非递归模式下的绑定不起作用

非递归模式下的绑定不起作用

我为缓存服务器安装了 bind,递归模式运行良好。但非递归模式运行不佳。

以下是/etc/named.conf(对于递归)的选项内容

options {
        listen-on port 53 {localhost; any;};
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24;any; };
        allow-query-cache { localhost; 192.168.0.0/24; any;};
        recursion yes;


        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

结果表明:

[root@localhost ~]# nslookup naver.com
Server:         192.168.0.220
Address:        192.168.0.220#53

Non-authoritative answer:
Name:   naver.com
Address: 125.209.222.142
Name:   naver.com
Address: 202.179.177.22
Name:   naver.com
Address: 202.179.177.21
Name:   naver.com
Address: 125.209.222.141

以下是 /etc/named.conf 的另一个选项内容(用于非递归)

options {
        listen-on port 53 {localhost; any;};
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24;any; };
        allow-query-cache { localhost; 192.168.0.0/24; any;};
        recursion no;


        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

结果表明:

[root@localhost ~]# nslookup naver.com
Server:         192.168.0.220
Address:        192.168.0.220#53

Non-authoritative answer:
*** Can't find naver.com: No answer

这是为什么?我是不是忽略了什么?

答案1

在递归查询中,名称服务器的行为类似于客户端,并要求另一个名称服务器为其提供查询的答案,或者返回错误,因为它无法提供答案。

你有。

您可以使用关闭全局递归,recursion no;但允许它按照您的请求进行

 allow-recursion {192.168.0.0/24;}; //change IPs as required

您还可以配置“转发器”来转发 DNS 请求,然后尝试通过迭代查询其他名称服务器(包括根域中的名称服务器)来找到答案。

相关内容