohtemplate=https://doh.pub/dns-query autoupgrade=yes udpfallback=no</span><br><span class="line">netsh dns add encryption server=120.53.53.53 dohtemplate=https://doh.pub/dns-query autoupgrade=yes udpfallback=no</span><br></pre></td></tr></table></figure><blockquote><p>說明:若成功則終端界面不會返回任何訊息,若失敗則會返回錯誤訊息。</p></blockquote><p><img src="https://resources.r2wind.com/img/202207/Add-DNS-over-HTTPS.png" alt="Add DNS over HTTPS"><br>3、在【編輯DNS設置】→【首選DNS】中填入<strong>1.12.34.56</strong>,在【首選的DNS加密】中選擇【僅加密(通過HTTPS的DNS)】</p><blockquote><p>說明:<br>若您使用公共解析 Public DNS 基礎服務請在【首選DNS】和【備選DNS】分別填入<strong>1.12.12.12</strong>和<strong>120.53.53.53</strong>,並在兩處【首選的DNS加密】中全部選擇【僅加密(通過HTTPS的DNS)】</p></blockquote><p>4、單擊【保存】退出,即可完成 Windows 11 系統接入 Public DNS(DoH方式)。</p><h2 id="後續說明"><a href="#後續說明" class="headerlink" title="後續說明"></a>後續說明</h2><p>1、操作過程中有任何疑問請加入官方用戶群尋求幫助,加群方式請前往控制台查看:<a href="https://console.dnspod.cn/publicdns/subscription/quota">傳送門</a><br>2、若您後續需要刪除通過方式二添加的加密DNS請在終端中運行以下命令:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">netsh dns delete encryption server=DNS伺服器IP</span><br></pre></td></tr></table></figure><p>3、若您需修改請在刪除配置後重複方式二的添加命令。<br>4、若您需要查看其他接入方式請訪問<a href="https://docs.dnspod.cn/public-dns/dot-doh/">官方文檔</a></p>]]></content>
<summary type="html"><h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><p>本文檔將指導您如何在Windows11系統接入DNSPod Public DNS (DoH方式)。</p>
<blockqu</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="DNSPOD" scheme="https://yjz.hk/tags/DNSPOD/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="作品集" scheme="https://yjz.hk/tags/%E4%BD%9C%E5%93%81%E9%9B%86/"/>
<category term="DoH" scheme="https://yjz.hk/tags/DoH/"/>
<category term="加密DNS" scheme="https://yjz.hk/tags/%E5%8A%A0%E5%AF%86DNS/"/>
</entry>
<entry>
<title>愛名網(22.cn)、HKDNR、GoogleDomains、AWSRoute53註冊域名開啟DNSSEC(解析託管在DNSPod)</title>
<link href="https://yjz.hk/articles/20220624.html"/>
<id>https://yjz.hk/articles/20220624.html</id>
<published>2022-06-24T05:31:12.000Z</published>
<updated>2022-06-24T05:31:12.000Z</updated>
<content type="html"><![CDATA[<blockquote><p>DNSSEC對權威dns提供給遞歸DNS的解析數據來源進⾏認證,可有效保護權威DNS和Local DNS之間數據不被攻擊篡改,確保解析結果的真實與可靠性。本文以域名解析託管在DNSPod為例,其他平台可參考本文或諮詢對應平台客服。</p></blockquote><h2 id="前提條件"><a href="#前提條件" class="headerlink" title="前提條件"></a>前提條件</h2><blockquote><p>目前DNSPod DNS僅支持付費套餐(任意版本)使用DNSSEC,使用DNSSEC前請購買合適版本的解析套餐。</p></blockquote><h2 id="操作步驟"><a href="#操作步驟" class="headerlink" title="操作步驟"></a>操作步驟</h2><h3 id="開啟並獲取DNSSEC配置訊息"><a href="#開啟並獲取DNSSEC配置訊息" class="headerlink" title="開啟並獲取DNSSEC配置訊息"></a>開啟並獲取DNSSEC配置訊息</h3><h4 id="登錄DNSPod解析管理控制台"><a href="#登錄DNSPod解析管理控制台" class="headerlink" title="登錄DNSPod解析管理控制台"></a>登錄DNSPod<a href="https://console.dnspod.cn/dns/">解析管理控制台</a></h4><p><img src="https://resources.r2wind.com/img/202206/20220624134658.png" alt="解析控制台"></p><h4 id="進入詳情域名頁面"><a href="#進入詳情域名頁面" class="headerlink" title="進入詳情域名頁面"></a>進入詳情域名頁面</h4><p>單擊需要設置DNSSEC的域名進入解析詳情頁面<br><img src="https://resources.r2wind.com/img/202206/20220624135409.png" alt="詳情頁面"></p><h4 id="開啟DNSSEC"><a href="#開啟DNSSEC" class="headerlink" title="開啟DNSSEC"></a>開啟DNSSEC</h4><p>在”域名設置”中找到DNSSEC並點擊”立即啟用”<br><img src="https://resources.r2wind.com/img/202206/20220624135920.png" alt="開啟DNSSEC"></p><h4 id="獲取配置訊息"><a href="#獲取配置訊息" class="headerlink" title="獲取配置訊息"></a>獲取配置訊息</h4><p>在彈出的窗口中即可看到相關的配置訊息(如下圖),請根據提示的訊息前往對應的域名註冊商進行配置,配置完成後後點擊”確定”即可,下文將介紹愛名網(22.cn)、HKDNR、GoogleDomains、AWSRoute53註冊域名配置方式<br><img src="https://resources.r2wind.com/img/202206/20220624140414.png" alt="配置訊息"></p><blockquote><p>PS:在域名註冊商配置完成後一定要回來點確定!!!</p></blockquote><h3 id="配置DNSSEC(DS)記錄"><a href="#配置DNSSEC(DS)記錄" class="headerlink" title="配置DNSSEC(DS)記錄"></a>配置DNSSEC(DS)記錄</h3><h4 id="愛名網(22-cn)配置DS記錄"><a href="#愛名網(22-cn)配置DS記錄" class="headerlink" title="愛名網(22.cn)配置DS記錄"></a>愛名網(22.cn)配置DS記錄</h4><h5 id="登錄會員中心"><a href="#登錄會員中心" class="headerlink" title="登錄會員中心"></a>登錄會員中心</h5><p>登錄愛名網<a href="https://i.22.cn/Domain/My/">會員中心</a></p><h5 id="進入域名詳情"><a href="#進入域名詳情" class="headerlink" title="進入域名詳情"></a>進入域名詳情</h5><p>在”我的域名”中單擊需要設置的域名進入域名詳情<br><img src="https://resources.r2wind.com/img/202206/20220624142320.png" alt="我的域名"></p><h5 id="配置DS記錄"><a href="#配置DS記錄" class="headerlink" title="配置DS記錄"></a>配置DS記錄</h5><p>1、進入詳情頁面後點擊DNSSEC管理後單擊添加記錄<br><img src="https://resources.r2wind.com/img/202206/20220624142602.png" alt="DNSSEC管理"><br>2、在彈出的窗口中根據提示填寫解析控制台的給出的配置訊息,並點擊”確認設置”保存即可<br><img src="https://resources.r2wind.com/img/202206/20220624143052.png" alt="DS記錄"></p><blockquote><p>PS:配置完成後記得回解析控制台點確定!!!