|
1 Installing Unbound
下载、安装unbound;
wget http://www.unbound.net/downloads/unbound-latest.tar.gz
tar xvfz unbound-latest.tar.gz
cd unbound-1.0.2/
./configure --prefix=/usr/local
make
make install
# 添加 unbound 运行用户组和用户
groupadd unbound
useradd -d /var/unbound -m -g unbound -s /bin/false unbound
mkdir -p /var/unbound/var/run
chown -R unbound:unbound /var/unbound
ln -s /var/unbound/var/run/unbound.pid /var/run/unbound.pid
下载root nameserver.
cd /var/unbound
wget ftp://ftp.internic.net/domain/named.cache
注: root nameserver 记录了各 Top domain 分别是由哪些 DNS server 负责. 比如说要找 www.google.com 时, root nameserver 会告诉 local DNS server 哪部 name server 负责 .com 这个 domain, 然后 local dns 再向负责 .com 的 name server 询问关于 google.com 是哪部 name server 在负责. 最后 local DNS 就可以向负责 google.com 的 name server 问到有关 www. google.com 的资料.
2 Configuring Unbound
创建/var/unbound/unbound.conf. 也可以在unbound 源代码下的doc目录中找到一个example.conf. 同样可以访问 http://www.unbound.net/documentation/unbound.conf.html 查看帮助信息.
下面添加一个\"sip.com\"的 zone作为示例配置文件
vi /var/unbound/unbound.conf
server:
verbosity: 1
interface: 0.0.0.0
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 allow
#access-control: 0.0.0.0/0 refuse
#access-control: 127.0.0.0/8 allow
chroot: \"/var/unbound\"
username: \"unbound\"
directory: \"/var/unbound\"
use-syslog: no
pidfile: \"/var/run/unbound.pid\"
root-hints: \"/var/unbound/named.cache\"
local-zone: \"sip.com.\" static
local-data: \"sip.com. 86400 IN SOA primary.sip.com kzy.sip.com. 200809031843 28800 7200 604800 86400\"
local-data: \"sip.com. 86400 IN NS primary.sip.com.\"
local-data: \"sip.com. 86400 IN NS secondary.sip.com.\"
local-data: \"primary.sip.com. 86400 IN A 192.168.1.7\"
local-data: \"secondary.sip.com. 86400 IN A 192.168.1.8\"
local-data: \"www.sip.com. 86400 IN A 192.168.1.9\"
local-data: \"ftp.sip.com. 86400 IN A 192.168.1.10\"
这里添加了4个域名:
primary.sip.com
secondary.sip.com
www.sip.com
ftp.sip.com
都是IPv4 地址. 可以看出unbound 的zone config 与bind的zone file 实际上差不多,只是没有bind那么简化而已.使用unbound-checkconf 检查配置文件是否有错误:
cd /usr/local/sbin/
./unbound-checkconf unbound.conf
unbound-checkconf: no errors in unbound.conf
运行unbound,这里以debug模式运行:
cd /usr/local/sbin/
./unbound -d -c /var/unbound/unbound.conf -vvvv
......
测试unbound:
echo \"nameserver 127.0.0.1\" > /etc/resolv.conf
dig primary.sip.com
; <<>> DiG 9.5.0b2 <<>> primary.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18034
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;primary.sip.com. IN A
;; ANSWER SECTION:
primary.sip.com. 86400 IN A 192.168.1.7
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 49
dig secondary.sip.com
; <<>> DiG 9.5.0b2 <<>> secondary.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25490
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;secondary.sip.com. IN A
;; ANSWER SECTION:
secondary.sip.com. 86400 IN A 192.168.1.8
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 51
dig www.sip.com
; <<>> DiG 9.5.0b2 <<>> www.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30835
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.sip.com. IN A
;; ANSWER SECTION:
www.sip.com. 86400 IN A 192.168.1.9
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 45
dig ftp.sip.com
; <<>> DiG 9.5.0b2 <<>> ftp.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19037
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ftp.sip.com. IN A
;; ANSWER SECTION:
ftp.sip.com. 86400 IN A 192.168.1.10
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 45
所有测试正常,unbound运行正常!可以添加一个脚本到/etc/init.d/,使用unbound作为system service启动!
3 Links
* Unbound: http://www.unbound.net/index.html
* Debian: http://www.debian.org |
|