因為UDP與TCP有可靠性的差別,有暫存機制跟proxy的功能,可避免DNS汙染,中華電信與Google的DNS都支援TCP查詢。
googleg上一堆資料,有牆的地方比較多人用。
apt-get install pdnsd //安裝
安裝時可選三種設定方式
resolvconf
root servers
manual
我都用root servers 也可用手動
vi /etc/pdnsd.conf
global {
perm_cache=2048;
cache_dir="/var/cache/pdnsd";
run_as="pdnsd";
server_ip = 127.0.0.1; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid=on;
// query_method=tcp_only; // pdnsd must be compiled with tcp //限制只使用TCP
// query support for this to work.
min_ttl=15m; // Retain cached entries at least 15 minutes.
max_ttl=1w; // One week. //這是修改暫存的時間
timeout=10; // Global timeout option (10 seconds).
// Don't enable if you don't recurse yourself, can lead to problems
// delegation_only="com","net";
}
// This section is meant for resolving from root servers.
server {
label = "root-servers";
root_server=on;
ip = 8.8.8.8 //這兩個google的DNS位址要另外加上
, 8.8.4.4
vi /etc/default/pdnsd
# do we start pdnsd ?
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=
沒有留言:
張貼留言