是否可以强制设置DNS的CNAME记录? [英] Is it possible to force setting CNAME record of the DNS?

查看:1327
本文介绍了是否可以强制设置DNS的CNAME记录?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

假设我有两个域名(domainA,domainB)。我将domainA的CNAME记录设置为domainB,因此每当用户解析domainA时,他将被重定向到解析domainB。我的问题是如果可以直接限制访问domainB。所以没有人可以解析domainB,除非它首先解析了domainA。

解决方案

DNS系统被设计为一个允许任何人解析地址的开放系统。以其原生形式,不可能做你想要的。



即使在互联网上用于DNS服务器的最常用(也许只有)软件是开源的 ISC绑定 - 您可以使用它来编写自己的DNS服务器来尝试创建该功能我可以肯定的是,由于DNS作为推荐网络(即其他DNS服务器代表客户端对您的DNS服务器发出请求),将DNS很难锁定到单个源。



简单的DNS不是为了提供任何形式的安全设计。您的请求类似于询问'我可以制作一本电话簿,只有当他们先读我的邻居才允许人们阅读我的名字'



您可以使用的唯一方法是允许用户向example.com发出请求,并将其请求重定向到example.org。这样,您的操作水平高于IP名称解析度,您就可以开始更多地控制发生了什么。


Suppose I have two domain names (domainA, domainB). I set the CNAME record of domainA to domainB, so whenever a user resolves domainA, he will be redirected to resolving domainB instead. My question is if it is possible to restrict accessing domainB directly. So no one can resolve domainB unless it has first resolved domainA.

解决方案

The DNS system is designed to be an open system that allows anyone to resolve addresses. In its native form it is not possible to do what you are looking for.

Even though the most common (perhaps only) software used for DNS servers on the internet is open source ISC Bind - And you could potentially use that to write your own DNS server to attempt to create that functionality I am reasonably sure that because DNS works as a referral network (i.e. other DNS servers make requests against your DNS servers on behalf of clients) it would be difficult to lock DNS down to a single source.

Simply DNS isn't designed to provide any form of security. Your request is akin to asking 'could I make a phone book that only allowed people to read my name if they read my neighbours first'

The only method you could use is to allow users to make a request to example.com and from their redirect their request to example.org. That way you are operating at a level higher than IP Name resolution and you start getting more control over what happens.

这篇关于是否可以强制设置DNS的CNAME记录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