Après avoir installé pi-hole sur mon mini pc, j'ai entrepris d'installer unbound mais je rencontre des soucis.
Je pense que ça doit venir du service dns par défaut sur Linux mint.
J'ai modifié le port par défaut pour ne pas utiliser le même que pihole.
Si quelqu'un a une idée, voici qques logs
code : Tout sélectionner
root@arlong-MINI-S:/home/arlong# sudo grep -v ‘#\|^$’ -R /etc/unbound/unbound.conf* /etc/unbound/unbound.conf:server:
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # The verbosity number, level 0 means no verbosity, only errors.
/etc/unbound/unbound.conf: # Level 1 gives operational information. Level 2 gives detailed /etc/unbound/unbound.conf: # operational information. Level 3 gives query level information,
/etc/unbound/unbound.conf: # output per query. Level 4 gives algorithm level information. /etc/unbound/unbound.conf: # Level 5 logs client identification for cache misses. Default is /etc/unbound/unbound.conf: # level 1.
/etc/unbound/unbound.conf: verbosity: 0 /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: interface: 127.0.0.1 /etc/unbound/unbound.conf: port: 5335 /etc/unbound/unbound.conf: do-ip4: yes /etc/unbound/unbound.conf: do-udp: yes /etc/unbound/unbound.conf: do-tcp: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # May be set to yes if you have IPv6 connectivity /etc/unbound/unbound.conf: do-ip6: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # You want to leave this to no unless you have *native* IPv6. With 6to4 and
/etc/unbound/unbound.conf: # Terredo tunnels your web browser should favor IPv4 for the same reasons /etc/unbound/unbound.conf: prefer-ip6: no /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Use this only when you downloaded the list of primary root servers! /etc/unbound/unbound.conf: # Read the root hints from this file. Make sure to /etc/unbound/unbound.conf: # update root.hints evry 5-6 months. /etc/unbound/unbound.conf: root-hints: "/var/lib/unbound/root.hints" /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Trust glue only if it is within the servers authority /etc/unbound/unbound.conf: harden-glue: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Ignore very large queries.
/etc/unbound/unbound.conf: harden-large-queries: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
/etc/unbound/unbound.conf: # If you want to disable DNSSEC, set harden-dnssec stripped: no
/etc/unbound/unbound.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Number of bytes size to advertise as the EDNS reassembly buffer /etc/unbound/unbound.conf: # size. This is the value put into datagrams over UDP towards /etc/unbound/unbound.conf: # peers. The actual buffer size is determined by msg-buffer-size /etc/unbound/unbound.conf: # (both for TCP and UDP). /etc/unbound/unbound.conf: edns-buffer-size: 1232
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Rotates RRSet order in response (the pseudo-random
/etc/unbound/unbound.conf: # number is taken from Ensure privacy of local IP /etc/unbound/unbound.conf: # ranges the query ID, for speed and thread safety).
/etc/unbound/unbound.conf: # private-address: 192.168.0.0/16
/etc/unbound/unbound.conf: rrset-roundrobin: yes
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Time to live minimum for RRsets and messages in the cache. If the minimum /etc/unbound/unbound.conf: # kicks in, the data is cached for longer than the domain owner intended, /etc/unbound/unbound.conf: # and thus less queries are made to look up the data. Zero makes sure the /etc/unbound/unbound.conf: # data in the cache is as the domain owner intended, higher values, /etc/unbound/unbound.conf: # especially more than an hour or so, can lead to trouble as the data in /etc/unbound/unbound.conf: # the cache does not match up with the actual data anymore /etc/unbound/unbound.conf: cache-min-ttl: 300
/etc/unbound/unbound.conf: cache-max-ttl: 86400 /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Have unbound attempt to serve old responses from cache with a TTL of 0 in /etc/unbound/unbound.conf: # the response without waiting for the actual resolution to finish. The /etc/unbound/unbound.conf: # actual resolution answer ends up in the cache later on. /etc/unbound/unbound.conf: serve-expired: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Harden against algorithm downgrade when multiple algorithms are /etc/unbound/unbound.conf: # advertised in the DS record. /etc/unbound/unbound.conf: harden-algo-downgrade: yes/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Ignore very small EDNS buffer sizes from queries. /etc/unbound/unbound.conf: harden-short-bufsize: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Refuse id.server and hostname.bind queries /etc/unbound/unbound.conf: hide-identity: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Report this identity rather than the hostname of the server.