</p></blockquote><h4 id="HKDNR配置DS記錄"><a href="#HKDNR配置DS記錄" class="headerlink" title="HKDNR配置DS記錄"></a>HKDNR配置DS記錄</h4><h5 id="登錄域名管理"><a href="#登錄域名管理" class="headerlink" title="登錄域名管理"></a>登錄域名管理</h5><p>登錄HKDNR域名管理界面[<a href="https://www.hkdnr.hk/apps/login?lang=cn%5D">https://www.hkdnr.hk/apps/login?lang=cn]</a></p><h5 id="點擊管理"><a href="#點擊管理" class="headerlink" title="點擊管理"></a>點擊管理</h5><p><img src="https://resources.r2wind.com/img/202206/20220624144930.png" alt="管理"></p><h5 id="配置DS記錄-1"><a href="#配置DS記錄-1" class="headerlink" title="配置DS記錄"></a>配置DS記錄</h5><p>1、單擊DNSSEC選項後的off<br><img src="https://resources.r2wind.com/img/202206/20220624145709.png" alt="off"><br>2、在彈出的確認框中點擊”YES”<br><img src="https://resources.r2wind.com/img/202206/20220624145958.png" alt="YES"><br>3、根據解析控制台的配置訊息及頁面提示進行填寫,Algorithm請選擇13,Digest Type請選擇2,填寫完成後點擊添加<br><img src="https://resources.r2wind.com/img/202206/20220624151059.png" alt="添加"><br>4、勾選方格並點擊”更新”<br><img src="https://resources.r2wind.com/img/202206/20220624151307.png" alt="更新"><br>5、看到”Update Success”即表示已經成功</p><blockquote><p>PS:配置完成後記得回解析控制台點確定!!!</p></blockquote><h4 id="GoogleDomains配置DS記錄"><a href="#GoogleDomains配置DS記錄" class="headerlink" title="GoogleDomains配置DS記錄"></a>GoogleDomains配置DS記錄</h4><h5 id="登錄到GoogleDomains"><a href="#登錄到GoogleDomains" class="headerlink" title="登錄到GoogleDomains"></a>登錄到GoogleDomains</h5><p>登錄到<a href="https://domains.google.com/registrar/">GoogleDomains</a>並找到我的域名</p><h5 id="進入域名詳情-1"><a href="#進入域名詳情-1" class="headerlink" title="進入域名詳情"></a>進入域名詳情</h5><p>找到需要設置的域名,點擊管理進入域名詳情界面<br><img src="https://resources.r2wind.com/img/202206/20220624153217.png" alt="管理"></p><h5 id="配置DS記錄-2"><a href="#配置DS記錄-2" class="headerlink" title="配置DS記錄"></a>配置DS記錄</h5><p>1、點擊”DNS”,找到DNSSEC並點擊管理記錄<br><img src="https://resources.r2wind.com/img/202206/20220624153548.png" alt="dns"><br>2、根據解析控制台的配置訊息及頁面提示進行填寫,填寫完成後點擊保存<br><img src="https://resources.r2wind.com/img/202206/20220624153849.png" alt="記錄"></p><blockquote><p>PS:配置完成後記得回解析控制台點確定!!!</p></blockquote><h4 id="AWSRoute53配置DS記錄"><a href="#AWSRoute53配置DS記錄" class="headerlink" title="AWSRoute53配置DS記錄"></a>AWSRoute53配置DS記錄</h4><h5 id="登錄Route53控制台"><a href="#登錄Route53控制台" class="headerlink" title="登錄Route53控制台"></a>登錄Route53控制台</h5><p>登錄Route53控制台(<a href="https://us-east-1.console.aws.amazon.com/route53/home#DomainListing:)%E6%89%BE%E5%88%B0%E8%A8%BB%E5%86%8A%E5%9F%9F">https://us-east-1.console.aws.amazon.com/route53/home#DomainListing:)找到註冊域</a></p><h5 id="進入域名詳情-2"><a href="#進入域名詳情-2" class="headerlink" title="進入域名詳情"></a>進入域名詳情</h5><p>在註冊域頁面點擊對應的域名進入詳情頁面<br><img src="https://resources.r2wind.com/img/202206/20220624161350.png" alt="詳情"></p><h5 id="配置DS記錄-3"><a href="#配置DS記錄-3" class="headerlink" title="配置DS記錄"></a>配置DS記錄</h5><p>1、點擊”管理密鑰”配置DS記錄<br><img src="https://resources.r2wind.com/img/202206/20220624161924.png" alt="管理密鑰"><br>2、在彈出的窗口處根據解析控制台的配置訊息及頁面提示進行填寫,完成後點擊添加即可<br><img src="https://resources.r2wind.com/img/202206/20220624162722.png" alt="配置"></p><blockquote><p>PS:<br>1、添加後在未來幾分鐘仍然會顯示已禁用,直到您收到通知郵件,請耐心等待。<br>2、配置完成後記得回解析控制台點確定!!!</p></blockquote>]]></content>
<summary type="html"><blockquote>
<p>DNSSEC對權威dns提供給遞歸DNS的解析數據來源進⾏認證,可有效保護權威DNS和Local DNS之間數據不被攻擊篡改,確保解析結果的真實與可靠性。本文以域名解析託管在DNSPod為例,其他平台可參考本文或諮詢對應平台客服。</p>
</bl</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="DNSPOD" scheme="https://yjz.hk/tags/DNSPOD/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="解析" scheme="https://yjz.hk/tags/%E8%A7%A3%E6%9E%90/"/>
<category term="作品集" scheme="https://yjz.hk/tags/%E4%BD%9C%E5%93%81%E9%9B%86/"/>
<category term="愛名網" scheme="https://yjz.hk/tags/%E6%84%9B%E5%90%8D%E7%B6%B2/"/>
<category term="HKDNR" scheme="https://yjz.hk/tags/HKDNR/"/>
<category term="GoogleDomains" scheme="https://yjz.hk/tags/GoogleDomains/"/>
<category term="Route53" scheme="https://yjz.hk/tags/Route53/"/>
<category term="AWS" scheme="https://yjz.hk/tags/AWS/"/>
</entry>
<entry>
<title>DNS+IGTM實現訪問流量智能調度</title>
<link href="https://yjz.hk/articles/20220522.html"/>
<id>https://yjz.hk/articles/20220522.html</id>
<published>2022-05-22T12:19:42.000Z</published>
<updated>2022-05-23T01:00:52.000Z</updated>
<content type="html"><![CDATA[<h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><p>智能全局流量管理(Intelligence Global Traffic Manager),簡稱IGTM,它可以幫助用戶實現應用(例如:網頁應用、直播、點播)的網絡健康檢查,並根據檢測結果實現故障隔離和流量調度切換。也可根據用戶地理位置或延遲實現流量的智能調度,從而實現各區域用戶的就近接入。本文以通過DNS(IGTM)實現邊緣節點智能調度為例進行演示。</p><h3 id="適用場景"><a href="#適用場景" class="headerlink" title="適用場景"></a>適用場景</h3><p>需根據用戶地理位置將流量調度到適合的邊緣節點,並實現故障節點的自動剔除&將流量分攤至不同的負載均衡節點,提升用戶的訪問體驗的客戶。</p><p><strong>例如</strong>:CDN、直播、點播、手機(應用分發/更新、系統升級等)、遊戲(資源更新/分發)、大型網站等。</p><h3 id="場景需求描述:"><a href="#場景需求描述:" class="headerlink" title="場景需求描述:"></a>場景需求描述:</h3><blockquote><p>說明:<br>下述描述、圖片僅為本案例中涉及到的相關場景、需求、節點分佈,僅供參考,實際使用中請根據需要自行調整,或諮詢您的客戶經理獲取專屬方案。</p></blockquote><h4 id="場景描述"><a href="#場景描述" class="headerlink" title="場景描述"></a>場景描述</h4><ul><li>客戶為提升全球用戶訪問體驗,通過在全球各地域部署多台邊緣節點的方式來提升用戶訪問速度和穩定性。</li></ul><h4 id="需求描述"><a href="#需求描述" class="headerlink" title="需求描述"></a>需求描述</h4><ol><li>根據客戶地理位置或延遲返回不同地域的節點IP,並自動剔除故障邊緣節點;</li><li>當自建CDN節點可用性較低或不可用時切換到第三方CDN廠商提供服務;</li></ol><h4 id="節點分佈"><a href="#節點分佈" class="headerlink" title="節點分佈"></a>節點分佈</h4><p><img src="https://resources.r2wind.com/img/202205/20220521.png" alt="節點分佈"></p><h2 id="前提條件"><a href="#前提條件" class="headerlink" title="前提條件"></a>前提條件</h2><ul><li>已開通智能全局流量管理(IGTM)使用權限,IGTM暫僅支持白名單內測用戶使用,將逐漸開放使用,DNS尊享版用戶請聯繫您的客戶經理諮詢使用。</li><li>具備部署邊緣節點的技術能力。</li></ul><h2 id="操作步驟"><a href="#操作步驟" class="headerlink" title="操作步驟"></a>操作步驟</h2><h3 id="第1步:購買實例"><a href="#第1步:購買實例" class="headerlink" title="第1步:購買實例"></a>第1步:購買實例</h3><p>使用前需前往<a href="https://buy.dnspod.cn/igtm">購買頁</a>購買實例套餐或<strong>使用系統贈送的體驗版套餐</strong>。<br><img src="https://resources.r2wind.com/img/202205/20220521182343.png" alt="購買套餐"></p><blockquote><p>注意:</p><ol><li>一般來講體驗版套餐可以滿足個人用戶的需求;</li><li>DNS尊享版版用戶無需購買套餐,請聯繫您的客戶經理諮詢使用;</li></ol></blockquote><h3 id="第2步:初始化實例"><a href="#第2步:初始化實例" class="headerlink" title="第2步:初始化實例"></a>第2步:初始化實例</h3><h4 id="步驟1:單擊立即前往進行基礎設置"><a href="#步驟1:單擊立即前往進行基礎設置" class="headerlink" title="步驟1:單擊立即前往進行基礎設置"></a>步驟1:單擊立即前往進行基礎設置</h4><p><img src="https://resources.r2wind.com/img/202205/20220521214238.png" alt="基礎配置"></p><h4 id="步驟2:選擇自定義創建"><a href="#步驟2:選擇自定義創建" class="headerlink" title="步驟2:選擇自定義創建"></a>步驟2:選擇自定義創建</h4><p>建議選擇”自定義創建”,該方式相比引導創建更加方便快捷<br><img src="https://resources.r2wind.com/img/202205/20220521214306.png" alt="自定義創建"></p><h4 id="步驟3:配置業務基礎訊息"><a href="#步驟3:配置業務基礎訊息" class="headerlink" title="步驟3:配置業務基礎訊息"></a>步驟3:配置業務基礎訊息</h4><p>配置相關訊息後點擊”確認”保存即可<br><img src="https://resources.r2wind.com/img/202205/20220521214544.png" alt="配置業務基本訊息"></p><h3 id="第3步:創建資源組"><a href="#第3步:創建資源組" class="headerlink" title="第3步:創建資源組"></a>第3步:創建資源組</h3><h4 id="創建自建CDN節點資源組(需求1)"><a href="#創建自建CDN節點資源組(需求1)" class="headerlink" title="創建自建CDN節點資源組(需求1)"></a>創建自建CDN節點資源組(需求1)</h4><p>請將節點IP按不同地域分別新建到不同的資源組內,以便配置監控任務和訪問策略。</p><h5 id="步驟1:單擊新建資源組"><a href="#步驟1:單擊新建資源組" class="headerlink" title="步驟1:單擊新建資源組"></a>步驟1:單擊新建資源組</h5><p><img src="https://resources.r2wind.com/img/202205/20220521205334.png" alt="新建資源組"></p><h5 id="步驟2:配置資源組基礎訊息和資源列表"><a href="#步驟2:配置資源組基礎訊息和資源列表" class="headerlink" title="步驟2:配置資源組基礎訊息和資源列表"></a>步驟2:配置資源組基礎訊息和資源列表</h5><p><img src="https://resources.r2wind.com/img/202205/20220521210829.png" alt="配置資源組基本訊息"></p><blockquote><p>工作模式說明:<br>智能返回:默認選擇,按照檢查結果進行資源的加入或剔除。<br>永遠在線:該模式將認為該資源永遠處於正常狀態。探測任務將不進行檢查並且不會進行資源的剔除。<br>永遠離線:該模式將認為該資源永遠處於異常狀態。探測任務將不進行檢查並且不會進行資源的加入。</p></blockquote><h5 id="步驟3:配置監控任務"><a href="#步驟3:配置監控任務" class="headerlink" title="步驟3:配置監控任務"></a>步驟3:配置監控任務</h5><p><img src="https://resources.r2wind.com/img/202205/20220521212102.png" alt="配置監控任務"><br>完成上述配置後單擊”確認”保存即可</p><blockquote><p>檢查協議說明:<br>HTTP(s):<a href="https://docs.dnspod.cn/igtm/igtm-https/">傳送門</a><br>TCP:<a href="https://docs.dnspod.cn/igtm/igtm-tcp/">傳送門</a><br>PING:<a href="https://docs.dnspod.cn/igtm/igtm-ping/">傳送門</a></p></blockquote><h5 id="步驟4:重複前三個步驟創建其他地域資源組"><a href="#步驟4:重複前三個步驟創建其他地域資源組" class="headerlink" title="步驟4:重複前三個步驟創建其他地域資源組"></a>步驟4:重複前三個步驟創建其他地域資源組</h5><h4 id="創建第三方CDN資源組(需求2)"><a href="#創建第三方CDN資源組(需求2)" class="headerlink" title="創建第三方CDN資源組(需求2)"></a>創建第三方CDN資源組(需求2)</h4><p>步驟1和步驟3與上述創建資源組方式相同,由於本案例中第三方CDN服務商接入方式為域名接入,故在上述創建CDN資源組步驟2基礎上資源組類型選擇”域名”</p><blockquote><p>說明:<br>不同CDN廠商提供的接入方式存在一定的差異,請根據對應的接入方式選擇不同的資源組類型,詳情請諮詢您的CDN廠商。</p></blockquote><h4 id="完成資源組創建"><a href="#完成資源組創建" class="headerlink" title="完成資源組創建"></a>完成資源組創建</h4><p><img src="https://resources.r2wind.com/img/202205/20220521223607.png" alt="效果展示"></p><h3 id="第4步:配置訪問策略"><a href="#第4步:配置訪問策略" class="headerlink" title="第4步:配置訪問策略"></a>第4步:配置訪問策略</h3><blockquote><p>注意:</p><ol><li>根據”需求1”的兩種不同的要求,故本文會配置兩種訪問策略以便演示,在實際使用中請大家根據自己實際需求選擇其中一種進行訪問策略的配置。</li><li>“按延時返回”受監控節點分佈所限,在地域資源調度方面可能會不如”按地理位置返回”精準,請大家謹慎使用。</li><li>“按延時返回”和”按地理位置返回”不可同時啟用。</li></ol></blockquote><h4 id="按地理位置返回"><a href="#按地理位置返回" class="headerlink" title="按地理位置返回"></a>按地理位置返回</h4><h5 id="步驟1:點擊新建訪問策略"><a href="#步驟1:點擊新建訪問策略" class="headerlink" title="步驟1:點擊新建訪問策略"></a>步驟1:點擊新建訪問策略</h5><p><img src="https://resources.r2wind.com/img/202205/20220521224508.png" alt="新建訪問策略"></p><h5 id="步驟2:配置策略名稱和訪問線路"><a href="#步驟2:配置策略名稱和訪問線路" class="headerlink" title="步驟2:配置策略名稱和訪問線路"></a>步驟2:配置策略名稱和訪問線路</h5><p><img src="https://resources.r2wind.com/img/202205/20220521224758.png" alt="配置基本訊息"></p><blockquote><p>說明:<br>配置默認線路是保障服務的基礎,當用戶的線路未配置或無法識別時,將通過根據解析線路的優先級進行返回,詳情請見:<a href="https://docs.dnspod.cn/igtm/qa-strategy/">新建訪問策略為甚麼需要配置默認線路來源?</a>。</p></blockquote><h5 id="步驟3:配置對應的資源組和相關策略"><a href="#步驟3:配置對應的資源組和相關策略" class="headerlink" title="步驟3:配置對應的資源組和相關策略"></a>步驟3:配置對應的資源組和相關策略</h5><p><img src="https://resources.r2wind.com/img/202205/20220521230104.png" alt="配置策略資源組"></p><blockquote><p>Tips:<br>配置默認線路的資源時建議根據用戶數量或節點網絡狀況進行配置,在本例中選擇用戶數量較多的”大陸用戶節點”進行兜底配置。