Aug 28

Unbound 是一款免费的相当轻量的 DNS 本地服务器软件,以前曾经做过介绍 Config Unbound On Windows

经过测试,原来只要改一下 Unbound 的配置文件,也可以把它当 PWX-DNS-Proxy 用!

方法很简单,安装完 Unbound 后,打开安装目录下的 service.conf 文件,修改(添加)以下两行内容:(注意,此方法只适用于 Unbound 1.4.12 及其以下版本,新版的官方给出了直接参数支持的方法,详见文末

# Enable UDP, "yes" or "no".
do-udp: no

# Enable TCP, "yes" or "no".
do-tcp: yes

这样就强制 Unbound 只监听 TCP 的 53 端口了。

优点: Unbound 是一款专业的 DNS 服务器软件,标准功能和稳定性比 PWX-DNS-Proxy 强,查询速度较快,内存占用也比 PWX-DNS-Proxy 少;

缺点: 没有 PWX-DNS-Proxy 那样可以自定义某些网站使用特定的 DNS 服务器功能,而且由于关闭了 UDP 端口监听,nslookup 命令使用默认格式不能查询域名了,必须加 -vc 参数。

更新:在 forward-zone 中可以设置怎样的域名用哪个服务器查询,类似:

# forward-zone:
# name: "."
# forward-addr: 8.8.4.4
# forward-addr: 192.168.2.1@5355 # forward to port 5355.
# forward-zone:
# name: "cn"
# forward-host: 202.96.134.133

顺便说下,路由器是 Tomato,DD-WRT 那样使用 DNSMasq 的,可以把 Unbound 或者 PWX-DNS-Proxy 的查询服务器设置为路由器 IP,利用 DNSMasq 来进行更加灵活的配置。

2011-09-19 更新,新版的 Unbound 1.4.13 应该如此配置 DNS-Over-TCP:

# if yes, perform prefetching of almost expired message cache entries.
prefetch: yes

# Enable IPv4, "yes" or "no".
do-ip4: yes

# Enable IPv6, "yes" or "no".
do-ip6: no

# Enable UDP, "yes" or "no".
do-udp: yes

# Enable TCP, "yes" or "no".
do-tcp: yes

# upstream connections use TCP only (and no UDP), "yes" or "no"
# useful for tunneling scenarios, default no.
tcp-upstream: yes

注意 do-udp 一定要是 yes,但是实际上游查询会使用 tcp;还有一个切记先用 -vc 的 nslookup 确定你的上游 DNS 服务器支持 TCP 查询,国内的貌似全关了 :mrgreen:

Unbound 1.4.13 下载


Mar 26

About Deadwood

Deadwood is the code that will eventually become MaraDNS’ next recursive resolver; right now it is a stable and functioning non-recursive cache. Deadwood, unlike MaraDNS, does not need threads to resolve queries, and has features MaraDNS’ recursive cache doesn’t have, such as “resurrections” and the ability to read and write the cache to disk.

Only 34.3k ,it can write DNS items to the file and load on next start.Easy to config.(Default config can work well like a charm.)

http://maradns.org/deadwood/stable/Deadwood-3-0-02-win32.zip

My config example:



# Forward Servers we connect to

upstream_servers[“.”]=”202.14.67.4, 202.14.67.14”

#In order to enable DNS-over-TCP, this variable must be set and have a value of 1.

tcp_listen = 1

# The IP this program has

bind_address = “127.0.0.1”

# The IPs allowed to connect and use the cache

recursive_acl = “127.0.0.1/16”

# The file containing a hard-to-guess secret

random_seed_file = “secret.txt”

# This is the file Deadwood uses to read the cache to and from disk

cache_file = “dw_cache”


Mar 26

About Unbound

Unbound is a validating, recursive, and caching DNS resolver.

The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible.

First step, download Unbound ZIP files from:

http://www.unbound.net/downloads/unbound-1.4.12.zip

then extract all files to d://Unbound,

Next step,you must edit next two files so you can let it work fine on windows.

server.conf:

# Unbound configuration file on windows.
# See example.conf for more settings and syntax
server:
    directory: “d:Unbound”
    # file to read root hints from.
    # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
    root-hints: “named.cache”

    # the log file, “” means log to stderr.
    # Use of this option sets use-syslog to “no”.
    logfile: “unbound.log”

    # verbosity level 0-4 of logging
    verbosity: 0

    # on Windows, this setting makes reports go into the Application log
    # found in ControlPanels - System tasks - Logs
    use-syslog: no

    # if yes, perform prefetching of almost expired message cache entries.
    prefetch: yes

    # Enable IPv4, “yes” or “no”.
    do-ip4: yes

    # Enable IPv6, “yes” or “no”.
    do-ip6: no

    # Enable UDP, “yes” or “no”.
    do-udp: yes

    # Enable TCP, “yes” or “no”.
    do-tcp: yes

Unbound.reg:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREUnbound]
“CronAction”=”"D:Unboundanchor-update.exe" “
“InstallLocation”=”D:Unbound”
“ConfigFile”=”D:Unboundservice.conf”
“CronTime”=dword:00015180
“Start Menu Folder”=”Unbound”

Now you can run unbound-service-install.exe ,after this you will get a high performance local DNS resolver with validating, recursive, and caching(memory) function.