如果想要架設cache-only DNS server
只需要修改/etc/named.conf就好
假設server端IP是140.114.229.129, client端IP是140.114.28.187
在option欄位裡添加server IP和client IP和還有forwarders
並且註解掉dnssec-lookaside . trust-anchor dlv.isc.org.;
以下列出/etc/named.conf最小修改內容
options {
listen-on port 53 { 127.0.0.1; 140.114.229.129; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 140.114.28.187; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
//dnssec-lookaside . trust-anchor dlv.isc.org.;
forwarders { 168.95.1.1; };
};
關於大括弧裡的格式(以ß代表空格)
listen-on port 53 {ß127.0.0.1;ß140.114.229.129;ß};
listen-on port 53 {ß127.0.0.1;140.114.229.129;ß};
listen-on port 53 {127.0.0.1;ß140.114.229.129;};
listen-on port 53 {127.0.0.1;140.114.229.129;};
都是可以的~
server端記得在iptables添加兩行
-A INPUT -p tcp --dport 53 -j ACCEPT
-A INPUT -p udp --dport 53 -j ACCEPT
client端在測試時
記得要把DNS改成140.114.229.129
建議改在/etc/sysconfig/network-scripts/ifcfg-eth0
然後service NetworkManager start
如果改在/etc/resolv.conf
下次網路重開就會被蓋掉了
No comments:
Post a Comment