네임서버가 외부에서도 응답할수 있게 설정하는 방법

Posted on by webterror
입질쾌감 물때표

네임서버 named.conf 파일을 수정해야 한다.

options {
   directory "/var/bind";
   pid-file "/var/run/named/named.pid";

   /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
   //bindkeys-file "/etc/bind/bind.keys";

   listen-on-v6 { ::1; };
   //listen-on { 127.0.0.1; };
   listen-on { any; };

   allow-query {
      /*
       * Accept queries from our "trusted" ACL.  We will
       * allow anyone to query our master zones below.
       * This prevents us from becoming a free DNS server
       * to the masses.
       */
      any;
   };

   allow-query-cache {
      /* Use the cache for the "trusted" ACL. */
      any;
   };

   allow-recursion {
      /* Only trusted addresses are allowed to use recursion. */
      any;
   };

   allow-transfer {
      /* Zone tranfers are denied by default. */
      none;
   };

   allow-update {
      /* Don't allow updates, e.g. via nsupdate. */
      none;
   };

   /*
   * If you've got a DNS server around at your upstream provider, enter its
   * IP address here, and enable the line below. This will make you benefit
   * from its cache, thus reduce overall DNS traffic in the Internet.
   *
   * Uncomment the following lines to turn on DNS forwarding, and change
   *  and/or update the forwarding ip address(es):
   */
/*
   forward first;
   forwarders {
   //   123.123.123.123;   // Your ISP NS
   //   124.124.124.124;   // Your ISP NS
   //   4.2.2.1;      // Level3 Public DNS
   //   4.2.2.2;      // Level3 Public DNS
      8.8.8.8;      // Google Open DNS
      8.8.4.4;      // Google Open DNS
   };

*/

   //dnssec-enable yes;
   //dnssec-validation yes;

   /* if you have problems and are behind a firewall: */
   //query-source address * port 53;
};

이부분들을 수정해서 고쳐야 한다.

listen-on { any; };
allow-query { any; };
allow-query-cache { any; }

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다