服务器 Gind.cn
  1. 服务器 Gind.cn
  3. BIND redhat限制了回应
Intereting Posts
iptables从2个子网中进行欺骗 Exchange 2010 ManagedContentSettings不会使对话历史logging失效 syn flood / ddos​​的Snort规则? RDS服务器上特定应用程序的慢窗口绘图 在Mac OS X(服务器)上recursion应用ACL权限? 可能在路由器负载平衡TP-Link TL-R470T +使用总是相同的广域网(WAN3)为特定的端口 我应该使用Windows Server 2008 R2企业版AD还是RDS? NGINX不断向上游发送请求 当apache代理/负载均衡器从挂起的服务器获取超时时,是否可以将请求redirect到其他可用的均衡器成员? 如何创buildTLS SHA256证书请求 使用Postfix转发邮件时,如何保存本地邮件副本? 保护一个新的Ubuntu服务器 组策略屏幕保护程序的 gluster写在客户端时性能低 SSH密钥在Fedora 25上失败

BIND redhat限制了回应

我正在寻找运行一个DNS服务器使用绑定将回应一个非常有限的域名列表,并失败的一切。 我使用teamtalk.com作为概念certificate

我的resolv.conf文件看起来像这样.. 

// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 127.0.0.1; xxxx; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; xxxx/x; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "teamtalk.com" IN { type forward; forward only; forwarders { 8.8.8.8; 8.8.4.4; }; }; zone "." IN { type hint; file "named.empty"; };

named.empty是一个虚拟文件… 

 $TTL 3H @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1

我的客户可以成功parsingteamtalk.com 

 Non-authoritative answer: Name: teamtalk.com Addresses: 178.62.52.101 178.62.86.236 46.101.32.242 178.62.82.54 178.62.43.133 178.62.6.212 178.62.24.154 46.101.16.70 46.101.36.47

但一切都失败了… 

 www.bbc.co.uk Server: [xxxx] Address: xxxx *** [xxxx] can't find www.bbc.co.uk: Server failed

到现在为止还挺好。

我的问题是我无法解决teamtalk.com的衍生品,例如www.teamtalk.com 

 www.teamtalk.com Server: [xxxx] Address: xxxx *** [xxxx] can't find www.teamtalk.com: Server failed