有关 unbound 的 ssl-upstream 功能，高手求解

我设置了 OARC 的 DNS-over-TLS 的服务器，见： https://www.dns-oarc.net/oarc/services/dnsprivacy

我的配置文件：

# Unbound configuration file on windows.
# See example.conf for more settings and syntax
server:
# verbosity level 0-4 of logging
verbosity: 0

# if you want to log to a file use
logfile: "D:\unbound.log"

# on Windows, this setting makes reports go into the Application log
# found in ControlPanels - System tasks - Logs
use-syslog: no

# ip address to bind
interface: 127.0.0.1

# port to operate
port: 53

# if yes, perform prefetching of almost expired message cache entries.
prefetch: yes

# use dns-over-tls
ssl-upstream: yes

forward-zone:
name: "."
forward-addr: 184.105.193.78@853

但是 DNS 查询就是不断地超时：

nslookup zh.wikipedia.org 127.0.0.1
服务器: localhost
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** 请求 localhost 超时

高手求解？

testcaoy7

2016-11-23 17:59:20 +08:00

@flyfishcn 上游服务可用，用 tdns-client-proxy （ https://ant.isi.edu/software/tdns/tdns-client-proxy/index.html ）在 ubuntu 下测试过了，看来是 unbound 的问题

legend4

2016-11-24 00:37:10 +08:00

@testcaoy7 别鬼迷心窍了，你没看 OARC 页面介绍( https://www.dns-oarc.net/oarc/services/dnsprivacy)里说的很清楚的，这个 DNS 服务商要收集查询记录、数据用作研究的，无论是你个人用，还是局域网公用，都不建议用这个，为什么不考虑 dnscrypt+unbound+opennic 的组合
PS: 我也尝试了， unbound 里语法没问题，查询没有成功，仔细看过 OARC 要记录用户查询数据，直接放弃

这是一个专为移动设备优化的页面（即为了让你能够在 Google 搜索结果里秒开这个页面），如果你希望参与 V2EX 社区的讨论，你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/321915

V2EX 是创意工作者们的社区，是一个分享自己正在做的有趣事物、交流想法，可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.