我部署了未绑定的缓存服务器,下面是它的部署方式
客户端 ---> 内部 DNS 服务器(Windows) ---> 外部 DNS 服务器(RHEL) ---> GoogleDNS
来自本地主机(未绑定)如果我这样做
dig +ttlunits somesite.com
第一次尝试时,它将转到 google dns 服务器,第二次尝试时,它将从未绑定的缓存中检查,查询时间将为 1 毫秒或 0 毫秒 tcpdump 确认它正在从内部缓存中检查。
但如果 InternelDNSServer 后面有任何其他客户端,则查询仍会转到 GoogleDNS。以下是unbound.conf内容
server:
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: yes
num-threads: 4
interface: 192.168.56.10
interface-automatic: no
so-reuseport: yes
ip-transparent: yes
do-ip4: yes
access-control: 127.0.0.0/8 allow
access-control: 192.168.56.10/32 allow ***(unbound,Localhost)***
access-control: 10.30.10.1/32 allow_snoop ***(InternetDNSServer1)***
access-control: 10.30.11.2/32 allow_snoop ***(InternetDNSServer2)***
chroot: ""
username: "unbound"
directory: "/etc/unbound"
logfile: /var/log/unbound/unbound.log
log-queries: yes
use-syslog: yes
log-time-ascii: yes
log-replies: yes
pidfile: "/var/run/unbound/unbound.pid"
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
unwanted-reply-threshold: 10000000
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
module-config: "ipsecmod validator iterator"
trust-anchor-signaling: yes
trusted-keys-file: /etc/unbound/keys.d/*.key
auto-trust-anchor-file: "/var/lib/unbound/root.key"
val-clean-additional: yes
val-permissive-mode: no
val-log-level: 1
include: /etc/unbound/local.d/*.conf
ipsecmod-enabled: no
ipsecmod-hook: "/usr/libexec/ipsec/_unbound-hook"
python:
remote-control:
control-enable: yes
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 1.1.1.1
forward-first: no
include: /etc/unbound/conf.d/*.conf
/etc/resolv.conf 内容
# Generated by NetworkManager
search privatedomain.com
nameserver 192.168.56.10
我很困惑为什么它不为 InternelDNSServer 后面的客户端寻找缓存