Networking

網路的未綁定 DNS 解析器

  • March 11, 2016

我實際上是在嘗試為我的本地網路創建一個 DNS 解析器,為此,我選擇使用 unbound,所以我將它安裝在 Arch Linux 伺服器上,它正在工作,但僅適用於本地機器(127.0.0.1) ,不適用於網路(我想將它打開到192.168.0.1-192.168.0.30範圍內的IP,我認為對應於192.168.0.0/27),但我找不到我的配置文件有什麼問題,當我在本地電腦上執行“dig @127.0.0.1 example.com”或“dig @192.168.0.2 example.com”時,解析器只會響應,但當我在網路的其他電腦(即 192.168.0.4,如果你想知道),我沒有收到未綁定的錯誤,它似乎根本沒有從屬於本地網路的電腦獲得請求。

這是我使用的配置文件:

server:
# Maximum verbosity
verbosity: 5

# Answer queries from
# The local machine
interface: 127.0.0.1
interface: ::1
# The local machine on the network
interface: 192.168.0.2

# Default DNS port
port: 53

# Save in cache for an hour to a day
cache-min-ttl: 3600
cache-max-ttl: 86400

# Enable IPv4, IPv6, UDP and TCP requests
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes

# Launch in a deamon (temporarily disabled)
# do-daemonize: yes

# Deny all the Internet (temporarily refuse)
access-control: 0.0.0.0/0 refuse
access-control: ::0/0 refuse
# Allow localhost
access-control: 127.0.0.1 allow
access-control: ::1 allow
# Allow network from 192.168.0.0 to 192.168.0.30
access-control: 192.168.0.0/27 allow
access-control: 2001:db8::/108 allow

# List of DNS root zone (automatically downloaded every 5 days with a CRON)
root-hints: "named.cache"

# Hide identity and version
hide-identity: yes
hide-version: yes

# Localhost
private-address: 127.0.0.1
private-address: ::1
# Network
private-address: 192.168.0.0/27
private-address: 2001:db8::/108

# Prevent from resolving network IPs
do-not-query-address: 192.168.0.0/27
do-not-query-localhost: yes

# Prefetch old-cached DNS responses
prefetch: yes

提前感謝您的回复。

檢查您是否有防火牆在執行。這將允許本地答案,但入站查詢將被丟棄。

引用自:https://serverfault.com/questions/761923