sudo -s
cd /etc/bind/
vim named.conf.options
在
options {
directory "/var/cache/bind";
managed-keys-directory "/etc/bind";
後加入下列
allow-transfer {"none";};
allow-recursion {"none";};
recursion no;
allow-query { any; };
存檔完後重啟bind9
/etc/init.d/bind9 restart
做完之後使用nslookup查詢
sever 163.20.xx.1
> server 163.20.xx.1
Default server: 163.20.xx.1
Address: 163.20.xx.1#53
> dns.xx.ntpc.edu.tw.
Server: 163.20.xx.1
Address: 163.20.xx.1#53
dns.xx.ntpc.edu.tw canonical name = ntpdc.xx.ntpc.edu.tw.
Name: ntpdc.xx.ntpc.edu.tw
Address: 163.20.xx.1
> www.ntpc.edu.tw
Server: 163.20.xx.1
Address: 163.20.xx.1#53
** server can't find www.ntpc.edu.tw: REFUSED
你只可以查詢校內的dns資料,查詢其他的會回應查不到
allow-query 是回應可以查詢的網段
allow-transfer {"none";};
allow-recursion {"none";};
recursion no;
是禁止 遞迴查詢
參考資料:
http://wiki.weithenn.org/cgi-bin/wiki.pl?bind9-%E6%8F%90%E4%BE%9BDomain_Name%E8%88%87IP%E5%B0%8D%E6%87%89%E7%9A%84%E6%9C%8D%E5%8B%99#Heading8
http://www.cc.ntu.edu.tw/chinese/epaper/0028/20140320_2809.html
保太提供指令查詢
sudo nmap -sU 53 --script=dns-recursion 10.231.1.1/24
使用nslookup查資料時
在校內
server 163.20.xx.1
只能查到自己管的domain
其他的會顯示查不到
nslookup
> server 163.20.xx.1
Default server: 163.20.xx.1
Address: 163.20.xx.1#53
> dns.xx.ntpc.edu.tw
Server: 163.20.xx.1
Address: 163.20.xx.1#53
dns.xx.ntpc.edu.tw canonical name = ntpdc.xx.ntpc.edu.tw.
Name: ntpdc.xx.ntpc.edu.tw
Address: 163.20.xx.1
> www.hinet.net
Server: 163.20.xx.1
Address: 163.20.xx.1#53
** server can't find www.hinet.net: REFUSED
> exit
在校外
nslookup
> server 163.20.xx.1
Default server: 163.20.xx.1
Address: 163.20.xx.1#53
> dns.xx.ntpc.edu.tw
Server: 163.20.xx.1
Address: 163.20.xx.1#53
** server can't find dns.xx.ntpc.edu.tw: REFUSED
> exit
沒有留言:
張貼留言