關於 BIND 的設定之前(2014)有寫過一篇,不過年代久遠。兩相對照語法,其實架構沒太大改變。現在都用免費託管方案 Cloudflare DNS 顯少自己維運,畢竟還是有機會被打爆。
/etc/bind# vim named.conf.local
zone "example.com" in {
type master;
file "/etc/bind/db.example.com";
};
/etc/bind# vim db.example.com
$TTL 86400 $ORIGIN example.com. ; base domain-name @ IN SOA dns.example.com. admin.example.com. ( 20230909 ; Serial 43200 ; Refresh 3600 ; Retry 1209600 ; Expire 180 ) ; Minimum TTL ; Nameservers @ IN NS dns.example.com.; ; Records dns.example.com. IN A [IP]; test.example.com. IN A [IP];
/etc/bind# vim named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain yes; # conform to RFC1035
listen-on-v6 { none; };
listen-on port 53 { any; };
allow-query { any; };
allow-query-cache { none; };
recursion no;
also-notify { };
};
沒有留言:
張貼留言