我正在运行一个权威服务器,对BIND 9.11.3上不在我网络中的主机禁用递归.当从网络外部的主机查询不在服务器权限范围内的域时,我在权限部分中没有得到答案和根服务器列表.我理解为什么会发生这种情况,我想知道是否可以完全禁用权限部分.是否存在类似于最小响应的选项,在递归不可用时不会返回任何权限数据?
原文链接:/ubuntu/348414.html挖掘示例:
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @NS google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 6847 ;; flags: qr rd; QUERY: 1,ANSWER: 0,AUTHORITY: 13,ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0,flags:; udp: 4096 ; COOKIE: 5ed7760df1d65f05baba487c5b75a318b3065456b81ca133 (good) ;; QUESTION SECTION: ;google.com. IN A ;; AUTHORITY SECTION: . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. ;; Query time: 36 msec
我的选项看起来像这样:
options {
listen-on { any; };
directory "/var/cache/bind";
allow-recursion { acls; };
rate-limit {
responses-per-second 10;
exempt-clients { acls; };
window 5;
};
allow-query-cache { any; };
allow-query { any; };
allow-update { none; };
dnssec-enable no;
dnssec-validation no;
minimal-responses yes;
forwarders {
208.67.222.222;
208.67.220.220;
};
};
