Unbound 不在缓存中查找 A 记录

tag-icon tag-icon dns unbound
Unbound 不在缓存中查找 A 记录

我部署了未绑定的缓存服务器,下面是它的部署方式

客户端 ---> 内部 DNS 服务器(Windows) ---> 外部 DNS 服务器(RHEL) ---> GoogleDNS

来自本地主机(未绑定)如果我这样做

dig +ttlunits somesite.com

第一次尝试时,它将转到 google dns 服务器,第二次尝试时,它将从未绑定的缓存中检查,查询时间将为 1 毫秒或 0 毫秒 tcpdump 确认它正在从内部缓存中检查。

但如果 InternelDNSServer 后面有任何其他客户端,则查询仍会转到 GoogleDNS。以下是unbound.conf内容

server:
        verbosity: 1
        statistics-interval: 0
        statistics-cumulative: no
        extended-statistics: yes
        num-threads: 4
        interface: 192.168.56.10
        interface-automatic: no
        so-reuseport: yes
        ip-transparent: yes
        do-ip4: yes
        access-control: 127.0.0.0/8 allow
        access-control: 192.168.56.10/32 allow ***(unbound,Localhost)***
        access-control: 10.30.10.1/32 allow_snoop ***(InternetDNSServer1)***
        access-control: 10.30.11.2/32 allow_snoop ***(InternetDNSServer2)***
        chroot: ""
        username: "unbound"
        directory: "/etc/unbound"
        logfile: /var/log/unbound/unbound.log
        log-queries: yes
        use-syslog: yes

        log-time-ascii: yes
        log-replies: yes
        pidfile: "/var/run/unbound/unbound.pid"
        hide-identity: yes
        hide-version: yes
        harden-glue: yes
        harden-dnssec-stripped: yes
        harden-below-nxdomain: yes
        harden-referral-path: yes
        unwanted-reply-threshold: 10000000
        prefetch: yes
        prefetch-key: yes
        rrset-roundrobin: yes
        minimal-responses: yes
        module-config: "ipsecmod validator iterator"
        trust-anchor-signaling: yes
        trusted-keys-file: /etc/unbound/keys.d/*.key
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        val-clean-additional: yes
        val-permissive-mode: no
        val-log-level: 1
        include: /etc/unbound/local.d/*.conf
        ipsecmod-enabled: no
        ipsecmod-hook: "/usr/libexec/ipsec/_unbound-hook"
python:
remote-control:
        control-enable: yes
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"
forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4
        forward-addr: 1.1.1.1
        forward-first: no
include: /etc/unbound/conf.d/*.conf

/etc/resolv.conf 内容

# Generated by NetworkManager
search privatedomain.com
nameserver 192.168.56.10

我很困惑为什么它不为 InternelDNSServer 后面的客户端寻找缓存

相关内容