unbound/nsd 返回 SERVFAIL 解析本地 LAN DNS。單獨的 nsd 工作正常

我一直在使用 unbound 作為本地遞歸 DNS 伺服器。剛剛添加了 nsd 來設置本地 LAN DNS。nsd 正在偵聽埠 53530 並且工作正常：

$ dig @127.0.0.1 data2.datanet.home -p 53530

; <<>> DiG 9.9.2-P2 <<>> @127.0.0.1 data2.datanet.home -p 53530
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59577
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;data2.datanet.home.            IN      A

;; ANSWER SECTION:
data2.datanet.home.     600     IN      A       192.168.1.62

;; AUTHORITY SECTION:
datanet.home.           600     IN      NS      ns1.datanet.home.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53530(127.0.0.1)
;; WHEN: Mon Jun 15 07:16:24 2015
;; MSG SIZE  rcvd: 81

通過本地未綁定時，它不起作用：

$ dig @127.0.0.1 data2.datanet.home

; <<>> DiG 9.9.2-P2 <<>> @127.0.0.1 data2.datanet.home
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47645
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;data2.datanet.home.            IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jun 15 07:18:02 2015
;; MSG SIZE  rcvd: 47

這是我在未綁定日誌中得到的詳細資訊：4

Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: validator operate: query router.datanet.home. A IN
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: validator: pass to next module
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: mesh_run: validator module exit state is module_wait_module
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: iterator[module 1] operate: extstate:module_state_initial event:
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: process_request: new external request event
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: iter_handle processing q with state INIT REQUEST STATE
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: resolving router.datanet.home. A IN
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: request has dependency depth of 0
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: use stub datanet.home. NS IN
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: cache delegation returns delegpt
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: DelegationPoint<datanet.home.>: 0 names (0 missing), 1 addrs (0 r
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug:    ip4 127.0.0.1 port 53530 (len 16)
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: iter_handle processing q with state INIT REQUEST STATE (stage 2)
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: resolving (init part 2):  router.datanet.home. A IN
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: use stub datanet.home. NS IN
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: iter_handle processing q with state INIT REQUEST STATE (stage 3)
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: resolving (init part 3):  router.datanet.home. A IN
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: processQueryTargets: router.datanet.home. A IN
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] info: DelegationPoint<datanet.home.>: 0 names (0 missing), 1 addrs (0 r
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug:    ip4 127.0.0.1 port 53530 (len 16)
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: attempt to get extra 3 targets
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: skip addr on the donotquery list ip4 127.0.0.1 port 53530 (len 1
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: No more query targets, attempting last resort
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: configured stub servers failed -- returning SERVFAIL
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: store error response in message cache
Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: return error response SERVFAIL

特別是這是怎麼回事？

$$ 1947:0 $$調試：在 donotquery 列表中跳過 addr ip4 127.0.0.1 埠 53530 (len 1 這似乎是關鍵，但我真的不知道為什麼這麼說。 這是我的整個 unbound.conf：

server:
 interface: 127.0.0.1
 interface: 192.168.1.50
 use-syslog: yes
 username: "unbound"
 directory: "/etc/unbound"
 trust-anchor-file: trusted-key.key
 access-control: 192.168.1.0/24 allow
 verbosity: 2
 local-zone: "1.168.192.in-addr.arpa" nodefault
remote-control:
 control-enable: yes
 control-interface: 127.0.0.1
 control-port: 8953
 server-key-file: "/etc/unbound/unbound_server.key"
 server-cert-file: "/etc/unbound/unbound_server.pem"
 control-key-file: "/etc/unbound/unbound_control.key"
 control-cert-file: "/etc/unbound/unbound_control.pem"

stub-zone:
 name: "datanet.home"
 stub-addr: 127.0.0.1@53530
#  stub-first: yes
stub-zone:
 name: "1.168.192.in-addr.arpa"
 stub-addr: 127.0.0.1@53530

nsd.conf 有很多評論，所以不確定我是否應該粘貼它，但無論如何 nsd 似乎工作正常。除了更改埠、啟用控制內容和添加區域之外，它與包含的範例 conf 幾乎相同。

我對此感到困惑，所以任何想法都將不勝感激！

日誌中的這一行表明了問題：

Jun 15 06:12:39 pizza.yoderdev.com unbound[1947]: [1947:0] debug: skip addr on the donotquery list ip4 127.0.0.1 port 53530 (len 1

預設情況下，Unbound 拒絕向 localhost 發送任何 DNS 查詢。要使其能夠查詢 localhost，請在Unbound 配置的 - 部分設置do-not-query-localhost為：no``server

server:
 interface: 127.0.0.1
 interface: 192.168.1.50
 [...]
 do-not-query-localhost: no

有關該選項的說明，請參閱unbound.conf的文件。

引用自：https://serverfault.com/questions/699094