/etc/unbound/unbound.conf: identity: "Server" /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Refuse version.server and version.bind queries
/etc/unbound/unbound.conf: hide-version: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Prevent the unbound server from forking into the background as a daemon
/etc/unbound/unbound.conf: do-daemonize: no /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Number of bytes size of the aggressive negative cache.
/etc/unbound/unbound.conf: neg-cache-size: 4m /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Send minimum amount of information to upstream servers to enhance privacy /etc/unbound/unbound.conf: qname-minimisation: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Deny queries of type ANY with an empty response.
/etc/unbound/unbound.conf: # Works only on version 1.8 and above
/etc/unbound/unbound.conf: deny-any: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Do no insert authority/additional sections into response messages when /etc/unbound/unbound.conf: # those sections are not required. This reduces response size
/etc/unbound/unbound.conf: # significantly, and may avoid TCP fallback for some responses. This may
/etc/unbound/unbound.conf: # cause a slight speedup /etc/unbound/unbound.conf: minimal-responses: yes
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Perform prefetching of close to expired message cache entries /etc/unbound/unbound.conf: # This only applies to domains that have been frequently queried /etc/unbound/unbound.conf: # This flag updates the cached domains /etc/unbound/unbound.conf: prefetch: yes
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Fetch the DNSKEYs earlier in the validation process, when a DS record is /etc/unbound/unbound.conf: # encountered. This lowers the latency of requests at the expense of little /etc/unbound/unbound.conf: # more CPU usage. /etc/unbound/unbound.conf: prefetch-key: yes
/etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # One thread should be sufficient, can be increased on beefy machines. In reality for /etc/unbound/unbound.conf: # most users running on small networks or on a single machine, it should be unnecessary /etc/unbound/unbound.conf: # to seek performance enhancement by increasing num-threads above 1. /etc/unbound/unbound.conf: num-threads: 1 /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # more cache memory. rrset-cache-size should twice what msg-cache-size is. /etc/unbound/unbound.conf: msg-cache-size: 50m /etc/unbound/unbound.conf: rrset-cache-size: 100m
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Faster UDP with multithreading (only on Linux).
/etc/unbound/unbound.conf: so-reuseport: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Ensure kernel buffer is large enough to not lose messages in traffix spikes
/etc/unbound/unbound.conf: so-rcvbuf: 4m /etc/unbound/unbound.conf: so-sndbuf: 4m
/etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Set the total number of unwanted replies to keep track of in every thread.
/etc/unbound/unbound.conf: # When it reaches the threshold, a defensive action of clearing the rrset /etc/unbound/unbound.conf: # and message caches is taken, hopefully flushing away any poison. /etc/unbound/unbound.conf: # Unbound suggests a value of 10 million. /etc/unbound/unbound.conf: unwanted-reply-threshold: 100000 /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Minimize logs /etc/unbound/unbound.conf: # Do not print one line per query to the log /etc/unbound/unbound.conf: log-queries: no /etc/unbound/unbound.conf: # Do not print one line per reply to the log
/etc/unbound/unbound.conf: log-replies: no /etc/unbound/unbound.conf: # Do not print log lines that say why queries return SERVFAIL to clients /etc/unbound/unbound.conf: log-servfail: no /etc/unbound/unbound.conf: # Do not print log lines to inform about local zone actions
