對這文章發表回應
發表限制: 非會員 可以發表
發表者: 冷日 發表時間: 2016/12/21 15:17:51
How to Disable External DNS recursion?
I know that to disable recursive queries in BIND, I need add the following lines to the options section of /etc/bind/named.conf.options
Will the above configuration disable all DNS recursive queries?
How can I disable DNS recursion only to external network queries and keep recursion only for Internal network?
If I disable the recursion, then what process will be performed by the BIND resolve the name request? Iterative or Inverse?
You can enable recursion for some clients and disable recursion for others using views, but it is not recommended because you will lose some of the advantages of turning off recursion in the first place. You should use different nameservers for recursive resolution and authoritative service. (The two servers could run on the same machine if necessary.) Still, here's how to do it:
As for the question in your last sentence, "what process will be performed by the BIND resolve the name request? Iterative or Inverse?", I do not understand the question. A nameserver configured not to offer recursive service will simply refuse to answer recursive queries.
原文出處:bind - How to Disable External DNS recursion? - Ask Ubuntu
I know that to disable recursive queries in BIND, I need add the following lines to the options section of /etc/bind/named.conf.options
allow-transfer {"none";};
allow-recursion {"none";};
recursion no;
Will the above configuration disable all DNS recursive queries?
How can I disable DNS recursion only to external network queries and keep recursion only for Internal network?
If I disable the recursion, then what process will be performed by the BIND resolve the name request? Iterative or Inverse?
You can enable recursion for some clients and disable recursion for others using views, but it is not recommended because you will lose some of the advantages of turning off recursion in the first place. You should use different nameservers for recursive resolution and authoritative service. (The two servers could run on the same machine if necessary.) Still, here's how to do it:
// global options apply to external clients
options {
recursion no;
additional-from-auth no;
additional-from-cache no;
};
view "local" in {
// view options enable recursion only for local clients
match-clients { 172.16.45.80/23; 192.168.12.0/24; 127.0.0.1/8; ::1; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
zone "." in {
type hint;
file "/etc/bind/db.root";
};
// put definitions for zones like "localhost" and "127.in-addr.arpa" here
}
// put definitions for real authoritative zones here.
As for the question in your last sentence, "what process will be performed by the BIND resolve the name request? Iterative or Inverse?", I do not understand the question. A nameserver configured not to offer recursive service will simply refuse to answer recursive queries.
原文出處:bind - How to Disable External DNS recursion? - Ask Ubuntu