unbound dns解析出现问题，寻求解决之道

已经在FreeBSD系统配置了unbound dns服务器，过程见：https://skywalk.blog.csdn.net/article/details/157738723

问题1 除dns服务器外所有机器无法解析内网域名

已经配置好了dns服务器，其它机器已经指向了192.168.1.5这台dns服务器，但都都无法解析内网域名。

比如ub12.example.local ，用nslookup，配置server为192.168.1.5，结果还是解析不出来：

nslookup
Default Server:  cmcc.sd.chinamobile.com
Address:  211.137.191.26

> ub12.example.local
Server:  cmcc.sd.chinamobile.com
Address:  211.137.191.26

*** cmcc.sd.chinamobile.com can't find ub12.example.local: Non-existent domain
> server 192.168.1.5
Default Server:  [192.168.1.5]
Address:  192.168.1.5

> ub12.example.local
Server:  [192.168.1.5]
Address:  192.168.1.5

*** [192.168.1.5] can't find ub12.example.local: Non-existent domain

ping就更ping不出来了

先去看unbound服务，发现状态正常。

去检查dns服务器的配置，发现我把example.local和intranet.local弄混了，原来的配置：

# 本地域名解析
local-zone: "intranet.local." static
local-data: "fb5.intranet.local. IN A 192.168.1.5"
local-data: "ub19.intranet.local. IN A 192.168.1.19"
local-data: "mail.example.local. IN A 192.168.1.19"
#local-data: "example.local. IN A 192.168.1.19"
local-data: "ub12.intranet.local. IN A 192.168.1.12"
local-data: "truenas.intranet.local. IN A 192.168.1.101"

现在修改的配置

# 本地域名解析
local-zone: "intranet.local." static
local-data: "fb5.intranet.local. IN A 192.168.1.5"
local-data: "ub19.intranet.local. IN A 192.168.1.19"
local-data: "ub19.example.local. IN A 192.168.1.19"
local-data: "mail.example.local. IN A 192.168.1.19"
local-data: "ub12.intranet.local. IN A 192.168.1.12"
local-data: "truenas.intranet.local. IN A 192.168.1.101"

也就是原来忘记写example.local的域名了。现在加上，然后重启unbound服务：

sudo vservice unbound restart

用ub12测试，还是没有解析，原来是还没有加上ub12的解析，用ub19的解析，发现正常：

> ub12.example.local
Server:  [192.168.1.5]
Address:  192.168.1.5

*** [192.168.1.5] can't find ub12.example.local: Non-existent domain
> ub19.example.local
Server:  [192.168.1.5]
Address:  192.168.1.5

Name:    ub19.example.local
Address:  192.168.1.19

本地解析再加上一点

# 本地域名解析
local-zone: "intranet.local." static
local-zone: "example.local." static

问题2 一台ubuntu22系统ping无法解析域名

现在解决了第一个问题，用一台windows系统测试，域名解析ok。

用一台linux ubuntu22服务器测试，nslookup可以通过，但是ping解析失败：

ping ub12.example.local
ping: ub12.example.local: Temporary failure in name resolution


nslookup
> server 192.168.1.5
Default server: 192.168.1.5
Address: 192.168.1.5#53
> ub12.example.local
Server:         192.168.1.5
Address:        192.168.1.5#53

Name:   ub12.example.local
Address: 192.168.1.12

应该是dns那里有问题，问题是我netplan配置好了啊。用cat /etc/resolv.conf 看看配置：

cat /etc/resolv.conf
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search .

这样看确实有问题，再用resolvectl dns 看一下：

resolvectl dns
Global:
Link 2 (enp0s20): 192.168.1.5
Link 3 (br-73080573ea21):
Link 4 (docker0):

这样看这个dns正常啊。用dig看一下

dig ub12.example.local

; <<>> DiG 9.18.39-0ubuntu0.22.04.2-Ubuntu <<>> ub12.example.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55731
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ub12.example.local.            IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Feb 07 11:47:33 UTC 2026
;; MSG SIZE  rcvd: 47