/etc/unbound/unbound.conf: log-local-actions: no /etc/unbound/unbound.conf: # Do not print log lines that say why queries return SERVFAIL to clients /etc/unbound/unbound.conf: logfile: /dev/null /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Ensure privacy of local IP ranges /etc/unbound/unbound.conf: private-address: 192.168.0.0/16 /etc/unbound/unbound.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf: private-address: 172.16.0.0/12 /etc/unbound/unbound.conf: private-address: 10.0.0.0/8 /etc/unbound/unbound.conf: private-address: fd00::/8 /etc/unbound/unbound.conf: private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:server: /etc/unbound/unbound.conf.d/pi-hole.conf: # If no logfile is specified, syslog is used /etc/unbound/unbound.conf.d/pi-hole.conf: # logfile: "/var/log/unbound/unbound.log" /etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335 /etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf: # May be set to yes if you have IPv6 connectivity
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: yes/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf: # You want to leave this to no unless you have *native* IPv6. With 6to4 and
/etc/unbound/unbound.conf.d/pi-hole.conf: # Terredo tunnels your web browser should favor IPv4 for the same reasons /etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Use this only when you downloaded the list of primary root servers! /etc/unbound/unbound.conf.d/pi-hole.conf: # If you use the default dns-root-data package, unbound will find it automatically
/etc/unbound/unbound.conf.d/pi-hole.conf: #root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Trust glue only if it is within the server's authority
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS /etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes /etc/unbound/unbound.conf.d/pi-hole.conf: # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Reduce EDNS reassembly buffer size. /etc/unbound/unbound.conf.d/pi-hole.conf: # IP fragmentation is unreliable on the Internet today, and can cause
/etc/unbound/unbound.conf.d/pi-hole.conf: # transmission failures when large DNS messages are sent via UDP. Even /etc/unbound/unbound.conf.d/pi-hole.conf: # when fragmentation does work, it may not be secure; it is theoretically
/etc/unbound/unbound.conf.d/pi-hole.conf: # possible to spoof parts of a fragmented DNS message, without easy
/etc/unbound/unbound.conf.d/pi-hole.conf: # detection at the receiving end. Recently, there was an excellent study /etc/unbound/unbound.conf.d/pi-hole.conf: # >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
/etc/unbound/unbound.conf.d/pi-hole.conf: # by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/)
/etc/unbound/unbound.conf.d/pi-hole.conf: # in collaboration with NLnet Labs explored DNS using real world data from the
/etc/unbound/unbound.conf.d/pi-hole.conf: # the RIPE Atlas probes and the researchers suggested different values for /etc/unbound/unbound.conf.d/pi-hole.conf: # IPv4 and IPv6 and in different scenarios. They advise that servers should /etc/unbound/unbound.conf.d/pi-hole.conf: # be configured to limit DNS messages sent over UDP to a size that will not /etc/unbound/unbound.conf.d/pi-hole.conf: # trigger fragmentation on typical network links. DNS servers can switch
/etc/unbound/unbound.conf.d/pi-hole.conf: # from UDP to TCP when a DNS response is too big to fit in this limited /etc/unbound/unbound.conf.d/pi-hole.conf: # buffer size. This value has also been suggested in DNS Flag Day 2020. /etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232 /etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf: # Perform prefetching of close to expired message cache entries
/etc/unbound/unbound.conf.d/pi-hole.conf: # This only applies to domains that have been frequently queried
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1. /etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1 /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Ensure kernel buffer is large enough to not lose messages in traffic spikes /etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Ensure privacy of local IP ranges /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:
grep: /etc/unbound/unbound.conf.d/.pi-hole.conf.swp : fichiers binaires correspondent
root@arlong-MINI-S:/home/arlong# sudo grep -v ‘#\|^$’ -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:server: /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # The verbosity number, level 0 means no verbosity, only errors.
/etc/unbound/unbound.conf: # Level 1 gives operational information. Level 2 gives detailed /etc/unbound/unbound.conf: # operational information. Level 3 gives query level information,
/etc/unbound/unbound.conf: # output per query. Level 4 gives algorithm level information.
