Centos 搭建named dns服务没法解析外网地址
搭建了DNS服务器来解析自定义的域名,可是在遇到非自定义的域名时,不会去自动解析。使用nslookup 会提示 ** server can't find xxxx: NXDOMAINgit
网上找了说要配置DNS转发,在/etc/named.conf中配置 forward 和 forwarders,可是配完之后,确没有和想象的同样,自动拿到转发的服务器解析。最后快要奔溃时,看到论坛里有说把key相关的都注释掉,而后蛮试一下,竟然能够了。只须要注释如下这行。服务器
完整的配置文件以下:session
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
//listen-on port 53 { 127.0.0.1; };
listen-on port 53 { 127.0.0.1;192.168.200.100; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
allow-query { any; };
//allow-transfer { 202.106.0.20; };
//allow-recursion { 202.106.0.20; };
forward first;
forwarders { 219.141.140.10; };
//forward only;
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
当你配置的有主从dns服务器的时候,在主DNS宕机的时候,须要在内网机器中配置以下参数,否则你全部的服务器访问外网API的时候会超时,致使没法解析:ide
[root@dev ~]# cat /etc/resolv.conf options timeout:1 attempts:1 rotate nameserver 10.143.22.118 nameserver 10.143.22.116
相关文章
- 1. 解决CentOS搭建DNS服务器没法解析外网地址的问题
- 2. 没法解析的DNS服务地址
- 3. 没法解析服务器的DNS地址
- 4. 搭建DNS服务器实现地址解析
- 5. DNS域名解析服务--Named服务
- 6. CentOS 7 搭建DNS服务
- 7. CentOS 7搭建DNS服务
- 8. 网络服务——DNS搭建
- 9. Ubuntu18.04搭建docker的DNS解析服务
- 10. DNS解析流程及服务搭建
- 更多相关文章...
- • Git 服务器搭建 - Git 教程
- • 物理地址(MAC地址)是什么? - TCP/IP教程
- • Spring Cloud 微服务实战(三) - 服务注册与发现
- • 互联网组织的未来:剖析GitHub员工的任性之源
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章