它还是查找的127，没有查找dns服务器。直接用nslookup，也是直接用的本地127 dns：

nslookup ub12.example.local
;; Got SERVFAIL reply from 127.0.0.53
Server:         127.0.0.53
Address:        127.0.0.53#53

** server can't find ub12.example.local: SERVFAIL

用host测试解析也是：

host ub12.example.local
Host ub12.example.local not found: 2(SERVFAIL)

为什么它的dns解析没有去找192.168.1.5，而是找了本地127 ？

resolvectl dns
Global:
Link 2 (enp0s20): 192.168.1.5
Link 3 (br-73080573ea21):
Link 4 (docker0):
skywalk@ub19:~$ nslookup ub12.example.local
;; Got SERVFAIL reply from 127.0.0.53
Server:         127.0.0.53
Address:        127.0.0.53#53

** server can't find ub12.example.local: SERVFAIL

AI建议

从你的输出可以看出，系统使用的是 systemd-resolved 服务来管理 DNS 解析，而 127.0.0.53 是该服务在本地监听的存根解析器地址，这是正常现象。

虽然 resolvectl dns 显示全局 DNS 设置为 192.168.1.5，但 nslookup 仍然使用 127.0.0.53 进行解析，这是因为 systemd-resolved 服务会将所有 DNS 查询转发到其本地监听的地址，而不是直接使用你配置的 DNS 服务器。

要解决这个问题，你需要配置 systemd-resolved 使用你指定的 DNS 服务器：

编辑文件：/etc/systemd/resolved.conf 加上内容：

DNS=192.168.1.5

重启服务：

sudo systemctl restart systemd-resolved

还是没有搞定！

resolvectl dns
Global: 192.168.1.5
Link 2 (enp0s20): 192.168.1.5
Link 3 (br-73080573ea21):
Link 4 (docker0):

ping ub12.example.local
ping: ub12.example.local: Temporary failure in name resolution



nslookup
> ub12.example.local
;; Got SERVFAIL reply from 127.0.0.53
Server:         127.0.0.53
Address:        127.0.0.53#53

** server can't find ub12.example.local: SERVFAIL

看看systemd-resolved的状态：

sudo service systemd-resolved status
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2026-02-07 12:23:08 UTC; 3min 8s ago
       Docs: man:systemd-resolved.service(8)
             man:org.freedesktop.resolve1(5)
             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
   Main PID: 30080 (systemd-resolve)
     Status: "Processing requests..."
      Tasks: 1 (limit: 2217)
     Memory: 5.4M
        CPU: 531ms
     CGroup: /system.slice/systemd-resolved.service
             └─30080 /lib/systemd/systemd-resolved

Feb 07 12:23:08 ub19 systemd-resolved[30080]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr>
Feb 07 12:23:08 ub19 systemd-resolved[30080]: Using system hostname 'ub19'.
Feb 07 12:23:08 ub19 systemd[1]: Started Network Name Resolution.
Feb 07 12:23:19 ub19 systemd-resolved[30080]: Clock change detected. Flushing caches.

解决了问题

用这个方法解决了问题，删除文件/etc/resolv.conf，然后重新建立链接：

sudo rm /etc/resolv.conf
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

nslookup ub12.example.local
Server:         192.168.1.5
Address:        192.168.1.5#53

Name:   ub12.example.local
Address: 192.168.1.12

ping ub12.example.local
PING ub12.example.local (192.168.1.12) 56(84) bytes of data.
64 bytes from 192.168.1.12 (192.168.1.12): icmp_seq=1 ttl=64 time=4.59 ms
64 bytes from 192.168.1.12 (192.168.1.12): icmp_seq=2 ttl=64 time=0.428 ms

总结

刚开始出现问题的时候，感觉非常灵异，隔了一个晚上就不行了？ dns服务正常啊？

后来发现是自己脑子晕，用没有配置的域名进行测试，那可不就解析不出来呗。

仔细检查配置文件，修改配置文件，把错误都修正，问题就解决了！

第二个问题是ubuntu特有的问题，它除了要在netplan里面配置正确dns，还需要删除文件/etc/resolv.conf，然后重新建立链接：

sudo rm /etc/resolv.conf
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

两个问题交织在一起，就达到了走近科学的那种烧脑情景。