/etc/unbound/unbound.conf: # Level 5 logs client identification for cache misses. Default is /etc/unbound/unbound.conf: # level 1. /etc/unbound/unbound.conf: verbosity: 0 /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: interface: 127.0.0.1 /etc/unbound/unbound.conf: port: 5335
/etc/unbound/unbound.conf: do-ip4: yes /etc/unbound/unbound.conf: do-udp: yes
/etc/unbound/unbound.conf: do-tcp: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # May be set to yes if you have IPv6 connectivity
/etc/unbound/unbound.conf: do-ip6: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # You want to leave this to no unless you have *native* IPv6. With 6to4 and
/etc/unbound/unbound.conf: # Terredo tunnels your web browser should favor IPv4 for the same reasons
/etc/unbound/unbound.conf: prefer-ip6: no /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Use this only when you downloaded the list of primary root servers! /etc/unbound/unbound.conf: # Read the root hints from this file. Make sure to
/etc/unbound/unbound.conf: # update root.hints evry 5-6 months.
/etc/unbound/unbound.conf: root-hints: "/var/lib/unbound/root.hints" /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Trust glue only if it is within the servers authority /etc/unbound/unbound.conf: harden-glue: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Ignore very large queries. /etc/unbound/unbound.conf: harden-large-queries: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS /etc/unbound/unbound.conf: # If you want to disable DNSSEC, set harden-dnssec stripped: no
/etc/unbound/unbound.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Number of bytes size to advertise as the EDNS reassembly buffer
/etc/unbound/unbound.conf: # size. This is the value put into datagrams over UDP towards /etc/unbound/unbound.conf: # peers. The actual buffer size is determined by msg-buffer-size /etc/unbound/unbound.conf: # (both for TCP and UDP).
/etc/unbound/unbound.conf: edns-buffer-size: 1232 /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Rotates RRSet order in response (the pseudo-random
/etc/unbound/unbound.conf: # number is taken from Ensure privacy of local IP
/etc/unbound/unbound.conf: # ranges the query ID, for speed and thread safety).
/etc/unbound/unbound.conf: # private-address: 192.168.0.0/16
/etc/unbound/unbound.conf: rrset-roundrobin: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Time to live minimum for RRsets and messages in the cache. If the minimum /etc/unbound/unbound.conf: # kicks in, the data is cached for longer than the domain owner intended, /etc/unbound/unbound.conf: # and thus less queries are made to look up the data. Zero makes sure the
/etc/unbound/unbound.conf: # data in the cache is as the domain owner intended, higher values, /etc/unbound/unbound.conf: # especially more than an hour or so, can lead to trouble as the data in /etc/unbound/unbound.conf: # the cache does not match up with the actual data anymore /etc/unbound/unbound.conf: cache-min-ttl: 300 /etc/unbound/unbound.conf: cache-max-ttl: 86400 /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Have unbound attempt to serve old responses from cache with a TTL of 0 in /etc/unbound/unbound.conf: # the response without waiting for the actual resolution to finish. The /etc/unbound/unbound.conf: # actual resolution answer ends up in the cache later on. /etc/unbound/unbound.conf: serve-expired: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Harden against algorithm downgrade when multiple algorithms are /etc/unbound/unbound.conf: # advertised in the DS record. /etc/unbound/unbound.conf: harden-algo-downgrade: yes
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Ignore very small EDNS buffer sizes from queries. /etc/unbound/unbound.conf: harden-short-bufsize: yes
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Refuse id.server and hostname.bind queries /etc/unbound/unbound.conf: hide-identity: yes
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Report this identity rather than the hostname of the server. /etc/unbound/unbound.conf: identity: "Server" /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Refuse version.server and version.bind queries /etc/unbound/unbound.conf: hide-version: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Prevent the unbound server from forking into the background as a daemon
/etc/unbound/unbound.conf: do-daemonize: no /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Number of bytes size of the aggressive negative cache. /etc/unbound/unbound.conf: neg-cache-size: 4m /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Send minimum amount of information to upstream servers to enhance privacy /etc/unbound/unbound.conf: qname-minimisation: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Deny queries of type ANY with an empty response. /etc/unbound/unbound.conf: # Works only on version 1.8 and above
