文章目录
转发非本域的DNS解析请求
做为公司内部的DNS服务器,公司内部员工除了请求内部的解析记录外,大部分在访问互联网上的其它网址,而此时公司内部的DNS服务器无法解析,所以需要将这些请求发送至互联网上的DNS服务器进行解析。
[root@nameserver ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1;172.16.133.60; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;//允许递归查询
forward only;//转发器设置,将不是本域解析或者本地没有缓存的解析记录进行转发,转发类型有两种,first/only,first是收到请求就先转发查询,查询不到再查本地,only是先查本地,查不到再转发。
forwarders { 223.5.5.5;223.6.6.6; };//设置转发解析请求的目标服务器,这里设置的是阿里云对互联网的解析服务器
dnssec-enable no; //DNS的查询安全性要关闭,否则会报错“broken trust chain resolving”
dnssec-validation no; //验证也关闭
/* Path to ISC DLV key */
/* bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
*/
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";