{"id":3367,"date":"2026-05-28T15:29:04","date_gmt":"2026-05-28T07:29:04","guid":{"rendered":"https:\/\/jir.idv.tw\/wordpress\/?p=3367"},"modified":"2026-05-28T15:58:22","modified_gmt":"2026-05-28T07:58:22","slug":"unbound-dns%e6%90%ad%e9%85%8dadguard-home%e4%bd%bf%e7%94%a8%e7%9a%84%e8%a8%ad%e5%ae%9a","status":"publish","type":"post","link":"https:\/\/jir.idv.tw\/wordpress\/?p=3367","title":{"rendered":"Unbound DNS Resolver\u642d\u914dAdGuard Home\u6a94\u5ee3\u544a\u4f7f\u7528\u7684\u8a2d\u5b9a"},"content":{"rendered":"<p>AdGuard Home (AGH) \u9810\u8a2d\u662f\u505a\u70ba\u300cDNS \u8f49\u767c\u5668\u300d\uff0c\u5c07\u7db2\u57df\u89e3\u6790\u5de5\u4f5c\u4ea4\u7d66\u5916\u90e8\u516c\u5171 DNS \u4f3a\u670d\u5668\u3002<br \/>\n\u4f46\u9019\u610f\u5473\u8457\u6240\u6709\u7684\u700f\u89bd\u8db3\u8de1\uff08\u4f7f\u7528\u8005\u5728\u67e5\u4efb\u4f55\u7db2\u5740\uff09\u90fd\u6703\u66b4\u9732\u7d66\u7b2c\u4e09\u65b9\uff08\u5982 Google\/ISP\u7db2\u8def\u4f9b\u61c9\u5546\uff09\u3002<br \/>\n\u6240\u4ee5\uff0c\u82e5\u5728\u672c\u5730\u8ffd\u52a0\u67b6\u8a2d Unbound \u505a\u70ba AGH \u7684\u552f\u4e00\u4e0a\u6e38\uff0c\u9019\u6a23\u6703\u6709\u4ec0\u9ebc\u597d\u8655\u5462\uff1a<br \/>\n\u7db2\u8def\u700f\u89bd\u96b1\u79c1\u8207\u5b89\u5168\uff1a \u900f\u904e\u555f\u7528 DNSSEC\uff08\u9632\u6b62 DNS \u6c61\u67d3\/\u7be1\u6539\uff09\u8207 QNAME Minimisation\uff08\u6700\u5c0f\u5316\u6b0a\u5a01\u67e5\u8a62\uff0c\u6975\u81f4\u4fdd\u8b77\u700f\u89bd\u96b1\u79c1\uff09\u3002<br \/>\n\u6975\u901f\u7684\u672c\u5730\u5feb\u53d6\u6a5f\u5236\uff1a \u900f\u904e\u5feb\u53d6\uff08Cache\uff09\u8a2d\u8a08\uff0cUnbound \u8207 AGH \u6703\u5c07\u5e38\u7528\u7db2\u57df\u7684 IP \u7d00\u9304\u5f37\u5236\u7559\u5b58\u5728\u672c\u6a5f\u8a18\u61b6\u9ad4\uff08RAM\uff09\u4e2d\u3002\u5f8c\u7e8c\u5168\u5bb6\u5167\u7db2\u8a2d\u5099\u518d\u6b21\u8a2a\u554f\u76f8\u540c\u7db2\u7ad9\u6642\uff0c\u76f4\u63a5\u5728\u5340\u57df\u7db2\u8def\u5167\u4ee5 0ms \u79d2\u56de\uff0c\u5927\u5e45\u58d3\u4f4e DNS \u89e3\u6790\u968e\u6bb5\u7684\u5ef6\u9072\u3002<br \/>\n\u5169\u8005\u642d\u914d\u4f7f\u7528\u662f\u517c\u9867\u300c\u7db2\u8def\u63a7\u5236\u6b0a\uff08AGH \u64cb\u5ee3\u544a\uff09\u300d\u8207\u300c\u5e95\u5c64\u89e3\u6790\u5b89\u5168\uff08Unbound \u9632\u6c61\u67d3\uff09\u300d\u7684\u81ea\u5efaDNS\u4f3a\u670d\u5668\u7684\u512a\u8cea\u7d44\u5408\u3002<\/p>\n<p>\u5b89\u88dd\u5957\u4ef6\uff1a<br \/>\nsudo apt update<br \/>\nsudo apt install unbound<br \/>\nPS. WIN10\/11\u4e5f\u6709\u5957\u4ef6\u80fd\u88dd\uff0c\u8a73\u7d30\u53ef\u4ee5\u770b\u5b98\u65b9\u7db2\u7ad9\uff1a<br \/>\n<a href=\"https:\/\/nlnetlabs.nl\/projects\/unbound\/about\/\" target=\"_blank\" rel=\"noopener\">https:\/\/nlnetlabs.nl\/projects\/unbound\/about\/<\/a><\/p>\n<p>\u5b89\u88dd\u597d\u5957\u4ef6\u5f8c\uff0c\u6211\u5011\u8981\u65b0\u589e\u4e00\u500b\u9069\u7528\u7684\u8a2d\u5b9a\u6a94\uff1a<br \/>\nsudo nano \/etc\/unbound\/unbound.conf.d\/00-JIRcustom.conf<br \/>\n<code>server:<br \/>\n    # \u53ea\u5728\u672c\u6a5f\u56de\u61c9\u67e5\u8a62<br \/>\n    interface: 127.0.0.1<br \/>\n    port: 5335<br \/>\n    # \u50c5\u5141\u8a31\u672c\u6a5f\u7a0b\u5f0f\uff08\u5982 AdGuard Home\uff09\u67e5\u8a62<br \/>\n    access-control: 127.0.0.0\/8 allow<br \/>\n    # \u555f\u7528 DNSSEC \u9a57\u8b49\u8207\u5b89\u5168\u52a0\u56fa<br \/>\n    val-log-level: 1<br \/>\n    harden-dnssec-stripped: yes<br \/>\n    harden-glue: yes<br \/>\n    harden-below-nxdomain: yes<br \/>\n    harden-referral-path: yes<br \/>\n    harden-algo-downgrade: yes<br \/>\n    harden-large-queries: yes<br \/>\n    # \u555f\u7528 QNAME minimisation\uff08\u96b1\u79c1\u5f37\u5316\uff09<br \/>\n    qname-minimisation: yes<br \/>\n    aggressive-nsec: yes<br \/>\n    # \u5feb\u53d6\u512a\u5316\uff08\u4f9d RAM \u8abf\u6574\uff09<br \/>\n    msg-cache-size: 50m<br \/>\n    rrset-cache-size: 100m<br \/>\n    cache-min-ttl: 3600<br \/>\n    cache-max-ttl: 86400<br \/>\n    # \u7db2\u8def\u6027\u80fd\u8a2d\u5b9a<br \/>\n    num-threads: 2<br \/>\n    so-rcvbuf: 4m<br \/>\n    so-sndbuf: 4m<br \/>\n    # \u65e5\u8a8c\uff08\u53ef\u9078\uff09<br \/>\n    #logfile: \"\/var\/log\/unbound\/unbound.log\"<br \/>\n    #verbosity: 1<br \/>\n# \u6839\u4f3a\u670d\u5668\u67e5\u8a62\uff08\u9810\u8a2d\u905e\u8ff4\uff09<br \/>\n# \u4e0d\u4f7f\u7528\u4efb\u4f55\u4e0a\u6e38\uff0c\u76f4\u63a5\u67e5 Root DNS<br \/>\n# \u8b8a\u66f4\u70ba\u8f49\u767c\u6a21\u5f0f\uff0c\u6539\u7531\u53f0\u7063\u6700\u5feb\u3001\u5168\u7403\u6700\u7a69\u7684\u516c\u5171 DNS \u5e6b\u6211\u5011\u8dd1\u817f<br \/>\nforward-zone:<br \/>\n    name: \".\"<br \/>\n    # \u53f0\u7063\u672c\u5730\u6975\u901f\uff1a\u4e2d\u83ef\u96fb\u4fe1 IPv4 & IPv6<br \/>\n    forward-addr: 168.95.1.1<br \/>\n    forward-addr: 168.95.192.1<br \/>\n    forward-addr: 2001:b000:168::1<br \/>\n    forward-addr: 2001:b000:168::2<br \/>\n    # \u5168\u7403\u6700\u7a69\uff1aGoogle DNS IPv4 & IPv6<br \/>\n    forward-addr: 8.8.8.8<br \/>\n    forward-addr: 8.8.4.4<br \/>\n    forward-addr: 