1. Ubuntu/20.04LTS/unbound

16.04LTSの記録を流用している。-- ToshinoriMaeno 2020-09-02 10:45:39

https://nlnetlabs.nl/documentation/unbound/unbound/

# cd /etc/unbound/
root@nve20:/etc/unbound# ls
unbound.conf    unbound_control.key  unbound_server.key
unbound.conf.d  unbound_control.pem  unbound_server.pem
root@nve20:/etc/unbound# ls -l
合計 24
-rw-r--r-- 1 root root  332 10月 26  2019 unbound.conf
drwxr-xr-x 2 root root 4096  9月  2 19:25 unbound.conf.d
-rw-r----- 1 root root 2459  9月  2 19:25 unbound_control.key
-rw-r----- 1 root root 1342  9月  2 19:25 unbound_control.pem
-rw-r----- 1 root root 2459  9月  2 19:25 unbound_server.key
-rw-r----- 1 root root 1334  9月  2 19:25 unbound_server.pem

-c cfgfile
- Set the config file with settings for unbound to read instead of reading the file at the default location, /usr/local/etc/unbound/unbound.conf.
- The syntax is described in unbound.conf(5).

harden-glue: <yes or no>

Will trust glue only if it is within the servers authority.
- Default is yes.

harden-referral-path: <yes or no>

Harden the referral path by performing additional queries for infrastructure data. Validates the replies if trust anchors are configured and the zones are signed. This enforces DNSSEC vali- dation on nameserver NS sets and the nameserver addresses that are encountered on the referral path to the answer.

Default no,
- because it burdens the authority servers, and it is not RFC standard, and could lead to performance problems because of the extra query load that is generated. Experimental option. If you enable it consider adding more numbers after the tar- get-fetch-policy to increase the max depth that is checked to.

30764 ?        Ss     0:00 unbound -c /usr/local/etc/unbound/unbound.conf

$ unbound-control get_option username
unbound

~$ unbound-control get_option chroot
/usr/local/etc/unbound

$ unbound-control get_option logfile
/etc/unbound/unbound.log

つまり、/usr/local/etc/unbound/etc/unbound　にあるunbound.logが現在のlogだ。

-- ToshinoriMaeno 2019-02-03 03:00:42

/log/003.jp

Created symlink /etc/systemd/system/multi-user.target.wants/unbound.service → /lib/syste md/system/unbound.service. Created symlink /etc/systemd/system/unbound.service.wants/unbound-resolvconf.service → / lib/systemd/system/unbound-resolvconf.service. Job for unbound.service failed because the control process exited with error code. See "systemctl status unbound.service" and "journalctl -xe" for details. Job for unbound.service failed because the control process exited with error code. See "systemctl status unbound.service" and "journalctl -xe" for details. invoke-rc.d: initscript unbound, action "start" failed.

● unbound.service - Unbound DNS server

Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Wed 2020-09-02 19:25:31

JST; 3ms ago
- Docs: man:unbound(8)
- Process: 3795 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update

(code=exited, status=0/SUCCESS)

Process: 3826 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAI

LURE)

Main PID: 3826 (code=exited, status=1/FAILURE)

systemd (245.4-4ubuntu3.2) のトリガを処理しています ... man-db (2.9.1-1) のトリガを処理しています ... libc-bin (2.31-0ubuntu9) のトリガを処理しています ...

MoinQ: Ubuntu/20.04LTS/unbound (last edited 2020-10-08 08:20:00 by ToshinoriMaeno)