找回密码
 注册
搜索
热搜: 超星 读书 找书
查看: 2929|回复: 0

[【推荐】] 使用 Unbound 创建DNS服务器

[复制链接]
发表于 2009-8-6 14:44:52 | 显示全部楼层 |阅读模式
1 Installing Unbound

下载、安装unbound;

wget http://www.unbound.net/downloads/unbound-latest.tar.gz

tar xvfz unbound-latest.tar.gz

cd unbound-1.0.2/

./configure --prefix=/usr/local

make
   make install

# 添加 unbound 运行用户组和用户

groupadd unbound

useradd -d /var/unbound -m -g unbound -s /bin/false unbound

mkdir -p /var/unbound/var/run
chown -R unbound:unbound /var/unbound
ln -s /var/unbound/var/run/unbound.pid /var/run/unbound.pid

下载root nameserver.



cd /var/unbound
wget ftp://ftp.internic.net/domain/named.cache

注: root nameserver 记录了各 Top domain 分别是由哪些 DNS server 负责. 比如说要找 www.google.com 时, root nameserver 会告诉 local DNS server 哪部 name server 负责 .com 这个 domain, 然后 local dns 再向负责 .com 的 name server 询问关于 google.com 是哪部 name server 在负责. 最后 local DNS 就可以向负责 google.com 的 name server 问到有关 www. google.com 的资料.



2 Configuring Unbound

创建/var/unbound/unbound.conf. 也可以在unbound 源代码下的doc目录中找到一个example.conf. 同样可以访问 http://www.unbound.net/documentation/unbound.conf.html 查看帮助信息.



下面添加一个\"sip.com\"的 zone作为示例配置文件



vi /var/unbound/unbound.conf
server:
    verbosity: 1
    interface: 0.0.0.0
    port: 53
    do-ip4: yes
    do-ip6: no
    do-udp: yes
    do-tcp: yes
    do-daemonize: yes
    access-control: 0.0.0.0/0 allow
    #access-control: 0.0.0.0/0 refuse
    #access-control: 127.0.0.0/8 allow
    chroot: \"/var/unbound\"
    username: \"unbound\"
    directory: \"/var/unbound\"
    use-syslog: no
    pidfile: \"/var/run/unbound.pid\"
    root-hints: \"/var/unbound/named.cache\"
    local-zone: \"sip.com.\" static
    local-data: \"sip.com. 86400 IN SOA primary.sip.com kzy.sip.com. 200809031843 28800 7200 604800 86400\"
    local-data: \"sip.com. 86400 IN NS primary.sip.com.\"
    local-data: \"sip.com. 86400 IN NS secondary.sip.com.\"
    local-data: \"primary.sip.com. 86400 IN A 192.168.1.7\"
    local-data: \"secondary.sip.com. 86400 IN A 192.168.1.8\"
    local-data: \"www.sip.com. 86400 IN A 192.168.1.9\"
    local-data: \"ftp.sip.com. 86400 IN A 192.168.1.10\"




这里添加了4个域名:

primary.sip.com

secondary.sip.com

www.sip.com

ftp.sip.com

都是IPv4 地址. 可以看出unbound 的zone config 与bind的zone file 实际上差不多,只是没有bind那么简化而已.使用unbound-checkconf 检查配置文件是否有错误:

cd /usr/local/sbin/

./unbound-checkconf unbound.conf
unbound-checkconf: no errors in unbound.conf


运行unbound,这里以debug模式运行:

cd /usr/local/sbin/

./unbound -d -c /var/unbound/unbound.conf -vvvv

......



测试unbound:

echo \"nameserver 127.0.0.1\" > /etc/resolv.conf

dig primary.sip.com

; <<>> DiG 9.5.0b2 <<>> primary.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18034
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;primary.sip.com.        IN   A

;; ANSWER SECTION:
primary.sip.com.    86400  IN   A    192.168.1.7

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 49



dig secondary.sip.com

; <<>> DiG 9.5.0b2 <<>> secondary.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25490
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;secondary.sip.com.       IN   A

;; ANSWER SECTION:
secondary.sip.com.   86400  IN   A    192.168.1.8

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 51




dig www.sip.com

; <<>> DiG 9.5.0b2 <<>> www.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30835
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.sip.com.          IN   A

;; ANSWER SECTION:
www.sip.com.      86400  IN   A    192.168.1.9

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 45




dig ftp.sip.com

; <<>> DiG 9.5.0b2 <<>> ftp.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19037
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ftp.sip.com.          IN   A

;; ANSWER SECTION:
ftp.sip.com.      86400  IN   A    192.168.1.10

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 45

所有测试正常,unbound运行正常!可以添加一个脚本到/etc/init.d/,使用unbound作为system service启动!


3 Links

  * Unbound: http://www.unbound.net/index.html
  * Debian: http://www.debian.org
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|网上读书园地

GMT+8, 2024-11-3 02:19 , Processed in 0.169712 second(s), 5 queries , Redis On.

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表