</p></blockquote><h5 id="步驟4:保存策略"><a href="#步驟4:保存策略" class="headerlink" title="步驟4:保存策略"></a>步驟4:保存策略</h5><p>配置完成後點擊”提交”即可保存</p><h5 id="步驟5:重複上述步驟創建其他地區訪問策略"><a href="#步驟5:重複上述步驟創建其他地區訪問策略" class="headerlink" title="步驟5:重複上述步驟創建其他地區訪問策略"></a>步驟5:重複上述步驟創建其他地區訪問策略</h5><p>重複步驟1-4創建其他地域的訪問策略</p><h5 id="步驟6:完成創建"><a href="#步驟6:完成創建" class="headerlink" title="步驟6:完成創建"></a>步驟6:完成創建</h5><p>創建完成後即可查看,訪問策略有兩種視圖方式,分別為<strong>文本視圖</strong>和<strong>網絡視圖</strong>:</p><h6 id="文本視圖"><a href="#文本視圖" class="headerlink" title="文本視圖"></a>文本視圖</h6><p><img src="https://resources.r2wind.com/img/202205/20220521232357.png" alt="文本視圖"></p><h6 id="網絡視圖"><a href="#網絡視圖" class="headerlink" title="網絡視圖"></a>網絡視圖</h6><p><img src="https://resources.r2wind.com/img/202205/20220521233021.png" alt="網絡視圖"></p><h4 id="按延遲返回"><a href="#按延遲返回" class="headerlink" title="按延遲返回"></a>按延遲返回</h4><h5 id="步驟1:切換至按延時返回窗口,並單擊新建策略"><a href="#步驟1:切換至按延時返回窗口,並單擊新建策略" class="headerlink" title="步驟1:切換至按延時返回窗口,並單擊新建策略"></a>步驟1:切換至按延時返回窗口,並單擊新建策略</h5><p><img src="https://resources.r2wind.com/img/202205/20220521234232.png" alt="新建策略"></p><h5 id="步驟2:配置策略名稱和主力地址池"><a href="#步驟2:配置策略名稱和主力地址池" class="headerlink" title="步驟2:配置策略名稱和主力地址池"></a>步驟2:配置策略名稱和主力地址池</h5><p><img src="https://resources.r2wind.com/img/202205/20220521235641.png" alt="配置訪問策略"></p><h5 id="步驟3:保存策略"><a href="#步驟3:保存策略" class="headerlink" title="步驟3:保存策略"></a>步驟3:保存策略</h5><p>配置完成後點擊”提交”即可保存</p><h5 id="步驟4:配置備用地址池"><a href="#步驟4:配置備用地址池" class="headerlink" title="步驟4:配置備用地址池"></a>步驟4:配置備用地址池</h5><p>由於按延時返回不支持”域名”類型,無法滿足需求描述中的需求2,故在此不配置備用地址池,實際使用中可根據需要配置備用IPv4地址池。</p><h5 id="步驟5:完成創建"><a href="#步驟5:完成創建" class="headerlink" title="步驟5:完成創建"></a>步驟5:完成創建</h5><h6 id="文本視圖-1"><a href="#文本視圖-1" class="headerlink" title="文本視圖"></a>文本視圖</h6><p><img src="https://resources.r2wind.com/img/202205/20220522100350.png" alt="文本視圖"></p><h6 id="網絡視圖-1"><a href="#網絡視圖-1" class="headerlink" title="網絡視圖"></a>網絡視圖</h6><p><img src="https://resources.r2wind.com/img/202205/20220522100557.png" alt="網絡視圖"></p><h5 id="步驟6:切換至按延時返回模式"><a href="#步驟6:切換至按延時返回模式" class="headerlink" title="步驟6:切換至按延時返回模式"></a>步驟6:切換至按延時返回模式</h5><p>單擊切換至”按延時返回”模式<br><img src="https://resources.r2wind.com/img/202205/20220522100903.png" alt="切換模式"></p><h3 id="第5步:將業務域名接入IGTM"><a href="#第5步:將業務域名接入IGTM" class="headerlink" title="第5步:將業務域名接入IGTM"></a>第5步:將業務域名接入IGTM</h3><blockquote><p>說明:<br>本文以域名解析託管在DNSPod為例,若域名託管在其他廠商請前往對應廠商進行相關操作。</p></blockquote><h4 id="步驟1:打開並登錄解析控制台"><a href="#步驟1:打開並登錄解析控制台" class="headerlink" title="步驟1:打開並登錄解析控制台"></a>步驟1:打開並登錄解析控制台</h4><p>打開並登錄<a href="https://console.dnspod.cn/dns/list">解析控制台</a>,找到並點擊對應的域名。<br><img src="https://resources.r2wind.com/img/202205/20220522103928.png" alt="解析控制台"></p><h4 id="步驟2:添加解析記錄進行接入"><a href="#步驟2:添加解析記錄進行接入" class="headerlink" title="步驟2:添加解析記錄進行接入"></a>步驟2:添加解析記錄進行接入</h4><p>輸入相關訊息後點擊保存即可,至此完成接入:<br><img src="https://resources.r2wind.com/img/202205/20220522104416.png" alt="添加記錄"></p><blockquote><p>說明:<br>主機記錄:根據業務需要進行填寫;<br>記錄值:請前往IGTM實例頁面獲取,如下圖所示:<br><img src="https://resources.r2wind.com/img/202205/20220522104834.png" alt="記錄值"><br>TTL:根據實際需要填寫,本例中以”120”為例;</p></blockquote><h2 id="效果展示"><a href="#效果展示" class="headerlink" title="效果展示"></a>效果展示</h2><h3 id="延時測試"><a href="#延時測試" class="headerlink" title="延時測試"></a>延時測試</h3><p>數據來源於IPIP.NET<br><img src="https://resources.r2wind.com/img/202205/20220522105420.png" alt="延時測試"></p><h3 id="資源不可用告警-恢復提醒"><a href="#資源不可用告警-恢復提醒" class="headerlink" title="資源不可用告警/恢復提醒"></a>資源不可用告警/恢復提醒</h3><p>當資源不可用或資源恢復後可在配置的消息接收渠道收到對應的告警或恢復提醒</p><h4 id="資源不可用告警"><a href="#資源不可用告警" class="headerlink" title="資源不可用告警"></a>資源不可用告警</h4><p><img src="https://resources.r2wind.com/img/202205/20220522110243.png" alt="不可用實例"></p><h4 id="資源恢復提醒"><a href="#資源恢復提醒" class="headerlink" title="資源恢復提醒"></a>資源恢復提醒</h4><p><img src="https://resources.r2wind.com/img/202205/20220522110232.png" alt="恢復提醒"></p><h3 id="故障資源隔離"><a href="#故障資源隔離" class="headerlink" title="故障資源隔離"></a>故障資源隔離</h3><p><img src="https://resources.r2wind.com/img/202205/20220522112346.png" alt="故障資源隔離"></p><h3 id="其他"><a href="#其他" class="headerlink" title="其他"></a>其他</h3><p>其他包括監控統計、告警日誌……等可自行前往控制台查看。</p><h2 id="常見問題"><a href="#常見問題" class="headerlink" title="常見問題"></a>常見問題</h2><ul><li><p><strong>IGTM是甚麼?</strong></p><p>可以將IGTM理解為D監控的升級版本,是一款更加專業的解析流量調度產品,相比D監控其功能更多、性能更優、可監測協議更多、監測節點覆蓋更廣,但對於新手小白來講入門較為困難,詳細產品介紹請點擊:<a href="https://docs.dnspod.cn/igtm/igtm-product-description/">傳送門</a>。</p></li><li><p><strong>IGTM的應用場景?</strong></p><p>IGTM應用場景主要包含以下幾個大類:主備容災、應用多活、負載均衡、訪問加速,適用於對解析穩定性、流量調度有高標準要求的用戶,如電商、金融、CDN、直播、點播等相關行業的用戶,詳細介紹請點擊:<a href="https://docs.dnspod.cn/igtm/igtm-application-scenarios/">傳送門</a>。</p></li><li><p><strong>其他</strong></p><p>若使用中遇到任何問題可查看官方文檔或加入官方用戶群尋求幫助:</p><p>官方文檔:<a href="https://docs.dnspod.cn/igtm/">傳送門</a></p><p>官方用戶群:<a href="https://cloud.tencent.com/document/product/242/57608">傳送門</a></p></li></ul><h2 id="限制說明"><a href="#限制說明" class="headerlink" title="限制說明"></a>限制說明</h2><ul><li>智能全局流量管理(IGTM)單個實例目前僅支持綁定單個域名(包括子域名)。</li><li>其他限制:更多限制說明請查看<a href="https://docs.dnspod.cn/igtm/igtm-restrictions/">智能流量管理限制說明</a>。</li></ul>]]></content>
<summary type="html"><h2 id="操作場景"><a href="#操作場景" class="headerlink" title="操作場景"></a>操作場景</h2><p>智能全局流量管理(Intelligence Global Traffic Manager),簡稱IGTM,它可以幫助用戶實現</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="DNSPOD" scheme="https://yjz.hk/tags/DNSPOD/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="解析" scheme="https://yjz.hk/tags/%E8%A7%A3%E6%9E%90/"/>
