我在 Ubuntu 主服务器上安装了最新的 unbound 到 Ubuntu 14.04,并在 unbound.conf 中做了一些配置。然后,重启系统。我发现系统启动后 unbound 根本不起作用。但是当我使用命令“sudoinvoke-rc.d unbound start”启动它时,我发现 unbound 启动成功了。
我检查了 /var/log/syslog,发现 unbound-anchor 在 unbound 启动系统时更新根密钥文件时出现了错误,错误如下:
unbound-anchor: /var/lib/unbound/root.key has content
unbound-anchor: fail: the anchor is NOT ok and could not be fixed
我检查了一下/etc/init.c/unbound,找到了更新根密钥的脚本。像这样
if $ROOT_TRUST_ANCHOR_UPDATE; then
unbound-anchor -a $ROOT_TRUST_ANCHOR_FILE -v 2>&1 | logger -p daemon.info -t unbound-anchor
chown unbound:unbound $ROOT_TRUST_ANCHOR_FILE
fi
我运行“ sudo unbound-anchor -a /var/lib/unbound/root.key -v 2>&1 | logger -p daemon.info -t unbound-anchor”,发现它运行良好。
我猜是 unbound-anchor 执行时权限不足之类的问题。我不知道该如何修复它。这是我在 unbound.conf 中的配置。我用 unbound-checkconf 命令检查了它,没有发现错误。
include: "/etc/unbound/unbound.conf.d/*.conf"
server:
verbosity: 5
use-syslog: no
logfile: "/var/lib/unbound/unbound.log"
log-time-ascii: yes
log-queries: no
val-log-level: 0
statistics-interval: 600
statistics-cumulative: yes
extended-statistics: yes
pidfile: "/var/lib/unbound/unbound.pid"
interface: 192.168.1.101@53
access-control: 192.168.1.0/24 allow
port: 53
outgoing-interface: 192.168.1.101
#outgoing-range: 2048
num-queries-per-thread: 1024
do-daemonize: yes
do-tcp: yes
do-udp: yes
tcp-upstream: yes
do-ip4: yes
do-ip6: no
#root-hints: "/etc/unbound/named.cache"
#dlv-anchor-file: "/var/lib/unbound/dlv.isc.org.key"
cache-min-ttl: 300
cache-max-ttl: 86400
infra-host-ttl: 900
val-bogus-ttl: 900
so-reuseport: no
num-threads: 10
prefetch: yes
prefetch-key: yes
#ssl-upstream: no
#val-permissive-mode: yes
do-not-query-localhost: yes
neg-cache-size: 0k
forward-zone:
name: "."
forward-addr: 202.60.252.9
forward-addr: 202.76.4.18
forward-addr: 202.177.2.2
forward-addr: 202.60.252.8
forward-addr: 202.181.224.2
forward-addr: 202.180.160.1
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-first: yes
任何想法?
答案1
我遇到了同样的问题,并发现在运行 unbound 之前必须正确初始化网络接口。所以我现在在后续脚本中启动 unbound。