query (cache) ‘domain/MX/IN’ denied

之前bind9.2使用正常,https://www.isc.org/node/474,DNS要求升级到BIND 9.6.1-P1,

问题出来了:查询非本服务器域名出现查询拒绝,服务器端日志为

03-Aug-2009 16:46:10.282 security: client 219.135.228.103#17634: query (cache) ‘mycompany.com.cn/MX/IN’ denied
03-Aug-2009 16:46:10.306 security: client 219.135.228.103#17635: query (cache) ‘mycompany.com.cn/MX/IN’ denied
03-Aug-2009 16:54:47.969 security: client 202.82.24.86#17029: query (cache) ‘aabbcc.com/A/IN’ denied

原named.conf为:

  1. options {
  2.         directory “/var/named/db”;
  3.         pid-file “/var/run/named.pid”;
  4.         dump-file “/var/run/dumpfile.db”;
  5.         statistics-file “/var/run/named_stats.db”;
  6.         rrset-order {order random;};
  7.         listen-on { 61.145.121.11;};
  8.         allow-transfer { 202.66.8.21; 202.66.8.7; 202.66.8.1; 202.82.24.88; };
  9. };
  10. key “rndc-key” {
  11.        algorithm hmac-md5;
  12.        secret “kf08fdjkljfjdkjfkfdsalkjr==”;
  13. };
  14. controls {
  15.        inet 127.0.0.1 port 953
  16.                allow { 127.0.0.1; } keys { “rndc-key”; };
  17. };
  18. logging {
  19.            category lame-servers {null;};
  20.            channel query_log {
  21.                      file “/var/run/named.log” versions 5 size 10m;
  22.                      print-time yes;
  23.                      print-category yes;
  24.                     severity  debug;
  25.                  };
  26.             category “default” { “query_log”; };
  27. };
  28. zone “.” in {
  29.         type hint;
  30.         file “named.ca”;
  31. };
  32. zone “0.0.127.in-addr.arpa” in {
  33.         type master;
  34.         file “named.local”;
  35. };
  36. ……..

加了这3句似乎也没有什么用:

additional-from-cache  yes;
additional-from-auth  yes;
recursion  yes;

解决办法:

allow-query-cache { any; };

发表回复