<category term="作品集" scheme="https://yjz.hk/tags/%E4%BD%9C%E5%93%81%E9%9B%86/"/>
<category term="IGTM" scheme="https://yjz.hk/tags/IGTM/"/>
</entry>
<entry>
<title>2022提前“結束”啦~</title>
<link href="https://yjz.hk/articles/20220417.html"/>
<id>https://yjz.hk/articles/20220417.html</id>
<published>2022-04-17T15:14:22.000Z</published>
<updated>2024-05-07T14:00:43.570Z</updated>
<content type="html"><![CDATA[<p>還從來沒在自己的博客上寫過日記,今天是第一篇~<br>先寫一段流水賬哈哈:<br>4月14日,RIPE批准了我的ASN申請,我獲得了人生中第一個屬於自己的自治系統編號AS205794,8日,我通過vultr的私有ASN(15日換成了我自己的)廣播了一段自己的IPv6地址2a0f:9400:7700::/48,在法蘭克福、盧森堡、東京、拉斯維加斯、紐約、邁阿密均有節點,淺淺的看了一下Anycast長的甚麼樣,7日我把web伺服器從Caddy又切換回了Nginx(不過今次是quic分支),上個月用開發版在內網搭建了一個遞歸dns,折騰了一下bind9、unbound、 powerdns,最後發現還是Public dns香,再稍早一些把博客從本地扔到了Github並使用Actions自動構建……<br>嗯…步入正題哈哈:<br>似乎自打進入2022年以來,一直都在各種折騰,有些還是折騰來折騰去的,似乎看起來好像也沒甚麼意義(bushi)&消耗了大量的時間和精力,可能也影響到了一些正常的學習生活,當興趣愛好已經影響到原本該做的事情時,那可能就會有一定的問題了,也該反思一下了,雖說No zuo No die,但不是還也有句話講的是No zuo No huo嘛哈哈,話雖如此,但卻是應該停一下了,所以,經過了幾天的思考,決定還是先放下這些吧,那,2022年就提前結束吧!接下來的重點主要放在學習上啦,嗯…還有Socialwiki的兩個共建項目“愚公移山”和“好好睡覺”,以及DNSPod用戶群的日常維護,為愛發電哈哈~不管怎麼說,接下來這一年還是以穩為主,不再折騰了哈哈,生命不息,折騰已止!但奮鬥不止。<br>2022年4月17日夜<br>寫於歸去如風</p>]]></content>
<summary type="html"><p>還從來沒在自己的博客上寫過日記,今天是第一篇~<br>先寫一段流水賬哈哈:<br>4月14日,RIPE批准了我的ASN申請,我獲得了人生中第一個屬於自己的自治系統編號AS205794,8日,我通過vultr的私有ASN(15日換成了我自己的)廣播了一段自己的IPv6地址2a</summary>
<category term="日記" scheme="https://yjz.hk/categories/%E6%97%A5%E8%A8%98/"/>
</entry>
<entry>
<title>AS205794</title>
<link href="https://yjz.hk/articles/20220416.html"/>
<id>https://yjz.hk/articles/20220416.html</id>
<published>2022-04-16T12:57:49.000Z</published>
<updated>2024-05-07T14:00:43.570Z</updated>
<content type="html"><![CDATA[<h2 id="AS205794"><a href="#AS205794" class="headerlink" title="AS205794"></a>AS205794</h2><p>一個由JINZE YANG運營的個人和實驗網絡,目前在阿姆斯特丹、巴黎、莫斯科、新加坡、香港、西雅圖、邁阿密均有節點。</p><h3 id="聯繫-投訴"><a href="#聯繫-投訴" class="headerlink" title="聯繫&投訴"></a>聯繫&投訴</h3><p>您可通過<a href="mailto:yjz@r2wind.org">yjz@r2wind.org</a>與我聯繫,或whois訊息中的其他郵箱。</p><h3 id="對等互聯"><a href="#對等互聯" class="headerlink" title="對等互聯"></a>對等互聯</h3><p>暫時不考慮進行任何對等互聯,還在折騰ing,較不穩定。</p><h2 id="AS205794-1"><a href="#AS205794-1" class="headerlink" title="AS205794"></a>AS205794</h2><p>A personal and experimental network operated by JINZE YANG, It has PoPs in Amsterdam, Paris, Moscow, Singapore, Hong Kong, Seattle and Miami.</p><h3 id="Contact-Abuse"><a href="#Contact-Abuse" class="headerlink" title="Contact & Abuse"></a>Contact & Abuse</h3><p>You can contact me at <a href="mailto:yjz@r2wind.org">yjz@r2wind.org</a>.</p><h3 id="Peering"><a href="#Peering" class="headerlink" title="Peering"></a>Peering</h3><p>I’m not considering any peering for now, due to various experiments still going on.</p><h2 id="Other"><a href="#Other" class="headerlink" title="Other"></a>Other</h2><p><a href="https://bgp.tools/as/205794">@BGP.Tools</a>|<a href="https://bgp.he.net/AS205794">@HE</a>|<a href="https://www.peeringdb.com/asn/205794">PeeringDB</a></p>]]></content>
<summary type="html"><h2 id="AS205794"><a href="#AS205794" class="headerlink" title="AS205794"></a>AS205794</h2><p>一個由JINZE YANG運營的個人和實驗網絡,目前在阿姆斯特丹、巴黎、莫斯科、新加坡、香港</summary>
<category term="公告" scheme="https://yjz.hk/categories/%E5%85%AC%E5%91%8A/"/>
<category term="BGP" scheme="https://yjz.hk/tags/BGP/"/>
<category term="AS" scheme="https://yjz.hk/tags/AS/"/>
</entry>
<entry>
<title>使用Caddy搭建輕量的Web伺服器</title>
<link href="https://yjz.hk/articles/20220412.html"/>
<id>https://yjz.hk/articles/20220412.html</id>
<published>2022-04-12T04:41:53.000Z</published>
<updated>2024-05-07T14:00:43.570Z</updated>
<content type="html"><![CDATA[<blockquote><p>本來很早就想寫這篇文章了,但一直沒有機會,藉着今次Lighthouse徵文的機會順便寫一下,怎麼購買Lighthouse服務在這裏就不再多說了,去騰訊雲官網秒殺頁面購買即可,這裏不再過多介紹了,本文系統鏡像為Debian11.1,其他系統環境請勿參考本教程(PS:尤其是新手~)</p></blockquote><h2 id="關於Caddy"><a href="#關於Caddy" class="headerlink" title="關於Caddy"></a>關於Caddy</h2><p>一個簡單,輕量,且對新手友好的web伺服器,甚至可以自動幫你部署SSL證書,對於新手來說相對友好。</p><blockquote><p>PS:不過我現在並不用它了,Caddy當前版本對HTTP/3支持存在一定的問題,所以我現在使用Nginx-quic了,哪天有機會再另寫教程~</p></blockquote><h2 id="安裝Caddy"><a href="#安裝Caddy" class="headerlink" title="安裝Caddy"></a>安裝Caddy</h2><h3 id="配置軟件源"><a href="#配置軟件源" class="headerlink" title="配置軟件源"></a>配置軟件源</h3><p>安裝必要依賴:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">apt install -y debian-keyring debian-archive-keyring apt-transport-https</span><br></pre></td></tr></table></figure><p>安裝密鑰及鏡像源:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo tee /etc/apt/trusted.gpg.d/caddy-stable.asc</span><br><span class="line">curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list</span><br></pre></td></tr></table></figure><p>最後更新軟件源並安裝Caddy即可:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">apt update</span><br><span class="line">apt install caddy</span><br></pre></td></tr></table></figure><p>看到如下提示就完成啦:<br><img src="https://resources.r2wind.com/img/202204/20220412140018.png" alt="安裝完成"></p><h2 