◻️オープンレゾルバ対策(権威DNSサーバーとキャッシュDNSサーバーを兼用)
以下の内容に修正を行うことにする。(赤字が追加)
vi /etc/named.conf
===========================================
acl my-network {
192.168.1.0/24;
localhost;
};
options {
// listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
version "unknown";
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-transfer { 202.238.95.24; };
// allow-query { localhost; localnets; };
// allow-recursion { localhost; localnets; };
// allow-query-cache { localhost; localnets; };
forwarders{ 202.238.95.24; };
recursion yes;
allow-query { any; };
allow-recursion { my-network; };
allow-query-cache { my-network; };
==============================================
参照先:
https://faq.interlink.or.jp/faq2/View/wcDisplayContent.aspx?id=567
0 件のコメント:
コメントを投稿