我为缓存服务器安装了 bind,递归模式运行良好。但非递归模式运行不佳。
以下是/etc/named.conf
(对于递归)的选项内容
options {
listen-on port 53 {localhost; any;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24;any; };
allow-query-cache { localhost; 192.168.0.0/24; any;};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
结果表明:
[root@localhost ~]# nslookup naver.com
Server: 192.168.0.220
Address: 192.168.0.220#53
Non-authoritative answer:
Name: naver.com
Address: 125.209.222.142
Name: naver.com
Address: 202.179.177.22
Name: naver.com
Address: 202.179.177.21
Name: naver.com
Address: 125.209.222.141
以下是 /etc/named.conf 的另一个选项内容(用于非递归)
options {
listen-on port 53 {localhost; any;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24;any; };
allow-query-cache { localhost; 192.168.0.0/24; any;};
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
结果表明:
[root@localhost ~]# nslookup naver.com
Server: 192.168.0.220
Address: 192.168.0.220#53
Non-authoritative answer:
*** Can't find naver.com: No answer
这是为什么?我是不是忽略了什么?
答案1
在递归查询中,名称服务器的行为类似于客户端,并要求另一个名称服务器为其提供查询的答案,或者返回错误,因为它无法提供答案。
你有。
您可以使用关闭全局递归,recursion no;
但允许它按照您的请求进行
allow-recursion {192.168.0.0/24;}; //change IPs as required
您还可以配置“转发器”来转发 DNS 请求,然后尝试通过迭代查询其他名称服务器(包括根域中的名称服务器)来找到答案。