id="配置Caddy"><a href="#配置Caddy" class="headerlink" title="配置Caddy"></a>配置Caddy</h2><h3 id="創建網站及證書目錄"><a href="#創建網站及證書目錄" class="headerlink" title="創建網站及證書目錄"></a>創建網站及證書目錄</h3><h4 id="創建證書目錄"><a href="#創建證書目錄" class="headerlink" title="創建證書目錄"></a>創建證書目錄</h4><p>其實Caddy可以自動申請證書的,不過如果你要用自己的證書就需要創建一個文件夾來證書啦~</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">cd /etc/ssl</span><br><span class="line">mkdir caddy</span><br></pre></td></tr></table></figure><h4 id="創建網站目錄"><a href="#創建網站目錄" class="headerlink" title="創建網站目錄"></a>創建網站目錄</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">cd /</span><br><span class="line">mkdir www</span><br><span class="line">cd www</span><br><span class="line">mkdir wwwroot</span><br><span class="line">mkdir log</span><br></pre></td></tr></table></figure><p>其中wwwroot用了放置網站根目錄,log用來存儲網站日誌。</p><h4 id="賦予權限"><a href="#賦予權限" class="headerlink" title="賦予權限"></a>賦予權限</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">sudo chown -R www-data:root /www</span><br><span class="line">sudo chmod 0777 /www/log</span><br></pre></td></tr></table></figure><h3 id="編輯Caddy配置文件"><a href="#編輯Caddy配置文件" class="headerlink" title="編輯Caddy配置文件"></a>編輯Caddy配置文件</h3><p>Caddy的配置文件Caddyfile在/etc/caddy中,可以下載後編輯完再上傳或直接用vim來進行編輯,看個人喜好,Mobaxterm軟件左側其實是個文件瀏覽器,可以在此處進行文件的瀏覽和上傳下載,下面是一份示例文件,更多使用方法請參考<a href="https://caddyserver.com/docs/getting-started">官方文檔</a>:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br></pre></td><td class="code"><pre><span class="line">// 此處的配置是用來支持HTTP3的,若不需要刪除即可</span><br><span class="line">{</span><br><span class="line">servers {</span><br><span class="line">protocol {</span><br><span class="line">experimental_http3</span><br><span class="line">}</span><br><span class="line">}</span><br><span class="line">}</span><br><span class="line">// 一個普通的網站示例,r2wind.com替換成你喜歡的域名</span><br><span class="line">r2wind.com {</span><br><span class="line"> // 此處配置網站根目錄,請將頁面文件上傳至網站根目錄</span><br><span class="line">root * /www/wwwroot/r2wind.com/public</span><br><span class="line"> // 配置SSL證書路徑,若不配置,Caddy會幫你自動申請並配上</span><br><span class="line">tls /etc/ssl/caddy/r2wind.cn.crt /etc/ssl/caddy/r2wind.cn.key</span><br><span class="line"> // 自定義錯誤頁文件,若不需要刪除即可</span><br><span class="line">handle_errors {</span><br><span class="line">rewrite * /{http.error.status_code}.html</span><br><span class="line">file_server</span><br><span class="line">}</span><br><span class="line"> // 日誌保存路徑,如不需要保存訪問日誌可刪除</span><br><span class="line">log {</span><br><span class="line">output file /www/log/r2wind_com.log</span><br><span class="line">}</span><br><span class="line"> // 開啟Gzip壓縮,若不需要可刪除</span><br><span class="line">encode gzip</span><br><span class="line">file_server</span><br><span class="line"> // 用來添加響應頭</span><br><span class="line">header {</span><br><span class="line"> // 禁用了客戶端的 MIME 類型嗅探行為,若不需要請刪除</span><br><span class="line">X-content-type-tptions nosniff</span><br><span class="line"> // 拒絕嵌入其他網站,若不需要請刪除</span><br><span class="line">X-frame-options DENY</span><br><span class="line"> // HSTS響應頭,若不需要請刪除</span><br><span class="line">Strict-Transport-Security max-age=63072000;includeSubDomains;preload</span><br><span class="line">}</span><br><span class="line">}</span><br><span class="line">// 一個反向代理示意配置</span><br><span class="line">yjz.hk {</span><br><span class="line"> // 指定代理網頁訪問地址https://xx.r2w.dev</span><br><span class="line">reverse_proxy https://xx.r2w.dev {</span><br><span class="line"> // 指定請求域名hk.r2w.dev</span><br><span class="line">header_up Host {hk.r2w.dev}</span><br><span class="line">}</span><br><span class="line"> // 下面的配置在上面已經介紹過了,這裏不再過多贅述</span><br><span class="line">tls /etc/ssl/caddy/r2wind.cn.crt /etc/ssl/caddy/r2wind.cn.key</span><br><span class="line">handle_errors {</span><br><span class="line">rewrite * /{http.error.status_code}.html</span><br><span class="line">file_server</span><br><span class="line">}</span><br><span class="line">log {</span><br><span class="line">output file /www/log/yjz_hk.log</span><br><span class="line">}</span><br><span class="line">encode gzip</span><br><span class="line">file_server</span><br><span class="line">header {</span><br><span class="line">X-content-type-tptions nosniff</span><br><span class="line">x-xss-protection: 1; mode=block</span><br><span class="line">Strict-Transport-Security max-age=63072000;includeSubDomains;preload</span><br><span class="line">}</span><br><span class="line">}</span><br><span class="line">// 一個重定向示例配置</span><br><span class="line">www.yjz.hk {</span><br><span class="line"> // 指定重定向後的網站地址並攜帶相關參數</span><br><span class="line">redir https://yjz.hk{uri}</span><br><span class="line">}</span><br><span class="line">// 一個多域名重定向示例配置,多個域名記得用","隔開,逗號後記得先打空格再輸入域名</span><br><span class="line">dnstest.cc, www.dnstest.cc, r2wind.net, www.r2wind.net {</span><br><span class="line">redir https://r2wind.cn</span><br><span class="line">}</span><br><span class="line">// 一個多域名網站示例配置,和普通網站配置一樣,只不過多了幾個域名</span><br><span