观察DNS查询日志发现一个非本地提供服务的ZONE查询,开始采取iptables禁止掉此IP,第二天又有另一IP对此ZONE查询,看来得从根本上解决这个问题。
我的bind起初设置
引用
allow-recursion { any; };
允许递归查询
更改配置
方法一:
在options中设置
引用
recursion yes;
在view中设置
引用
allow-recursion { none; };
方法二:
在options中设置
引用
recursion no;
这时Bind变成迭代查询,返回根DNS信息。
引用
If recursion is set to 'yes' (the default) the server will always provide recursive query behaviour if requested by the client (resolver). If set to 'no' the server will only provide iterative query behaviour - normally resulting in a referral. If the answer to the query already exists in the cache it will be returned irrespective of the value of this statement. This statement essentially controls caching behaviour in the server. The allow-recursion statement and the view clauses can provide fine-grained control. This statement may be used in a view or a global options clause.
http://www.zytrax.com/books/dns/ch7/queries.html
最后记得重新加载配置并清除缓存
引用
reload Reload configuration file and zones.
reload zone [class [view]]
Reload a single zone.
flush Flushes all of the server's caches.
flush [view] Flushes the server's cache for a view.
/byread/bin/bind/sbin/rndc reload
/byread/bin/bind/sbin/rndc flush