Bind9配置文件问题

tag-icon tag-icon linux networking configuration dns bind
Bind9配置文件问题

我有一台电脑Debian 9 拉伸和一个路由器(Nano Pi r4s,带开放式网络)都与绑定9。我已经设置了min-cache-ttl参数80000次子Debian 拉伸,当我尝试将其设置为纳米圆周率,它告诉我最大值可以达到90秒!!这怎么可能?如何设置更高的值?谢谢

Debian 9/etc/bind/named.conf.options):

options {
        directory "/var/cache/bind";
        listen-on-v6 { none; };
        recursion yes;
        allow-transfer { none; };
        dump-file  "/var/cache/bind/cache.db";
        notify no;
        allow-notify { none; };
        forward only;

        forwarders {
                8.8.8.8;
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation no;

        auth-nxdomain no;    # conform to RFC1035
        attach-cache yes;
        min-cache-ttl  86400;
        max-cache-ttl  87000;
        max-cache-size 1024M;
};

纳米PI R4S/etc/bind/named.conf):

options {
        directory "/var/cache/bind";
        dump-file "/var/cache/bind/cache.db";
        listen-on-v6 { none; };
        recursion yes;
        allow-transfer { none; };
        notify no;
        allow-notify { none; };
        forward only;

        forwarders {
                8.8.8.8;
        };

        auth-nxdomain no;    # conform to RFC1035
        dnssec-validation no;
        attach-cache yes;
        min-cache-ttl  80000; ## ERROR! Max is 90!
        max-cache-ttl  43200;
        max-cache-size 1024M;
};

答案1

如何设置更高的值?

获取bind-9.14源代码,更改 的值MAX_MIN_CACHE_TTL并自行编译bind包

这怎么可能?

德班
在bind-9.13之前,Debian有自己的补丁,为他们的bind包0003-Add-min-cache-ttl-and-min-ncache-ttl-keywords.patch添加了功能。min-cache-ttl

显然,最大值min-cache-ttl> 90 秒,因为这里没有检查 https://sources.debian.org/patches/bind9/1:9.10.3.dfsg.P4-12.3+deb9u6/10_min-cache-ttl.diff/#L30

使用bind-9.13 Debian 删除http://metadata.ftp-master.debian.org/changelogs/main/b/bind9/unstable_changelog 由于上游已经在该版本中移植了此功能,因此有补丁。

开放WRT
OpenWRT 直接从 ISC 源文件编译绑定包。
这里是生成文件https://github.com/openwrt/packages/blob/master/net/bind/Makefile

PKG_VERSION:=9.18.4
PKG_SOURCE_URL:= \
    https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
    https://ftp.isc.org/isc/bind9/$(PKG_VERSION)

也适用于bind-9.14.2 https://github.com/openwrt/packages/commit/868f29d4ee61205e65994f67f23a02198a9dea33#diff-eb969664858d3b384948d5ecec074c7cf894444a8e293aebb09d21720a00f5b5

inbind min-cache-ttl于2018年11月14日添加并在版本9.13.4提交中发布https://github.com/isc-projects/bind9/commit/e9a939841dcf37021aab189caee836bfb59b45dc

min-cache-ttl此处定义的最大值 https://github.com/isc-projects/bind9/commit/e9a939841dcf37021aab189caee836bfb59b45dc?diff=unified#diff-d67681a4334d52b7a3e6aa8ff9a56072834cf2f4e5158cbfd4cb3b232c73 1bf7R24

#define MAX_MIN_CACHE_TTL 90

https://github.com/isc-projects/bind9/commit/e9a939841dcf37021aab189caee836bfb59b45d c?diff=unified#diff-d6bb5d421804dd0a1b7bd92dcd1f76348321360d9dbf5512257c4753cc815443R第972章

static intervaltable intervals[] = {
...
    { "min-cache-ttl", 1, MAX_MIN_CACHE_TTL },  /* 90 secs */
...
};

因此在bind 中以及在openwrt 中,最大值min-cache-ttl从一开始就始终是90。

相关内容