/etc/unbound/unbound.conf: deny-any: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Do no insert authority/additional sections into response messages when
/etc/unbound/unbound.conf: # those sections are not required. This reduces response size
/etc/unbound/unbound.conf: # significantly, and may avoid TCP fallback for some responses. This may
/etc/unbound/unbound.conf: # cause a slight speedup /etc/unbound/unbound.conf: minimal-responses: yes
/etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Perform prefetching of close to expired message cache entries /etc/unbound/unbound.conf: # This only applies to domains that have been frequently queried /etc/unbound/unbound.conf: # This flag updates the cached domains /etc/unbound/unbound.conf: prefetch: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Fetch the DNSKEYs earlier in the validation process, when a DS record is /etc/unbound/unbound.conf: # encountered. This lowers the latency of requests at the expense of little
/etc/unbound/unbound.conf: # more CPU usage. /etc/unbound/unbound.conf: prefetch-key: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # One thread should be sufficient, can be increased on beefy machines. In reality for
/etc/unbound/unbound.conf: # most users running on small networks or on a single machine, it should be unnecessary /etc/unbound/unbound.conf: # to seek performance enhancement by increasing num-threads above 1. /etc/unbound/unbound.conf: num-threads: 1 /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # more cache memory. rrset-cache-size should twice what msg-cache-size is. /etc/unbound/unbound.conf: msg-cache-size: 50m /etc/unbound/unbound.conf: rrset-cache-size: 100m
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Faster UDP with multithreading (only on Linux). /etc/unbound/unbound.conf: so-reuseport: yes /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Ensure kernel buffer is large enough to not lose messages in traffix spikes /etc/unbound/unbound.conf: so-rcvbuf: 4m
/etc/unbound/unbound.conf: so-sndbuf: 4m /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf: # Set the total number of unwanted replies to keep track of in every thread.
/etc/unbound/unbound.conf: # When it reaches the threshold, a defensive action of clearing the rrset /etc/unbound/unbound.conf: # and message caches is taken, hopefully flushing away any poison.
/etc/unbound/unbound.conf: # Unbound suggests a value of 10 million.
/etc/unbound/unbound.conf: unwanted-reply-threshold: 100000
/etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Minimize logs
/etc/unbound/unbound.conf: # Do not print one line per query to the log /etc/unbound/unbound.conf: log-queries: no
/etc/unbound/unbound.conf: # Do not print one line per reply to the log
/etc/unbound/unbound.conf: log-replies: no
/etc/unbound/unbound.conf: # Do not print log lines that say why queries return SERVFAIL to clients
/etc/unbound/unbound.conf: log-servfail: no
/etc/unbound/unbound.conf: # Do not print log lines to inform about local zone actions /etc/unbound/unbound.conf: log-local-actions: no /etc/unbound/unbound.conf: # Do not print log lines that say why queries return SERVFAIL to clients /etc/unbound/unbound.conf: logfile: /dev/null /etc/unbound/unbound.conf: /etc/unbound/unbound.conf: # Ensure privacy of local IP ranges /etc/unbound/unbound.conf: private-address: 192.168.0.0/16 /etc/unbound/unbound.conf: private-address: 169.254.0.0/16 /etc/unbound/unbound.conf: private-address: 172.16.0.0/12 /etc/unbound/unbound.conf: private-address: 10.0.0.0/8 /etc/unbound/unbound.conf: private-address: fd00::/8 /etc/unbound/unbound.conf: private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: # If no logfile is specified, syslog is used /etc/unbound/unbound.conf.d/pi-hole.conf: # logfile: "/var/log/unbound/unbound.log"
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1 /etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes/etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # May be set to yes if you have IPv6 connectivity /etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # You want to leave this to no unless you have *native* IPv6. With 6to4 and /etc/unbound/unbound.conf.d/pi-hole.conf: # Terredo tunnels your web browser should favor IPv4 for the same reasons /etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Use this only when you downloaded the list of primary root servers!