2001:4860:4860::8888<br \/>\n    forward-addr: 2001:4860:4860::8844<br \/>\n<\/code><\/p>\n<p>\u89e3\u6790\u7684\u7de9\u885d\u5340\u5feb\u53d6\u914d\u5408\u8a2d\u5b9a\u6a94\uff0c\u6539\u62104MB\u4f54\u7528\u7a7a\u9593\u3002<br \/>\n<code># \u66ab\u6642\u751f\u6548<br \/>\nsudo sysctl -w net.core.rmem_max=4194304<br \/>\nsudo sysctl -w net.core.wmem_max=4194304<br \/>\n# \u6c38\u4e45\u751f\u6548\uff08\u5beb\u5165 sysctl.conf\uff09<br \/>\necho \"net.core.rmem_max=4194304\" | sudo tee -a \/etc\/sysctl.conf<br \/>\necho \"net.core.wmem_max=4194304\" | sudo tee -a \/etc\/sysctl.conf<\/code><\/p>\n<p>\u8a2d\u5b9a\u597d\u4e86\u4ee5\u5f8c\uff0c\u53ef\u4ee5\u555f\u52d5\u548c\u78ba\u8a8d\u662f\u4e0d\u662f\u6709\u5176\u4ed6\u554f\u984c\uff1a<br \/>\n<code>sudo unbound-checkconf<br \/>\nsudo systemctl restart unbound<br \/>\nsudo systemctl status unbound<\/code><\/p>\n<p>\u5982\u679c\u555f\u7528\u5f8c\uff0c\u6c92\u6709\u7570\u5e38\u554f\u984c\u7684\u8a71\u3002<br \/>\n\u53ef\u4ee5\u5148\u9019\u6a23\u9a57\u8b49\u89e3\u6790\u7684\u901f\u5ea6\u3002<br \/>\n<code>\u7b2c\u4e00\u6b21\uff1a<br \/>\ndig @127.0.0.1 -p 5335 google.com | grep \"Query time\"<br \/>\n\u9694\u500b\u5e7e\u79d2\u5f8c\u518d\u4e00\u6b21\uff1a<br \/>\ndig @127.0.0.1 -p 5335 google.com | grep \"Query time\"<\/code><br \/>\n\u61c9\u8a72\u6703\u770b\u5230\u6709\u5feb\u53d6\u7d00\u9304\u5f8c\uff0c\u89e3\u6790\u7db2\u5740\u7684\u901f\u5ea6\u6703\u8b8a\u8d85\u5feb\u3002<\/p>\n<p>\u63a5\u8457\u5c31\u53ef\u4ee5\u628aAGH2\u4e0a\u6e38\u7684 DNS \u4f3a\u670d\u5668\uff0c\u5168\u90e8\u5c31\u53ea\u7559\u4e00\u500b127.0.0.1:5335\u3002<br \/>\n\u8b93\u4ed6\u5c08\u5fc3\u5730\u8655\u7406\u6bd4\u5c0d\u5c01\u9396\u7684\u7db2\u5740\u5c31\u597d\uff0c\u800cDNS\u89e3\u6790\u7684\u90e8\u5206\u5c31\u4ea4\u7d66unbound\u672c\u6a5f\u7aef\u8655\u7406\u4e86\u3002<\/p>\n<p>\u7136\u5f8c\uff0c\u53ef\u4ee5\u6aa2\u67e5\u662f\u4e0d\u662f\u89e3\u6790\u7684\u901f\u5ea6\u548c\u5c01\u5305\u6bd4\u7387\u6709\u6c92\u6709\u96a8\u8457\u6642\u9593\u6539\u5584\uff1a<br \/>\n<code>sudo unbound-control stats_noreset | grep -E \"exceeded|recursion.time.avg|cachehits|cachemiss\"<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>AdGuard Home (AGH) \u9810\u8a2d\u662f\u505a\u70ba\u300cDNS \u8f49\u767c\u5668\u300d\uff0c\u5c07\u7db2\u57df\u89e3\u6790\u5de5\u4f5c\u4ea4\u7d66\u5916\u90e8\u516c\u5171 DNS \u4f3a\u670d\u5668\u3002 \u4f46\u9019\u610f\u5473\u8457\u6240\u6709\u7684\u700f\u89bd\u8db3\u8de1\uff08\u4f7f\u7528\u8005\u5728\u67e5\u4efb\u4f55\u7db2\u5740\uff09\u90fd\u6703\u66b4\u9732\u7d66\u7b2c\u4e09\u65b9\uff08\u5982 