{"id":2569,"date":"2017-11-10T17:40:05","date_gmt":"2017-11-10T17:40:05","guid":{"rendered":"https:\/\/tst-amo.pp.ua\/blog\/?p=2569"},"modified":"2017-11-10T18:43:46","modified_gmt":"2017-11-10T18:43:46","slug":"unbound","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=2569","title":{"rendered":"Unbound"},"content":{"rendered":"

\u0421\u043c\u043e\u0442\u0440\u0438\u043c \u0435\u0441\u0442\u044c \u043b\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b<\/p>\n

#\u00a0unbound-checkconf<\/pre>\n
\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b\u00a0unbound.conf<\/em>\u00a0\u0434\u043e\u043b\u0436\u0435\u043d \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435\u00a0\/var\/unbound.<\/em><\/p>\n
\u041d\u0430\u0431\u0438\u0440\u0430\u0435\u043c<\/p>\n
man unbound.conf<\/pre>\n
\u0438 \u0438\u0437\u0443\u0447\u0430\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u0440 \u0438 \u043e\u043f\u0446\u0438\u0438.<\/p>\n
\u041f\u0438\u0448\u0435\u043c \u043f\u043e \u043f\u043e\u0434\u043e\u0431\u0438\u044e:<\/p>\n
root@roller:\/var\/unbound # cat unbound.conf\r\nserver:\r\n\u00a0 \u00a0 \u00a0 \u00a0# \u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043b\u043e\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f - 0 (\u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0448\u0438\u0431\u043a\u0438)\r\n\u00a0 \u00a0 \u00a0 \u00a0 verbosity: 0\r\n\u00a0 \u00a0 \u00a0 \u00a0 # \u041f\u043e\u0440\u0442, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \"\u0441\u043b\u0443\u0448\u0430\u0442\u044c\" \u0437\u0430\u043f\u0440\u043e\u0441\u044b\r\n\u00a0 \u00a0 \u00a0 \u00a0 port: 53\r\n\u00a0 \u00a0 \u00a0 \u00a0 # \u041e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u044b, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u0443\u0434\u0435\u043c \"\u0441\u043b\u0443\u0448\u0430\u0442\u044c\" \u0437\u0430\u043f\u0440\u043e\u0441\u044b\r\n\u00a0 \u00a0 \u00a0 \u00a0 interface: 127.0.0.1\r\n\u00a0 \u00a0 \u00a0 \u00a0 interface: 192.168.2.162\r\n\u00a0 \u00a0 \u00a0 \u00a0# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\r\n\u00a0 \u00a0 \u00a0  \u00a0outgoing-interface: 192.168.1.134\r\n\u00a0 \u00a0 \u00a0 \u00a0# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0441\u0435\u0442\u0438, \u0447\u044c\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0431\u0443\u0434\u0435\u043c \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c\r\n\u00a0 \u00a0 \u00a0   access-control: 10.0.0.0\/24 allow\r\n\u00a0 \u00a0 \u00a0   access-control: 192.168.2.160\/28 allow\r\n\r\n\u00a0 \u00a0 # \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0437\u043e\u043d\r\n\r\n\u00a0 \u00a0 \u00a0 local-zone: \"192.2.in-addr.arpa.\" static\r\n\u00a0 \u00a0 \u00a0 local-data: \"192.2.in-addr.arpa. 10800 IN NS amo.ka.\"\r\n\u00a0 \u00a0 \u00a0 local-data: \"192.2.in-addr.arpa. 10800 IN SOA amo.ka. admin.amo.ka. 1 3600 1200 604800 10800\"\r\n\u00a0 \u00a0 \u00a0 local-data: \"162.2.168.192.in-addr.arpa. 10800 IN PTR amo.ka.\"\r\n\u00a0 \u00a0 \u00a0 local-data: \"amo.ka. 10800 IN A 192.168.2.162\"\r\n\r\n\u00a0 \u00a0 # \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c ip4 tcp\/udp \u0438 \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u0435\u043c \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443 ipv6\r\n\u00a0 \u00a0 \u00a0 do-ip4: yes\r\n\u00a0 \u00a0 \u00a0 do-ip6: no\r\n\u00a0 \u00a0 \u00a0 do-udp: yes\r\n\u00a0 \u00a0 \u00a0 do-tcp: yes\r\n\u00a0 \u00a0 # \u041e\u0442 \u0447\u044c\u0435\u0433\u043e \u0438\u043c\u0435\u043d\u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 daemon unbound\r\n\u00a0 \u00a0 \u00a0 username: unbound\r\n\u00a0 \u00a0 # \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043b\u043e\u0433-\u0444\u0430\u0439\u043b \u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 syslog\r\n\u00a0 \u00a0 \u00a0 logfile: \"unbound.log\"\r\n\u00a0 \u00a0 \u00a0 use-syslog: no\r\n\u00a0 \u00a0 # \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0443\u0442\u044c \u043a pid-\u0444\u0430\u0439\u043b\u0443\r\n\u00a0 \u00a0 \u00a0 pidfile: \"\/var\/run\/local_unbound.pid\"\r\n\u00a0 \u00a0 \u00a0# \u041f\u0440\u044f\u0447\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u044e\r\n\u00a0 \u00a0  \u00a0hide-version: yes<\/pre>\n
\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0432 \u0430\u0432\u0442\u043e\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0438 \u0441\u0442\u0430\u0440\u0442\u0443\u0435\u043c:<\/p>\n
#\u00a0unbound-checkconf\r\nunbound-checkconf: no errors in \/var\/unbound\/unbound.conf<\/pre>\n
#\u00a0echo 'local_unbound_enable=\"YES\"' >> \/etc\/rc.conf\r\n#\u00a0sh \/etc\/rc.d\/local_unbound start\r\n\r\n<\/pre>\n
