我运行Ubuntu 12.04和bind9。 我的caching只有DNS服务器实际上是一个开放的DNSparsing器,所以我正在尝试纠正这一点。
我试图按照这个指南 。
named.conf中
// This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; #include "/etc/bind/named.conf.default-zones"; named.conf.local只包含。
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918";
named.conf.options
acl "trusted" { 127.0.0.1/32; XX192.0/20; }; options { recursion no; additional-from-cache no; allow-query { none; }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 }; view "trusted" in { match-clients { trusted; }; allow-query { trusted; }; recursion yes; additional-from-cache yes; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 };
我可以重新启动绑定没有问题,我可以查询绑定。 然而,当我testing我仍然是一个开放的parsing器,当我看着DNS顶部,我所有的顶级查询来自定义范围以外的IP。 所以我知道我有什么错。
这是我使用的:
options { directory "/var/named/master"; allow-recursion { 127.0.0.1; xyz0/19; ...; }; allow-transfer { 127.0.0.1; xyz0/19; ...; };