使用 Unbound 创建DNS服务器

 

1 Installing Unbound

下载、安装unbound;

wget http://www.unbound.net/downloads/unbound-latest.tar.gz

tar xvfz unbound-latest.tar.gz

cd unbound-1.0.2/

./configure --prefix=/usr/local

 make
     make install

# 添加 unbound 运行用户组和用户

groupadd unbound

useradd -d /var/unbound -m -g unbound -s /bin/false unbound

mkdir -p /var/unbound/var/run
chown -R unbound:unbound /var/unbound
ln -s /var/unbound/var/run/unbound.pid /var/run/unbound.pid

下载root  nameserver.

 

cd /var/unbound
wget ftp://ftp.internic.net/domain/named.cache

注: root nameserver 记录了各 Top domain 分别是由哪些 DNS server 负责. 比如说要找 www.google.com , root nameserver 会告诉 local DNS server 哪部 name server 负责 .com 这个 domain, 然后 local dns 再向负责 .com name server 询问关于 google.com 是哪部 name server 在负责. 最后 local DNS 就可以向负责 google.com name server 问到有关 www. google.com 的资料.

 

2 Configuring Unbound

创建/var/unbound/unbound.conf.  也可以在unbound 源代码下的doc目录中找到一个example.conf.  同样可以访问 http://www.unbound.net/documentation/unbound.conf.html 查看帮助信息.

 

下面添加一个"sip.com"的 zone作为示例配置文件

 

vi /var/unbound/unbound.conf

server:
        verbosity: 1
        interface: 0.0.0.0
        port: 53
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        access-control: 0.0.0.0/0 allow
        #access-control: 0.0.0.0/0 refuse
        #access-control: 127.0.0.0/8 allow
        chroot: "/var/unbound"
        username: "unbound"
        directory: "/var/unbound"
        use-syslog: no
        pidfile: "/var/run/unbound.pid"
        root-hints: "/var/unbound/named.cache"
        local-zone: "sip.com." static
        local-data: "sip.com. 86400 IN SOA primary.sip.com kzy.sip.com. 200809031843 28800 7200 604800 86400"
        local-data: "sip.com. 86400 IN NS primary.sip.com."
        local-data: "sip.com. 86400 IN NS secondary.sip.com."
        local-data: "primary.sip.com. 86400 IN A 192.168.1.7"
        local-data: "secondary.sip.com. 86400 IN A 192.168.1.8"
        local-data: "
www.sip.com. 86400 IN A 192.168.1.9"
        local-data: "
ftp.sip.com. 86400 IN A 192.168.1.10"
 

 

这里添加了4个域名:

primary.sip.com

secondary.sip.com

www.sip.com

ftp.sip.com

都是IPv4 地址. 可以看出unbound 的zone config 与bind的zone file 实际上差不多,只是没有bind那么简化而已.使用unbound-checkconf 检查配置文件是否有错误:

cd /usr/local/sbin/

./unbound-checkconf unbound.conf
unbound-checkconf: no errors in unbound.conf


运行unbound,这里以debug模式运行:

cd /usr/local/sbin/

./unbound -d -c /var/unbound/unbound.conf -vvvv

......

 

测试unbound:

echo "nameserver 127.0.0.1" > /etc/resolv.conf

dig  primary.sip.com

; <<>> DiG 9.5.0b2 <<>> primary.sip.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18034
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;primary.sip.com.               IN      A

;; ANSWER SECTION:
primary.sip.com.        86400   IN      A       192.168.1.7

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep  3 20:03:03 2008
;; MSG SIZE  rcvd: 49

 

dig  secondary.sip.com

; <<>> DiG 9.5.0b2 <<>> secondary.sip.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25490
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;secondary.sip.com.             IN      A

;; ANSWER SECTION:
secondary.sip.com.      86400   IN      A       192.168.1.8

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep  3 20:03:03 2008
;; MSG SIZE  rcvd: 51


 

dig  www.sip.com

; <<>> DiG 9.5.0b2 <<>> www.sip.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30835
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.sip.com.                   IN      A

;; ANSWER SECTION:
www.sip.com.            86400   IN      A       192.168.1.9

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep  3 20:03:03 2008
;; MSG SIZE  rcvd: 45


 

dig  ftp.sip.com

; <<>> DiG 9.5.0b2 <<>> ftp.sip.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19037
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ftp.sip.com.                   IN      A

;; ANSWER SECTION:
ftp.sip.com.            86400   IN      A       192.168.1.10

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep  3 20:03:03 2008
;; MSG SIZE  rcvd: 45

所有测试正常,unbound运行正常!可以添加一个脚本到/etc/init.d/,使用unbound作为system service启动!

 

3 Links

  • Unbound: http://www.unbound.net/index.html
  • Debian: http://www.debian.org

你可能感兴趣的:(系统管理)