class="line">r2wind.com,r2wind.net, r2wind.cn {</span><br><span class="line"> // 此處配置網站根目錄,請將頁面文件上傳至網站根目錄</span><br><span class="line">root * /www/wwwroot/r2wind.com/public</span><br><span class="line"> // 配置SSL證書路徑,若不配置,Caddy會幫你自動申請並配上,注意:此處最好不要指定SSL證書,除非你的證書是多域名的</span><br><span class="line">tls /etc/ssl/caddy/r2wind.cn.crt /etc/ssl/caddy/r2wind.cn.key</span><br><span class="line"> // 自定義錯誤頁文件,若不需要刪除即可</span><br><span class="line">handle_errors {</span><br><span class="line">rewrite * /{http.error.status_code}.html</span><br><span class="line">file_server</span><br><span class="line">}</span><br><span class="line"> // 日誌保存路徑,如不需要保存訪問日誌可刪除</span><br><span class="line">log {</span><br><span class="line">output file /www/log/r2wind_com.log</span><br><span class="line">}</span><br><span class="line"> // 開啟Gzip壓縮,若不需要可刪除</span><br><span class="line">encode gzip</span><br><span class="line">file_server</span><br><span class="line"> // 用來添加響應頭</span><br><span class="line">header {</span><br><span class="line"> // 禁用了客戶端的 MIME 類型嗅探行為,若不需要請刪除</span><br><span class="line">X-content-type-tptions nosniff</span><br><span class="line"> // 拒絕嵌入其他網站,若不需要請刪除</span><br><span class="line">X-frame-options DENY</span><br><span class="line"> // HSTS響應頭,若不需要請刪除</span><br><span class="line">Strict-Transport-Security max-age=63072000;includeSubDomains;preload</span><br><span class="line">}</span><br><span class="line">}</span><br></pre></td></tr></table></figure><h3 id="重新加載配置文件"><a href="#重新加載配置文件" class="headerlink" title="重新加載配置文件"></a>重新加載配置文件</h3><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl reload caddy</span><br></pre></td></tr></table></figure><p>若配置沒錯則回車後不會出現任何提示</p><h3 id="效果展示"><a href="#效果展示" class="headerlink" title="效果展示"></a>效果展示</h3><p>這裏就不展示了哈哈哈,將網站文件上傳至網站根目錄修改一下配置的文件重加載Caddy就好啦,然後配置域名解析後訪問對應的域名即可。</p>]]></content>
<summary type="html"><blockquote>
<p>本來很早就想寫這篇文章了,但一直沒有機會,藉着今次Lighthouse徵文的機會順便寫一下,怎麼購買Lighthouse服務在這裏就不再多說了,去騰訊雲官網秒殺頁面購買即可,這裏不再過多介紹了,本文系統鏡像為Debian11.1,其他系統環境請勿參</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="Caddy" scheme="https://yjz.hk/tags/Caddy/"/>
<category term="Web伺服器" scheme="https://yjz.hk/tags/Web%E4%BC%BA%E6%9C%8D%E5%99%A8/"/>
</entry>
<entry>
<title>關於騰訊雲免費SSL證書在IIS部署中提示"證書鏈中的一個或多個中間證書丟失"的解決辦法</title>
<link href="https://yjz.hk/articles/20220328.html"/>
<id>https://yjz.hk/articles/20220328.html</id>
<published>2022-03-28T14:42:34.000Z</published>
<updated>2024-05-07T14:00:43.570Z</updated>
<content type="html"><![CDATA[<blockquote><p>2022年03月03日22:00:00起,TrustAsia 根證書籤發由 Digicert 根證書變更為 Sectigo 根證書後,有部分同學在Windows Server IIS上部署證書時會遇到”證書鏈中的一個或多個中間證書”的提示,下面簡單記錄下問題的解決辦法。</p></blockquote><h2 id="下載對應算法的中間證書"><a href="#下載對應算法的中間證書" class="headerlink" title="下載對應算法的中間證書"></a>下載對應算法的中間證書</h2><blockquote><p>注意:下載前請確認證書加密算法。</p></blockquote><h3 id="查看證書加密算法"><a href="#查看證書加密算法" class="headerlink" title="查看證書加密算法"></a>查看證書加密算法</h3><p>登錄<a href="https://console.cloud.tencent.com/ssl">騰訊雲SSL證書控制台</a>查看,一般為RSA。<br><img src="https://resources.r2wind.com/img/202203/20220328225628.png" alt="加密算法"></p><h3 id="下載"><a href="#下載" class="headerlink" title="下載"></a>下載</h3><p>可點擊下方傳送門直接下載:<br>RSA格式:<a href="https://dl.r2wind.cn/ssl/TrustAsia%20RSA%20DV%20TLS%20CA%20G2.crt">傳送門</a><br>ECC格式:<a href="https://dl.r2wind.cn/ssl/TrustAsia%20ECC%20DV%20TLS%20CA%20G2.crt">傳送門</a></p><blockquote><p>PS:請將證書下載至伺服器或下載後複製到伺服器</p></blockquote><h2 id="安裝中間證書"><a href="#安裝中間證書" class="headerlink" title="安裝中間證書"></a>安裝中間證書</h2><h3 id="在伺服器雙擊打開中間證書並點擊安裝證書"><a href="#在伺服器雙擊打開中間證書並點擊安裝證書" class="headerlink" title="在伺服器雙擊打開中間證書並點擊安裝證書"></a>在伺服器雙擊打開中間證書並點擊安裝證書</h3><p><img src="https://resources.r2wind.com/img/202203/20220328232115.png" alt="打開證書"></p><h3 id="存儲位置選擇本地計算機"><a href="#存儲位置選擇本地計算機" class="headerlink" title="存儲位置選擇本地計算機"></a>存儲位置選擇本地計算機</h3><p><img src="https://resources.r2wind.com/img/202203/20220328232416.png" alt="安裝證書"></p><h3 id="選擇存儲位置"><a href="#選擇存儲位置" class="headerlink" title="選擇存儲位置"></a>選擇存儲位置</h3><p>點擊”將所有的證書都放入下列存儲”後點擊瀏覽選擇”中間證書頒發機構”後單擊下一頁<br><img src="https://resources.r2wind.com/img/202203/20220328232626.png" alt="選擇存儲位置"></p><h3 id="完成導入"><a href="#完成導入" class="headerlink" title="完成導入"></a>完成導入</h3><p>確認訊息後單擊完成:<br><img src="https://resources.r2wind.com/img/202203/20220328233009.png" alt="完成導入"><br>顯示導入成功即可:<br><img src="https://resources.r2wind.com/img/202203/20220328233021.png" alt="導入成功"></p>]]></content>
<summary type="html"><blockquote>
<p>2022年03月03日22:00:00起,TrustAsia 根證書籤發由 Digicert 根證書變更為 Sectigo 根證書後,有部分同學在Windows Server IIS上部署證書時會遇到”證書鏈中的一個或多個中間證書”的提示,下面簡單</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="DNSPOD" scheme="https://yjz.hk/tags/DNSPOD/"/>
<category term="騰訊雲" scheme="https://yjz.hk/tags/%E9%A8%B0%E8%A8%8A%E9%9B%B2/"/>
<category term="域名" scheme="https://yjz.hk/tags/%E5%9F%9F%E5%90%8D/"/>
<category term="SSL" scheme="https://yjz.hk/tags/SSL/"/>
</entry>
<entry>
<title>BuyVM配置AnyCast IP</title>
