我一直在使用unbound作为本地recursionDNS服务器。 刚刚添加nsd来设置本地局域网DNS。 nsd正在监听53530端口,工作正常:
$ dig @127.0.0.1 data2.datanet.home -p 53530 ; <<>> DiG 9.9.2-P2 <<>> @127.0.0.1 data2.datanet.home -p 53530 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59577 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;data2.datanet.home. IN A ;; ANSWER SECTION: data2.datanet.home. 600 IN A 192.168.1.62 ;; AUTHORITY SECTION: datanet.home. 600 IN NS ns1.datanet.home. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53530(127.0.0.1) ;; WHEN: Mon Jun 15 07:16:24 2015 ;; MSG SIZE rcvd: 81 当通过本地取消绑定它不起作用:
$ dig @127.0.0.1 data2.datanet.home ; <<>> DiG 9.9.2-P2 <<>> @127.0.0.1 data2.datanet.home ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47645 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;data2.datanet.home. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jun 15 07:18:02 2015 ;; MSG SIZE rcvd: 47
以下是我在未绑定的日志中得到的详细信息:4
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: validator operate: query router.datanet.home. A IN Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: validator: pass to next module Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: mesh_run: validator module exit state is module_wait_module Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: iterator[module 1] operate: extstate:module_state_initial event: Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: process_request: new external request event Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: iter_handle processing q with state INIT REQUEST STATE Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: resolving router.datanet.home. A IN Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: request has dependency depth of 0 Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: use stub datanet.home. NS IN Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: cache delegation returns delegpt Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: DelegationPoint<datanet.home.>: 0 names (0 missing), 1 addrs (0 r Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: ip4 127.0.0.1 port 53530 (len 16) Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: iter_handle processing q with state INIT REQUEST STATE (stage 2) Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: resolving (init part 2): router.datanet.home. A IN Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: use stub datanet.home. NS IN Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: iter_handle processing q with state INIT REQUEST STATE (stage 3) Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: resolving (init part 3): router.datanet.home. A IN Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: iter_handle processing q with state QUERY TARGETS STATE Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: processQueryTargets: router.datanet.home. A IN Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: DelegationPoint<datanet.home.>: 0 names (0 missing), 1 addrs (0 r Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: ip4 127.0.0.1 port 53530 (len 16) Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: attempt to get extra 3 targets Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: skip addr on the donotquery list ip4 127.0.0.1 port 53530 (len 1 Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: No more query targets, attempting last resort Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: configured stub servers failed -- returning SERVFAIL Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: store error response in message cache Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: return error response SERVFAIL
特别是这是什么? [1947:0]debugging:在donotquery列表上跳过地址ip4 127.0.0.1 port 53530(len 1这似乎是关键,但我真的不知道为什么这么说。
这是我的整个unbound.conf:
server: interface: 127.0.0.1 interface: 192.168.1.50 use-syslog: yes username: "unbound" directory: "/etc/unbound" trust-anchor-file: trusted-key.key access-control: 192.168.1.0/24 allow verbosity: 2 local-zone: "1.168.192.in-addr.arpa" nodefault remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 8953 server-key-file: "/etc/unbound/unbound_server.key" server-cert-file: "/etc/unbound/unbound_server.pem" control-key-file: "/etc/unbound/unbound_control.key" control-cert-file: "/etc/unbound/unbound_control.pem" stub-zone: name: "datanet.home" stub-addr: 127.0.0.1@53530 # stub-first: yes stub-zone: name: "1.168.192.in-addr.arpa" stub-addr: 127.0.0.1@53530
nsd.conf有很多评论,所以不知道我是否应该粘贴它,但在任何情况下nsd似乎工作正常。 除了更改端口,启用控件以及添加区域之外,它与包含的示例conf几乎相同。
我被这个难住,所以任何想法,将不胜感激!
从日志中的这一行表明问题:
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: skip addr on the donotquery list ip4 127.0.0.1 port 53530 (len 1
默认情况下未绑定拒绝将任何DNS查询发送到本地主机。 要使其能够查询本地主机, do-not-query-localhost在Unboundconfiguration的server中将do-not-query-localhost为no :
server: interface: 127.0.0.1 interface: 192.168.1.50 [...] do-not-query-localhost: no
有关该选项的说明,请参阅unbound.conf的文档。