- UNbound DNS server Description:
RHEL7.x comes with two kinds Bind and Unbound DNS service pack, Unbound is Red Hat recommends using the DNS server. At present, although Bind has the largest user in the world, but the old product is designed for simple network, with the rapid development of the network, Bind DNS system has become increasingly unsuited to provide services in today's complex environment of large-scale networks . Unbound is the default DNS server software under FreeBSD (like Unix) operating system, it is a powerful, safe, cross-platform (like Unix, Linux, Windows), easy to configure, and support validation, recursive (forward), buffers and other features of DNS server software - unbound dns server configuration:
(provided that the disc is mounted, yum source is configured, turn off the firewall, selinux warning mode)
- Check whether the package has been installed
[root@llh ~]# rpm -qa unbound* //检查安装包
unbound-libs-1.4.20-26.el7.x86_64
[root@llh ~]# yum list | grep ^unbound //
unbound-libs.x86_64 1.4.20-26.el7 @anaconda/7.2
unbound.x86_64 1.4.20-26.el7 base //主安装包
unbound-libs.i686 1.4.20-26.el7 base
- Install the package:
[root@llh ~]# yum install unbound -y
[root@llh ~]# rpm -qc unbound //查看相关配置文件及目录
/etc/sysconfig/unbound
/etc/unbound/conf.d/example.com.conf
/etc/unbound/keys.d/example.com.key
/etc/unbound/local.d/block-example.com.conf
/etc/unbound/unbound.conf //主(全局)配置文件
- Configure the primary configuration file
[root@llh ~]# vim /etc/unbound/unbound.conf
38 interface: 192.168.154.140 //设置监听的网络接口(默认监听localhost网络接口)
176 access-control: 192.168.154.0/24 allow //允许allow或拒绝refuse给哪些地址提供解析服务
211 username: "" //改成空字符串,表示任何用户均可访问
372 domain-insecure: "haha.edu" //跳过验证域“haha.edu”,以避免信任链验证失败
- Configuration forward zone file ---- resolution records and reverse lookup records
[root@llh ~]# cd /etc/unbound/local.d/ //模板所在目录
[root@llh local.d]# ll
total 4
-rw-rw-r--. 1 root unbound 359 Sep 22 2015 block-example.com.conf //模板
复制模板进行配置:
[root@llh local.d]# cp -p block-example.com.conf haha.edu.conf //正反向解析文件名结尾一定为.conf
[root@llh local.d]# vim haha.edu.conf
11 # 正向解析
12 local-data: "haha.edu. 86400 IN SOA ns1.haha.edu. root.haha.edu 1 1D 1H 1W 1H"
13 local-data: "ns1.haha.edu. IN A 192.168.154.140"
14 local-data: "ns2.haha.edu. IN A 192.168.154.11"
15 local-data: "www.haha.edu. IN A 192.168.154.12"
16 local-data: "web.haha.edu. IN CNAME www.haha.edu."
17 local-data: "mail.haha.edu. IN A 192.168.154.140"
18 local-data: "haha.edu. IN MX 5 mail.haha.edu."
19 #反向解析
20 local-data-ptr: "192.168.154.140 ns1.haha.edu"
21 local-data-ptr: "192.168.154.11 ns2.haha.edu"
22 local-data-ptr: "192.168.154.12 www.haha.edu"
23 local-data-ptr: "192.168.154.12 web.haha.edu"
24 local-data-ptr: "192.168.154.140 mail.haha.edu"
It can also be configured directly in the main configuration file, given with reference to the following template:
[root@dns1~]# vim /etc/unbound/unbound.conf
local-zone: "haha.edu." static //455行:设置解析的区域名
//添加以下7行local-data,以定义正向解析记录
local-data: "haha.edu. 86400 IN SOA ns1.haha.edu. root.haha.edu 1 1D 1H 1W 1H"
local-data: "ns1.haha.edu. IN A 192.168.154.140"
local-data: "ns2.haha.edu. IN A 192.168.154.11"
local-data: "www.haha.edu. IN A 192.168.154.12"
local-data: "web.haha.edu. IN CNAME www.haha.edu."
local-data: "mail.haha.edu. IN A 192.168.154.140"
local-data: "haha.edu. IN MX 5 mail.haha.edu."
//添加以下5行local-data-ptr,以定义反向解析记录
local-data-ptr: "192.168.154.140 ns1.haha.edu"
local-data-ptr: "192.168.154.11 ns2.haha.edu"
local-data-ptr: "192.168.154.12 www.haha.edu"
local-data-ptr: "192.168.154.12 web.haha.edu"
local-data-ptr: "192.168.154.140 mail.haha.edu"
- Grammar test and reboot:
[root@llh local.d]# unbound-checkconf
/etc/unbound/unbound_server.key: No such file or directory
[1584074279] unbound-checkconf[5445:0] fatal error: server-key-file: "/etc/unbound/unbound_server.key" does not exist //发现报错,显示该文件不存在
报错处理: 对报错中的文件进行注释:
[root@llh ~]# vim /etc/unbound/unbound.conf
499 #control-enable: yes
510 #server-key-file: "/etc/unbound/unbound_server.key"
513 #server-cert-file: "/etc/unbound/unbound_server.pem"
516 #control-key-file: "/etc/unbound/unbound_control.key"
519 #control-cert-file: "/etc/unbound/unbound_control.pem"
再次测试:
[root@llh local.d]# unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf //显示配置文件没有错误即配置成功
重启:
[root@llh local.d]# systemctl start unbound //启用无报错
- test:
[root@llh local.d]# nslookup
> server 192.168.154.140 //指定dns服务地址
Default server: 192.168.154.140
Address: 192.168.154.140#53
> www.haha.edu
Server: 192.168.154.140
Address: 192.168.154.140#53
Name: www.haha.edu
> set type=cname //别名测试
> web.haha.edu
Server: 192.168.154.140
Address: 192.168.154.140#53
web.haha.edu canonical name = www.haha.edu.
> set type=mx //邮件测试需指定type
> haha.edu
Server: 192.168.154.140
Address: 192.168.154.140#53
haha.edu mail exchanger = 5 mail.haha.edu.
> 192.168.154.12 //反向测试
Server: 192.168.154.140
Address: 192.168.154.140#53
12.154.168.192.in-addr.arpa name = www.haha.edu.
12.154.168.192.in-addr.arpa name = web.haha.edu.
> 192.168.154.140 //反向测试
Server: 192.168.154.140
Address: 192.168.154.140#53
140.154.168.192.in-addr.arpa name = ns1.haha.edu.
140.154.168.192.in-addr.arpa name = mail.haha.edu.
> exit //退出
或者用host测试:
[root@llh local.d]# host -t mx haha.edu 192.168.154.140
Using domain server:
Name: 192.168.154.140
Address: 192.168.154.140#53
Aliases:
haha.edu mail is handled by 5 mail.haha.edu.
You can also be configured as a permanent bind dns test file as:
[root @ Client ~] # vim /etc/resolv.conf
nameserver 192.168.154.140
