您当前的位置： 首页 > 学无止境 > 心得笔记 网站首页心得笔记

dns服务器全局禁止递归查询

发布时间：2018-12-15 10:35:42编辑：雪饮阅读（）

dns服务器默认是允许递归查询的，可以在dns配置文件中的options中配置全局禁止递归。

全局禁止递归查询的实现：

[root@localhost ~]# cat /etc/named.conf

options {

         directory "/var/named";

         recursion no;

};

zone "." IN {

         type hint;

         file "named.ca";

};

zone "localhost" IN {

         type master;

         file "named.localhost";

};

zone "0.0.127.in-addr.arpa" IN {

         type master;

         file "named.loopback";

};

zone "mageedu.com" IN {

         type master;

         file "mageedu.com.zone";

};

zone "43.168.192.in-addr.arpa" IN {

         type master;

         file "192.168.43.zone";

};

[root@localhost ~]# dig -t A www.sohu.com @192.168.43.165

 

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t A www.sohu.com @192.168.43.165

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 39347

;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; WARNING: recursion requested but not available

 

;; QUESTION SECTION:

;www.sohu.com.                        IN     A

 

;; Query time: 2 msec

;; SERVER: 192.168.43.165#53(192.168.43.165)

;; WHEN: Sun Dec  9 23:39:19 2018

;; MSG SIZE  rcvd: 30

可以看到已经没有了任何答案回来了。