/etc/unbound/unbound.conf.d/pi-hole.conf: # If you use the default dns-root-data package, unbound will find it automatically /etc/unbound/unbound.conf.d/pi-hole.conf: #root-hints: "/var/lib/unbound/root.hints" /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Trust glue only if it is within the server's authority /etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS /etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes /etc/unbound/unbound.conf.d/pi-hole.conf: # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details /etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Reduce EDNS reassembly buffer size. /etc/unbound/unbound.conf.d/pi-hole.conf: # IP fragmentation is unreliable on the Internet today, and can cause /etc/unbound/unbound.conf.d/pi-hole.conf: # transmission failures when large DNS messages are sent via UDP. Even
/etc/unbound/unbound.conf.d/pi-hole.conf: # when fragmentation does work, it may not be secure; it is theoretically /etc/unbound/unbound.conf.d/pi-hole.conf: # possible to spoof parts of a fragmented DNS message, without easy/etc/unbound/unbound.conf.d/pi-hole.conf: # detection at the receiving end. Recently, there was an excellent study /etc/unbound/unbound.conf.d/pi-hole.conf: # >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
/etc/unbound/unbound.conf.d/pi-hole.conf: # by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/) /etc/unbound/unbound.conf.d/pi-hole.conf: # in collaboration with NLnet Labs explored DNS using real world data from the /etc/unbound/unbound.conf.d/pi-hole.conf: # the RIPE Atlas probes and the researchers suggested different values for /etc/unbound/unbound.conf.d/pi-hole.conf: # IPv4 and IPv6 and in different scenarios. They advise that servers should /etc/unbound/unbound.conf.d/pi-hole.conf: # be configured to limit DNS messages sent over UDP to a size that will not /etc/unbound/unbound.conf.d/pi-hole.conf: # trigger fragmentation on typical network links. DNS servers can switch
/etc/unbound/unbound.conf.d/pi-hole.conf: # from UDP to TCP when a DNS response is too big to fit in this limited /etc/unbound/unbound.conf.d/pi-hole.conf: # buffer size. This value has also been suggested in DNS Flag Day 2020. /etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232 /etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf: # Perform prefetching of close to expired message cache entries
/etc/unbound/unbound.conf.d/pi-hole.conf: # This only applies to domains that have been frequently queried /etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1. /etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1 /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Ensure kernel buffer is large enough to not lose messages in traffic spikes
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m /etc/unbound/unbound.conf.d/pi-hole.conf: /etc/unbound/unbound.conf.d/pi-hole.conf: # Ensure privacy of local IP ranges /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10 /etc/unbound/unbound.conf.d/pi-hole.conf: grep: /etc/unbound/unbound.conf.d/.pi-hole.conf.swp : fichiers binaires correspondent root@arlong-MINI-S:/home/arlong#
code : Tout sélectionner
root@arlong-MINI-S:/home/arlong# dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335 ;; communications error to 127.0.0.1#5335: connection refused ;; communications error to 127.0.0.1#5335: connection refused root@arlong-MINI-S:/home/arlong#
code : Tout sélectionner
root@arlong-MINI-S:/home/arlong# sudo service unbound restart dig pi-hole.net @127.0.0.1 -p 5335 Job for unbound.service failed because the control process exited with error code. See "systemctl status unbound.service" and "journalctl -xeu unbound.service" for details. ;; communications error to 127.0.0.1#5335: connection refused root@arlong-MINI-S:/home/arlong#
code : Tout sélectionner
root@arlong-MINI-S:/home/arlong# systemctl status unbound.service × unbound.service - Unbound DNS server Loaded: loaded (/lib/systemd/system/unbound.servic> Active: failed (Result: exit-code) since Sat 2022-> Docs: man:unbound(8) Process: 11509 ExecStartPre=/usr/lib/unbound/packag> Process: 11512 ExecStartPre=/usr/lib/unbound/packag> Process: 11515 ExecStart=/usr/sbin/unbound -d -p $D> Process: 11516 ExecStopPost=/usr/lib/unbound/packag> Main PID: 11515 (code=exited, status=1/FAILURE) CPU: 59ms déc 24 11:00:06 arlong-MINI-S systemd[1]: unbound.servi>déc 24 11:00:06 arlong-MINI-S systemd[1]: Stopped Unbou>déc 24 11:00:06 arlong-MINI-S systemd[1]: unbound.servi>
déc 24 11:00:06 arlong-MINI-S systemd[1]: unbound.servi>déc 24 11:00:06 arlong-MINI-S systemd[1]: Failed to sta>
lines 1-16/16 (END)
Envoyé de mon Mi 10T pro en utilisant Tapatalk