我在服务器上安装了 powerdns 来处理 DNS 请求。
该设置在端口 5300 具有 powerdns,在端口 5301 具有递归,在端口 53 具有 dnsdist。
如果我执行 dig 我会得到下面不权威的结果,因此会被其他名称服务器忽略。
1.调用递归器时:
dig a essyfortunes.com @85.10.203.183
; <<>> DiG 9.16.1-Ubuntu <<>> a essyfortunes.com @85.10.203.183
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64902
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;essyfortunes.com. IN A
;; ANSWER SECTION:
essyfortunes.com. 0 IN A 95.216.38.152
;; Query time: 155 msec
;; SERVER: 85.10.203.183#53(85.10.203.183)
;; WHEN: Tue Jan 19 09:04:44 EAT 2021
;; MSG SIZE rcvd: 61
1.调用powerdns时:
dig a essyfortunes.com @85.10.203.183 -p 5300
; <<>> DiG 9.16.1-Ubuntu <<>> a essyfortunes.com @85.10.203.183 -p 5300
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19637
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;essyfortunes.com. IN A
;; ANSWER SECTION:
essyfortunes.com. 0 IN A 95.216.38.152
;; Query time: 155 msec
;; SERVER: 85.10.203.183#5300(85.10.203.183)
;; WHEN: Tue Jan 19 09:05:06 EAT 2021
;; MSG SIZE rcvd: 61
powerdns 和 recursor 都使用默认设置。我的 dnsdist 设置如下;
setLocal('85.10.203.183')
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access
newServer({address='85.10.203.183:5300', pool='auth'})
newServer({address='85.10.203.183:5301', pool='recursor'})
recursive_ips = newNMG()
recursive_ips:addMask('0.0.0.0/0') -- These network masks are the ones from allow-recursion in the Authoritative Server
addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
addAction(AllRule(), PoolAction('auth'))