我为缓存服务器安装了绑定,递归模式运行良好。但是非递归模式效果不佳。
以下是/etc/named.conf(对于递归)的选项内容
options {
listen-on port 53 {localhost; any;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24;any; };
allow-query-cache { localhost; 192.168.0.0/24; any;};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
结果说:
[root@localhost ~]# nslookup naver.com
Server: 192.168.0.220
Address: 192.168.0.220#53
Non-authoritative answer:
Name: naver.com
Address: 125.209.222.142
Name: naver.com
Address: 202.179.177.22
Name: naver.com
Address: 202.179.177.21
Name: naver.com
Address: 125.209.222.141
这是 /etc/named.conf 的另一个选项内容(对于非递归)
options {
listen-on port 53 {localhost; any;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24;any; };
allow-query-cache { localhost; 192.168.0.0/24; any;};
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
结果说:
[root@localhost ~]# nslookup naver.com
Server: 192.168.0.220
Address: 192.168.0.220#53
Non-authoritative answer:
*** Can't find naver.com: No answer
这是为什么?我错过了什么吗?
你有。
您可以关闭全局递归,
recursion no;但允许它满足您的要求您还可以配置“转发器”以转发 dns 请求,然后再尝试通过对其他名称服务器(包括根域中的名称服务器)的迭代查询来自行查找答案。