Google\/ISP\u7db2\u8def\u4f9b\u61c9\u5546\uff09\u3002 \u6240\u4ee5\uff0c\u82e5\u5728\u672c\u5730\u8ffd\u52a0\u67b6\u8a2d Unbound \u505a\u70ba AGH \u7684\u552f\u4e00\u4e0a\u6e38\uff0c\u9019\u6a23\u6703\u6709\u4ec0\u9ebc\u597d\u8655\u5462\uff1a \u7db2\u8def\u700f\u89bd\u96b1\u79c1\u8207\u5b89\u5168\uff1a \u900f\u904e\u555f\u7528 DNSSEC\uff08\u9632\u6b62 DNS \u6c61\u67d3\/\u7be1\u6539\uff09\u8207 QNAME Minimisation\uff08\u6700\u5c0f\u5316\u6b0a\u5a01\u67e5\u8a62\uff0c\u6975\u81f4\u4fdd\u8b77\u700f\u89bd\u96b1\u79c1\uff09\u3002 \u6975\u901f\u7684\u672c\u5730\u5feb\u53d6\u6a5f\u5236\uff1a \u900f\u904e\u5feb\u53d6\uff08Cache\uff09\u8a2d\u8a08\uff0cUnbound \u8207 AGH \u6703\u5c07\u5e38\u7528\u7db2\u57df\u7684 IP \u7d00\u9304\u5f37\u5236\u7559\u5b58\u5728\u672c\u6a5f\u8a18\u61b6\u9ad4\uff08RAM\uff09\u4e2d\u3002\u5f8c\u7e8c\u5168\u5bb6\u5167\u7db2\u8a2d\u5099\u518d\u6b21\u8a2a\u554f\u76f8\u540c\u7db2\u7ad9\u6642\uff0c\u76f4\u63a5\u5728\u5340\u57df\u7db2\u8def\u5167\u4ee5 0ms \u79d2\u56de\uff0c\u5927\u5e45\u58d3\u4f4e DNS \u89e3\u6790\u968e\u6bb5\u7684\u5ef6\u9072\u3002 \u5169\u8005\u642d\u914d\u4f7f\u7528\u662f\u517c\u9867\u300c\u7db2\u8def\u63a7\u5236\u6b0a\uff08AGH \u64cb\u5ee3\u544a\uff09\u300d\u8207\u300c\u5e95\u5c64\u89e3\u6790\u5b89\u5168\uff08Unbound \u9632\u6c61\u67d3\uff09\u300d\u7684\u81ea\u5efaDNS\u4f3a\u670d\u5668\u7684\u512a\u8cea\u7d44\u5408\u3002 \u5b89\u88dd\u5957\u4ef6\uff1a sudo apt update sudo apt install unbound PS. WIN10\/11\u4e5f\u6709\u5957\u4ef6\u80fd\u88dd\uff0c\u8a73\u7d30\u53ef\u4ee5\u770b\u5b98\u65b9\u7db2\u7ad9\uff1a https:\/\/n&#8230; <a href=\"https:\/\/jir.idv.tw\/wordpress\/?p=3367\" class=\"readmore\">Read more (\u5b8c\u6574\u6587\u7ae0\u5167\u5bb9)<span class=\"screen-reader-text\">Unbound DNS Resolver\u642d\u914dAdGuard Home\u6a94\u5ee3\u544a\u4f7f\u7528\u7684\u8a2d\u5b9a<\/span><span class=\"fa fa-angle-double-right\" aria-hidden=\"true\"><\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-3367","post","type-post","status-publish","format-standard","hentry","category-4","content-layout-excerpt-thumb"],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3367"}],"version-history":[{"count":5,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3367\/revisions"}],"predecessor-version":[{"id":3372,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3367\/revisions\/3372"}],"wp:attachment":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}