quakemachineX

Unbound 是一款免费的相当轻量的 DNS 本地服务器软件，以前曾经做过介绍 Config Unbound On Windows。

经过测试，原来只要改一下 Unbound 的配置文件，也可以把它当 PWX-DNS-Proxy 用！

方法很简单，安装完 Unbound 后，打开安装目录下的 service.conf 文件，修改（添加）以下两行内容：（注意，此方法只适用于 Unbound 1.4.12 及其以下版本，新版的官方给出了直接参数支持的方法，详见文末）

# Enable UDP, "yes" or "no".
do-udp: no

# Enable TCP, "yes" or "no".
do-tcp: yes

这样就强制 Unbound 只监听 TCP 的 53 端口了。

优点： Unbound 是一款专业的 DNS 服务器软件，标准功能和稳定性比 PWX-DNS-Proxy 强，查询速度较快，内存占用也比 PWX-DNS-Proxy 少；

缺点： 没有 PWX-DNS-Proxy 那样可以自定义某些网站使用特定的 DNS 服务器功能，而且由于关闭了 UDP 端口监听，nslookup 命令使用默认格式不能查询域名了，必须加 -vc 参数。

更新：在 forward-zone 中可以设置怎样的域名用哪个服务器查询，类似：

# forward-zone:
# name: "."
# forward-addr: 8.8.4.4
# forward-addr: 192.168.2.1@5355 # forward to port 5355.
# forward-zone:
# name: "cn"
# forward-host: 202.96.134.133

顺便说下，路由器是 Tomato，DD-WRT 那样使用 DNSMasq 的，可以把 Unbound 或者 PWX-DNS-Proxy 的查询服务器设置为路由器 IP，利用 DNSMasq 来进行更加灵活的配置。

2011-09-19 更新，新版的 Unbound 1.4.13 应该如此配置 DNS-Over-TCP：

# if yes, perform prefetching of almost expired message cache entries.
prefetch: yes

# Enable IPv4, "yes" or "no".
do-ip4: yes

# Enable IPv6, "yes" or "no".
do-ip6: no

# Enable UDP, "yes" or "no".
do-udp: yes

# Enable TCP, "yes" or "no".
do-tcp: yes

# upstream connections use TCP only (and no UDP), "yes" or "no"
# useful for tunneling scenarios, default no.
tcp-upstream: yes

注意 do-udp 一定要是 yes，但是实际上游查询会使用 tcp；还有一个切记先用 -vc 的 nslookup 确定你的上游 DNS 服务器支持 TCP 查询，国内的貌似全关了

Unbound 1.4.13 下载

About Unbound

Unbound is a validating, recursive, and caching DNS resolver.

The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible.

First step, download Unbound ZIP files from:

http://www.unbound.net/downloads/unbound-1.4.12.zip

then extract all files to d://Unbound,

Next step,you must edit next two files so you can let it work fine on windows.

server.conf:

# Unbound configuration file on windows.
# See example.conf for more settings and syntax
server:
    directory: “d:Unbound”
    # file to read root hints from.
    # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
    root-hints: “named.cache”

    # the log file, “” means log to stderr.
    # Use of this option sets use-syslog to “no”.
    logfile: “unbound.log”

    # verbosity level 0-4 of logging
    verbosity: 0

    # on Windows, this setting makes reports go into the Application log
    # found in ControlPanels - System tasks - Logs
    use-syslog: no

    # if yes, perform prefetching of almost expired message cache entries.
    prefetch: yes

    # Enable IPv4, “yes” or “no”.
    do-ip4: yes

    # Enable IPv6, “yes” or “no”.
    do-ip6: no

    # Enable UDP, “yes” or “no”.
    do-udp: yes

    # Enable TCP, “yes” or “no”.
    do-tcp: yes

Unbound.reg:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREUnbound]
“CronAction”=”"D:Unboundanchor-update.exe" “
“InstallLocation”=”D:Unbound”
“ConfigFile”=”D:Unboundservice.conf”
“CronTime”=dword:00015180
“Start Menu Folder”=”Unbound”

Now you can run unbound-service-install.exe ,after this you will get a high performance local DNS resolver with validating, recursive, and caching(memory) function.