今天把DNS服务器迁移到了另外两台机上.因之前所用版本为932,现在最新稳定版为942,就下了个最新的
也因为懒,编译好就直接把以前的配置文件给拷过来了.启动正常,直接查询的也可以.但cache的查询就有问题了.很多这样的错.
Mar 25 14:38:17 root named[12559]: client 218.13.186.57#62319: view view_any: query (cache) 'xx.com.cn/A/IN' denied
Mar 25 14:38:17 root named[12559]: client 218.13.186.57#62320: view view_any: query (cache) 'xx.com.cn/A/IN' denied
Mar 25 14:38:38 root named[12559]: client 218.13.186.57#62326: view view_any: query (cache) 'xx.com.cn/A/IN' denied
Mar 25 14:38:38 root named[12559]: client 218.13.186.57#62327: view view_any: query (cache) 'xx.com.cn/A/IN' denied
Mar 25 14:45:21 root named[12559]: client 218.13.186.57#62451: view view_any: query (cache) 'xx.com.cn/A/IN' denied
Mar 25 14:45:21 root named[12559]: client 218.13.186.57#62452: view view_any: query (cache) 'xx.com.cn/A/IN' denied
查资料,发现新版的对cache的处理有所改变
新版本的BIND对 allow-query 有着不同的处理,新增加了一个 allow-query-cache 的选项。
QUOTE:allow-query Specifies which hosts are allowed to ask ordinary DNS questions. allow-query may also
be specified in the zone statement, in which case it overrides the options allow-query statement.
If not specified, the default is to allow queries from all hosts.
QUOTE:allow-query-cache Specifies which hosts are allowed to get answers from the cache. The default is the
builtin acls localnets and localhost.
The way to set query access to the cache is now via allow-query-cache. This differs from earlier
versions which used allow-query.
BIND 9.4 的手册上还特别注释了
QUOTE:allow-query-cache is now used to specify access to the cache.
