未绑定网络的 DNS 解析器

未绑定网络的 DNS 解析器

我实际上正在尝试为我的本地网络创建一个 DNS 解析器,为此,我选择使用 unbound,因此我将它安装在 Arch Linux 服务器上,并且它可以工作,但仅适用于本地机器(127.0.0.1),不适用于网络(我想将其打开到 192.168.0.1-192.168.0.30 范围内的 IP,我认为对应于 192.168.0.0/27),但我找不到我的配置文件出了什么问题,当我在本地机器上执行“dig @127.0.0.1 example.com”或“dig @192.168.0.2 example.com”时,解析器只是响应,但当我在网络的其他计算机(如果你想知道的话,是 192.168.0.4)上执行时却没有响应,我没有从 unbound 收到任何错误,它似乎只是没有从属于本地网络的计算机获取请求。

这是我使用的配置文件:

server:
# Maximum verbosity
verbosity: 5

# Answer queries from
# The local machine
interface: 127.0.0.1
interface: ::1
# The local machine on the network
interface: 192.168.0.2

# Default DNS port
port: 53

# Save in cache for an hour to a day
cache-min-ttl: 3600
cache-max-ttl: 86400

# Enable IPv4, IPv6, UDP and TCP requests
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes

# Launch in a deamon (temporarily disabled)
# do-daemonize: yes

# Deny all the Internet (temporarily refuse)
access-control: 0.0.0.0/0 refuse
access-control: ::0/0 refuse
# Allow localhost
access-control: 127.0.0.1 allow
access-control: ::1 allow
# Allow network from 192.168.0.0 to 192.168.0.30
access-control: 192.168.0.0/27 allow
access-control: 2001:db8::/108 allow

# List of DNS root zone (automatically downloaded every 5 days with a CRON)
root-hints: "named.cache"

# Hide identity and version
hide-identity: yes
hide-version: yes

# Localhost
private-address: 127.0.0.1
private-address: ::1
# Network
private-address: 192.168.0.0/27
private-address: 2001:db8::/108

# Prevent from resolving network IPs
do-not-query-address: 192.168.0.0/27
do-not-query-localhost: yes

# Prefetch old-cached DNS responses
prefetch: yes

提前感谢您的回复。

答案1

检查防火墙是否正在运行。防火墙将允许本地答案,但会丢弃入站查询。

相关内容