메일서버를 설치하려고 하는데 로컬 DNS 레졸루션을 사용하고 싶은데 Unbound를 수동으로 설치해서 사용하려고 했는데요Angristan용 언바운드 설치 프로그램. dig @127.0.0.1 google.caor 를 사용하여 dig google.ca테스트할 때 내가 얻는 것은
; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 google.ca
;(1개 서버 발견)
;;전역 옵션: +cmd
;;연결 시간이 초과되었습니다. 서버에 액세스할 수 없습니다.
이는 LAMP 및 기본 방화벽 설정이 모든 트래픽을 허용하도록 설정된 거의 손대지 않은 Debian 9 설치에서 수행되었습니다.
/etc/unbound/unbound.conf:
server:
root-hints: /var/lib/unbound/root.hints
auto-trust-anchor-file: /var/lib/unbound/root.key
interface: 127.0.0.1
access-control: 127.0.0.1 allow
port: 53
do-daemonize: yes
num-threads: 2
use-caps-for-id: yes
harden-glue: yes
hide-identity: yes
hide-version: yes
/etc/resolv.conf:
#nameserver 8.8.8.8
#nameserver 8.8.4.4
nameserver 127.0.0.1
/etc/호스트:
127.0.0.1 localhost
<myserverip> mail.<mysite>.ca <myhostname>
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Systemctl status -l -n100 바인딩 해제된 결과
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2017-10-22 12:36:30 PDT; 9s ago
Docs: man:unbound(8)
Process: 28745 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Process: 28740 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
Main PID: 28750 (unbound)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/unbound.service
└─28750 /usr/sbin/unbound -d
Oct 22 12:35:40 joshtism systemd[1]: Stopping Unbound DNS server...
Oct 22 12:35:40 joshtism systemd[1]: Stopped Unbound DNS server.
Oct 22 12:35:40 joshtism systemd[1]: Starting Unbound DNS server...
Oct 22 12:36:30 joshtism package-helper[28745]: /var/lib/unbound/root.key has content
Oct 22 12:36:30 joshtism package-helper[28745]: fail: the anchor is NOT ok and could not be fixed
Oct 22 12:36:30 joshtism systemd[1]: Started Unbound DNS server.
Oct 22 12:36:30 joshtism unbound[28750]: [28750:0] notice: init module 0: validator
Oct 22 12:36:30 joshtism unbound[28750]: [28750:0] notice: init module 1: iterator
Oct 22 12:36:30 joshtism unbound[28750]: [28750:0] info: start of service (unbound 1.6.0).
lsof-p 28750
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
unbound 28750 unbound cwd DIR 202,1 4096 259993 /etc/unbound
unbound 28750 unbound rtd DIR 202,1 4096 2 /
unbound 28750 unbound txt REG 202,1 1080144 25646 /usr/sbin/unbound
unbound 28750 unbound mem REG 202,1 47632 977 /lib/x86_64-linux-gnu/libnss_files-2.24.so
unbound 28750 unbound mem REG 202,1 47688 979 /lib/x86_64-linux-gnu/libnss_nis-2.24.so
unbound 28750 unbound mem REG 202,1 89064 974 /lib/x86_64-linux-gnu/libnsl-2.24.so
unbound 28750 unbound mem REG 202,1 31616 975 /lib/x86_64-linux-gnu/libnss_compat-2.24.so
unbound 28750 unbound mem REG 202,1 1063328 971 /lib/x86_64-linux-gnu/libm-2.24.so
unbound 28750 unbound mem REG 202,1 10688 988 /lib/x86_64-linux-gnu/libutil-2.24.so
unbound 28750 unbound mem REG 202,1 105088 2384 /lib/x86_64-linux-gnu/libz.so.1.2.8
unbound 28750 unbound mem REG 202,1 170128 10380 /lib/x86_64-linux-gnu/libexpat.so.1.6.2
unbound 28750 unbound mem REG 202,1 14640 970 /lib/x86_64-linux-gnu/libdl-2.24.so
unbound 28750 unbound mem REG 202,1 2686672 9755 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
unbound 28750 unbound mem REG 202,1 4580776 17708 /usr/lib/x86_64-linux-gnu/libpython3.5m.so.1.0
unbound 28750 unbound mem REG 202,1 293264 5742 /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5.1.9
unbound 28750 unbound mem REG 202,1 38904 17688 /usr/lib/x86_64-linux-gnu/libfstrm.so.0.0.0
unbound 28750 unbound mem REG 202,1 35064 17698 /usr/lib/x86_64-linux-gnu/libprotobuf-c.so.1.0.0
unbound 28750 unbound mem REG 202,1 442920 9756 /usr/lib/x86_64-linux-gnu/libssl.so.1.1
unbound 28750 unbound mem REG 202,1 1689360 966 /lib/x86_64-linux-gnu/libc-2.24.so
unbound 28750 unbound mem REG 202,1 135440 984 /lib/x86_64-linux-gnu/libpthread-2.24.so
unbound 28750 unbound mem REG 202,1 153288 959 /lib/x86_64-linux-gnu/ld-2.24.so
unbound 28750 unbound 0r CHR 1,3 0t0 6431 /dev/null
unbound 28750 unbound 1u unix 0xffff88b979d80800 0t0 237737 type=STREAM
unbound 28750 unbound 2u unix 0xffff88b979d80800 0t0 237737 type=STREAM
unbound 28750 unbound 3u IPv4 237762 0t0 UDP localhost:domain
unbound 28750 unbound 4u IPv4 237763 0t0 TCP localhost:domain (LISTEN)
unbound 28750 unbound 5u IPv6 237764 0t0 TCP localhost:8953 (LISTEN)
unbound 28750 unbound 6u IPv4 237765 0t0 TCP localhost:8953 (LISTEN)
unbound 28750 unbound 7u unix 0xffff88b97c2bc000 0t0 237766 type=DGRAM
unbound 28750 unbound 8u unix 0xffff88b9765d3800 0t0 237776 type=STREAM
unbound 28750 unbound 9u unix 0xffff88b97ac7ec00 0t0 237777 type=STREAM
unbound 28750 unbound 10u unix 0xffff88b97b107400 0t0 237778 type=STREAM
unbound 28750 unbound 11u unix 0xffff88b976515800 0t0 237779 type=STREAM
unbound 28750 unbound 12u a_inode 0,11 0 6425 [eventpoll]
unbound 28750 unbound 13u unix 0xffff88b9765d3000 0t0 237780 type=STREAM
unbound 28750 unbound 14u unix 0xffff88b97cbb7c00 0t0 237781 type=STREAM
unbound 28750 unbound 15u a_inode 0,11 0 6425 [eventpoll]
unbound 28750 unbound 16u unix 0xffff88b97c2bcc00 0t0 237782 type=STREAM
unbound 28750 unbound 17u unix 0xffff88b97c2bc800 0t0 237783 type=STREAM
unbound 28750 unbound 19u IPv4 246217 0t0 UDP *:33533
언바운드 앵커 -a /var/lib/unbound/root.key -v:
/var/lib/unbound/root.key has content
답변1
감사합니다 @b4d
모든 로컬 연결을 허용하여 해결됨
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT