Centos 7安装unbound

发布时间:2017-11-22 23:17:13编辑:admin阅读(8040)

    1.关闭firewall:

    #停止firewall

    systemctl stop firewalld.service

    #禁止firewall开机启动

    systemctl disable firewalld.service


    2.永久关闭

    vi /etc/selinux/config

    将SELINUX=enforcing改为SELINUX=disabled 

    设置后需要重启才能生效


    下面开始正式安装unbound

    3.安装unbound

    yum -y install unbound

    清理缓存

    yum clean all

    重启服务

    systemctl restart unbound  

    设置开机启动

    systemctl enable unbound


    4.备份配置文件

    cd /etc/unbound/

    mv unbound.conf unbound.conf.bak

    5.编辑配置文件

    vim unbound.conf

    注释的地方,全部被我删除了!

    完整内容如下:


    server:

    verbosity: 1

    statistics-interval: 0

    statistics-cumulative: no

    extended-statistics: yes

    num-threads: 2

    #监听地址

    interface: 0.0.0.0


    interface-automatic: no

    #让所有主机能够向本机查询DNS

    access-control: 0.0.0.0/0 allow

    chroot: ""

    #安全起见,禁用服务用户(DNS 的服务用户为 unbound)

    username: ""

    directory: "/etc/unbound"

    log-time-ascii: yes

    pidfile: "/var/run/unbound/unbound.pid"

    harden-glue: yes

    harden-dnssec-stripped: yes

    harden-below-nxdomain: yes

    harden-referral-path: yes

    use-caps-for-id: no

    unwanted-reply-threshold: 10000000

    prefetch: yes

    prefetch-key: yes

    rrset-roundrobin: yes

    minimal-responses: yes

    trusted-keys-file: /etc/unbound/keys.d/*.key

    auto-trust-anchor-file: "/var/lib/unbound/root.key"

    val-clean-additional: yes

    val-permissive-mode: no

    val-log-level: 1

    include: /etc/unbound/local.d/*.conf

    remote-control:

    control-enable: yes

    server-key-file: "/etc/unbound/unbound_server.key"

    server-cert-file: "/etc/unbound/unbound_server.pem"

    control-key-file: "/etc/unbound/unbound_control.key"

    control-cert-file: "/etc/unbound/unbound_control.pem"

    include: /etc/unbound/conf.d/*.conf


    6.验证配置文件是否正确

    unbound-checkconf

    提示以下内容,就说明没有错误

    unbound-checkconf: no errors in /etc/unbound/unbound.conf


    重启unbound服务

    systemctl restart unbound

    7.查看监听端口,53号端口是否存在

    [root@localhost unbound]# netstat -tunlp |grep unbound

    tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      2382/unbound        

    tcp        0      0 127.0.0.1:8953          0.0.0.0:*               LISTEN      2382/unbound        

    tcp6       0      0 ::1:8953                :::*                    LISTEN      2382/unbound        

    udp        0      0 0.0.0.0:53              0.0.0.0:*                           2382/unbound  


    8.创建新的配置文件,这里以example.com为例:

    vim /etc/unbound/local.d/example.conf

    内容如下:


    local-zone: "example.com." static

    local-data: "example.com. 86400 IN SOA ns.example.com. root 1 1D 1H 1W 1H"

    local-data: "ns.example.com. IN A 192.168.10.10"

    local-data: "linuxprobe.example.com. IN A 192.168.10.10"

    local-data-ptr: "192.168.10.10 ns.example.com."

    local-data-ptr: "192.168.10.10 linuxprobe.example.com."


    9.编辑本机网卡配置文件

    vim /etc/sysconfig/network-scripts/ifcfg-eth0

    主要配置如下:

    .....

    #系统启动时激活网卡

    ONBOOT=yes

    #静态IP地址

    IPADDR="192.168.78.133"

    #子网掩码

    PREFIX="24"

    #网关地址

    GATEWAY="192.168.78.2"

    #DNS地址,指向本机

    DNS1=192.168.78.133


    重启网络服务

    systemctl restart network


    10.安装解析工具

    yum install -y bind-utils

    测试解析

    [root@localhost ~]# nslookup 

    > linuxprobe.example.com.

    Server:192.168.78.133

    Address:192.168.78.133#53


    Name:linuxprobe.example.com

    Address: 192.168.10.10

    > exit


    域名解析正确!!!





关键字

上一篇: 清理Linux内存

下一篇: unbound主从