\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432:<\/p>\n
drill @127.0.0.1 amo.ka\r\n\r\nroot@roller:\/var\/unbound # drill @127.0.0.1 amo.ka\r\n;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 10555\r\n;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0\r\n;; QUESTION SECTION:\r\n;; amo.ka.\u00a0 \u00a0 \u00a0 IN\u00a0 \u00a0 \u00a0 A\r\n\r\n;; ANSWER SECTION:\r\namo.ka. 10800\u00a0 \u00a0 IN\u00a0 \u00a0 A 192.168.2.162\r\n\r\n;; AUTHORITY SECTION:\r\n\r\n;; ADDITIONAL SECTION:\r\n\r\n;; Query time: 4 msec\r\n;; SERVER: 127.0.0.1\r\n;; WHEN: Fri Nov 10 21:03:37 2017\r\n;; MSG SIZE rcvd: 40<\/pre>\n
\u041f\u0435\u0440\u0435\u0433\u0440\u0443\u0436\u0430\u0435\u043c \u0441\u0435\u0440\u0432\u0438\u0441<\/p>\n
\/etc\/rc.d\/local_unbound restart\r\nStopping local_unbound.\r\nStarting local_unbound.\r\nWaiting for nameserver to start... good<\/pre>\n
\u0415\u0441\u043b\u0438 \u0432\u044b\u0432\u043e\u0434\u044f\u0442\u0441\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0442\u0438\u043f\u0430<\/p>\n
Stopping local_unbound.\r\nWaiting for PIDS: 1415.\r\nStarting local_unbound.\r\nWaiting for nameserver to start...[1457359564] unbound-control[1475:0] warning: control-enable is 'no' in the config file.\r\nerror: Error setting up SSL_CTX client key and cert\r\n676677344:error:02001002:system library:fopen:No such file or directory:\/usr\/src\/secure\/lib\/libcrypto\/..\/..\/..\/crypto\/openssl\/crypto\/bio\/bss_file.c:398:fopen('\/var\/unbound\/unbound_control.pem','r')\r\n676677344:error:20074002:BIO routines:FILE_CTRL:system lib:\/usr\/src\/secure\/lib\/libcrypto\/..\/..\/..\/crypto\/openssl\/crypto\/bio\/bss_file.c:400:\r\n676677344:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:\/usr\/src\/secure\/lib\/libssl\/..\/..\/..\/crypto\/openssl\/ssl\/ssl_rsa.c:687:\r\n.[1457359565] unbound-control[1478:0] warning: control-enable is 'no' in the config file.\r\nerror: Error setting up SSL_CTX client key and cert\r\n676677344:error:02001002:system library:fopen:No such file or\u00a0\r\n\r\n......<\/pre>\n
\u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c<\/p>\n
\/etc\/rc.d\/local_unbound setup<\/pre>\n
\u0438 \u0440\u0435\u0441\u0442\u0430\u0440\u0442\u0443\u0435\u043c \u043e\u043f\u044f\u0442\u044c.<\/p>\n
\u041d\u0430\u0441\u0442\u0440\u0430\u0432\u0430\u0435\u043c \u0443\u0442\u0438\u043b\u0438\u0442\u0443 unbound-control<\/em>\u00a0<\/strong>(\u0430\u043d\u0430\u043b\u043e\u0433 rndc \u0434\u043b\u044f named)<\/p>\n
#\u00a0unbound-control-setup<\/pre>\n
 <\/p>\n
\u041f\u0420\u041e\u0414\u041e\u041b\u0416\u0415\u041d\u0418\u0415 \u0421\u041b\u0415\u0414\u0423\u0415\u0422…<\/p>\n
 <\/p>\n
https:\/\/www.lissyara.su\/articles\/freebsd\/programms\/unbound\/<\/a><\/p>\n
https:\/\/wiki.mikbill.ru\/billing\/howto\/unbound<\/a><\/p>\n
 <\/p>\n
 <\/p>\n
\"image_pdf\"<\/a>\"image_print\"<\/a><\/div>","protected":false},"excerpt":{"rendered":"
\u0421\u043c\u043e\u0442\u0440\u0438\u043c \u0435\u0441\u0442\u044c \u043b\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b #\u00a0unbound-checkconf \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b\u00a0unbound.conf\u00a0\u0434\u043e\u043b\u0436\u0435\u043d \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435\u00a0\/var\/unbound. \u041d\u0430\u0431\u0438\u0440\u0430\u0435\u043c man unbound.conf \u0438 \u0438\u0437\u0443\u0447\u0430\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u0440 \u0438 \u043e\u043f\u0446\u0438\u0438. \u041f\u0438\u0448\u0435\u043c \u043f\u043e \u043f\u043e\u0434\u043e\u0431\u0438\u044e: root@roller:\/var\/unbound # cat unbound.conf server: \u00a0 \u00a0 \u00a0 \u00a0# \u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043b\u043e\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f – 0 (\u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0448\u0438\u0431\u043a\u0438) \u00a0 \u00a0 \u00a0 \u00a0 verbosity: 0 \u00a0 \u00a0 \u00a0 \u00a0 # \u041f\u043e\u0440\u0442, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c “\u0441\u043b\u0443\u0448\u0430\u0442\u044c” \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u00a0 \u00a0 …<\/p>\n
Continue reading ‘Unbound’ »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,50,105],"tags":[],"class_list":["post-2569","post","type-post","status-publish","format-standard","hentry","category-dns","category-freebsd","category-unbound"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2569"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2569"}],"version-history":[{"count":4,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2569\/revisions"}],"predecessor-version":[{"id":2574,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2569\/revisions\/2574"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}