<link href="https://yjz.hk/articles/20220217.html"/>
<id>https://yjz.hk/articles/20220217.html</id>
<published>2022-02-17T05:21:37.000Z</published>
<updated>2024-05-07T14:00:43.570Z</updated>
<content type="html"><![CDATA[<blockquote><p>本來打算去申請ASN+IPv6/44自己去配置一個Anycast,後來發現申請ASN的費用超出了預算(奈何囊中羞澀),所以只能轉向成本更低的BuyVM家的Anycast VPS。</p></blockquote><h2 id="準備階段"><a href="#準備階段" class="headerlink" title="準備階段"></a>準備階段</h2><p>首先你購買三台他們家的VPS,分別位於盧森堡-歐洲,拉斯維加斯-美西,紐約或邁阿密-美東(我買的紐約)。</p><blockquote><p>關於配置:任何配置的VPS都可以,只要你買得到(盧森堡經常會缺貨,我購買的時候到是很順利)。<br>關於位置:官方要求用戶在四個區域都要有VPS,但是或許兩台也可以?(我沒去試,但是一台肯定沒有甚麼意義<br>關於路由:官方介紹的是歐洲訪問者將被路由到盧森堡節點;美國訪問者將根據他們的位置分別路由到拉斯維加斯,紐約或邁阿密節點;亞洲的訪問者將被路由到拉斯維加斯節點,南美訪問者將被路由到邁阿密節點等。(PS:實際使用中並不一定是官方介紹的那樣,一般會根據路由表來選擇路由最近的節點)<br>關於DDOS防禦:可以提工單為AnyCast開啟DDOS保護,每月5.00美元,由Cloudflare Magic Transit提供支持。</p></blockquote><h2 id="進行階段"><a href="#進行階段" class="headerlink" title="進行階段"></a>進行階段</h2><h3 id="申請AnyCast-IP"><a href="#申請AnyCast-IP" class="headerlink" title="申請AnyCast IP"></a>申請AnyCast IP</h3><p>登錄Stallion控制台點擊”聯網(networking)”<br><img src="https://resources.r2wind.com/img/202202/20220217105943.png" alt="networking"><br>點擊”Assign Anycast IP Addresses”,並選擇申請IP數量(每人最多五個)後點擊”Okay”<br><img src="https://resources.r2wind.com/img/202202/20220217110600.png" alt="Assign Anycast IP Addresses"><br>申請完成後即可看到剛剛申請的Anycast IP<br><img src="https://resources.r2wind.com/img/202202/20220217110930.png" alt="申請完成"></p><h3 id="配置AnyCast-IP"><a href="#配置AnyCast-IP" class="headerlink" title="配置AnyCast IP"></a>配置AnyCast IP</h3><p>登錄SSH編輯/etc/network/interfaces文件(用vim或者nano都可以,不過記得提前安裝對應的軟件;還有一種便捷的做法是將配置文件下載到本地編輯然後在上傳)<br>這裏以vim為例:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/network/interfaces</span><br></pre></td></tr></table></figure><p>按”i”編輯,編輯完按”ESC”並輸入”:wq”保存即可<br><img src="https://resources.r2wind.com/img/202202/20220217112646.png" alt="vim"><br>配置文件示例:(注釋為了方便說明,實際配置中建議直接刪掉這極其潦草的注釋)</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># This file describes the network interfaces available on your system</span></span><br><span class="line"><span class="comment"># and how to activate them. For more information, see interfaces(5).</span></span><br><span class="line"></span><br><span class="line"><span class="built_in">source</span> /etc/network/interfaces.d/*</span><br><span class="line"></span><br><span class="line"><span class="comment"># The loopback network interface</span></span><br><span class="line">auto lo</span><br><span class="line">iface lo inet loopback</span><br><span class="line"></span><br><span class="line"><span class="comment"># The primary network interface</span></span><br><span class="line">allow-hotplug eth0</span><br><span class="line">iface eth0 inet static</span><br><span class="line">address 198.98.xxx.xx <span class="comment"># 公網IPv4地址 </span></span><br><span class="line">network 198.98.xxx.0 <span class="comment"># 把公網IPv4地址最後一個點後面改成0即可 </span></span><br><span class="line">gateway 198.98.xxx.1 <span class="comment"># 把公網IPv4地址最後一個點後面改成1即可 </span></span><br><span class="line">broadcast 198.98.xxx.255 <span class="comment"># 把公網IPv4地址最後一個點後面改成255即可 </span></span><br><span class="line">netmask 255.255.255.0 <span class="comment"># 默認即可 </span></span><br><span class="line"></span><br><span class="line"><span class="comment"># IPv6配置,要是沒開啟IPv6把這部分注釋掉或者直接刪掉即可,address和gateway可在VPS控制台查看</span></span><br><span class="line">auto eth0:v6</span><br><span class="line">allow-hotplug eth0:v6</span><br><span class="line">iface eth0:v6 inet6 static</span><br><span class="line">address 2605:6400:10:58b::1 <span class="comment"># VPS IPv6地址</span></span><br><span class="line">gateway 2605:6400:0010::1 <span class="comment"># gateway可在控制台網絡配置查看</span></span><br><span class="line">netmask 48</span><br><span class="line"> </span><br><span class="line"><span class="comment"># AnyCast IP配置 </span></span><br><span class="line">auto eth0:anycast</span><br><span class="line">allow-hotplug eth0:anycast</span><br><span class="line">iface eth0:anycast inet static</span><br><span class="line">address 198.251.86.138 <span class="comment"># 更改為你的AnyCast IP</span></span><br><span class="line">netmask 255.255.255.0 <span class="comment"># 默認即可</span></span><br></pre></td></tr></table></figure><p>配置完成後reboot重啟伺服器即可</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">reboot</span><br></pre></td></tr></table></figure><blockquote><p>注意:所有伺服器均需進行配置</p></blockquote><h2 id="驗證階段"><a href="#驗證階段" class="headerlink" title="驗證階段"></a>驗證階段</h2><p>可以通過多地點的在線traceroute或在線ping等方式來進行驗證是否完成配置,若配置錯誤會導致空路由或ping不可達。</p>]]></content>
<summary type="html"><blockquote>
<p>本來打算去申請ASN+IPv6&#x2F;44自己去配置一個Anycast,後來發現申請ASN的費用超出了預算(奈何囊中羞澀),所以只能轉向成本更低的BuyVM家的Anycast VPS。</p>
</blockquote>
<h2 id="準備階</summary>
<category term="教程" scheme="https://yjz.hk/categories/%E6%95%99%E7%A8%8B/"/>
<category term="BuyVM" scheme="https://yjz.hk/tags/BuyVM/"/>
<category term="AnyCast" scheme="https://yjz.hk/tags/AnyCast/"/>
</entry>
</feed>