DNS转发之bind
全局转发
first:先转发至指定DNS服务器,如果无法解析查询请求,则本服务器再去根服务器查询
only: 先转发至指定DNS服务器,如果无法解析查询请求,则本服务器将不再去根服务器查询
17服务器安装软件
[root@localhost ~]# yum install bind -y
改配置文件 only
[root@localhost ~]# vim /etc/named.conf
# 添加下面两条
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
forward only;
forwarders {172.31.0.38;};
dnssec-enable no;
dnssec-validation no;
开机启动
[root@localhost ~]# systemctl enable --now named
客户端验证
[17:24:13 root@sz-kx-centos8 ~]# dig www.longxuan.vip @172.31.0.17
注意:如果DNS服务器停止了,是做不了转发了
改配置文件 first
[root@localhost ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
forward first;
forwarders {172.31.0.38;};
dnssec-enable no;
dnssec-validation no;
重启服务
[root@localhost ~]# rndc reload
server reload successful
DNS服务端删除默认路由
[root@localhost named]# ip route
default via 172.31.0.254 dev eth0 proto static metric 100
172.31.0.0/16 dev eth0 proto kernel scope link src 172.31.0.38 metric 100
[root@localhost named]# ip route del default via 172.31.0.254 dev eth0 proto static metric 100
清除缓存
[root@localhost named]# rndc flush
客户端验证
[17:38:13 root@sz-kx-centos8 ~]# dig www.longxuan.vip @172.31.0.17