使用 Unbound 创建DNS服务器

1 Installing Unbound

下载、安装unbound;

wget http://www.unbound.net/downloads/unbound-latest.tar.gz

tar xvfz unbound-latest.tar.gz

cd unbound-<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /><chsdate year="1899" month="12" day="30" islunardate="False" isrocdate="False" w:st="on">1.0.2</chsdate>/

./configure --prefix=/usr/local

make
make install

# 添加 unbound 运行用户组和用户

groupadd unbound

useradd -d /var/unbound -m -g unbound -s /bin/false unbound

mkdir -p /var/unbound/var/run
chown -R unbound:unbound /var/unbound
ln -s /var/unbound/var/run/unbound.pid /var/run/unbound.pid

下载root nameserver.

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

注: root nameserver 记录了各 Top domain 分别是由哪些 DNS server 负责. 比如说要找 www.google.com , root nameserver 会告诉 local DNS server 哪部 name server 负责 .com 这个 domain, 然后 local dns 再向负责 .com name server 询问关于 google.com 是哪部 name server 在负责. 最后 local DNS 就可以向负责 google.com name server 问到有关 www. google.com 的资料.

2 Configuring Unbound

创建/var/unbound/unbound.conf. 也可以在unbound 源代码下的doc目录中找到一个example.conf. 同样可以访问 http://www.unbound.net/documentation/unbound.conf.html查看帮助信息.

下面添加一个"sip.com"的 zone作为示例配置文件

vi /var/unbound/unbound.conf

server:
verbosity: 1
interface: 0.0.0.0
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 allow
#access-control: 0.0.0.0/0 refuse
#access-control: 127.0.0.0/8 allow
chroot: "/var/unbound"
username: "unbound"
directory: "/var/unbound"
use-syslog: no
pidfile: "/var/run/unbound.pid"
root-hints: "/var/unbound/named.cache"
local-zone: "sip.com." static
local-data: "sip.com. 86400 IN SOA primary.sip.com kzy.sip.com. 200809031843 28800 7200 604800 86400"
local-data: "sip.com. 86400 IN NS primary.sip.com."
local-data: "sip.com. 86400 IN NS secondary.sip.com."
local-data: "primary.sip.com. 86400 IN A 192.168.1.7"
local-data: "secondary.sip.com. 86400 IN A 192.168.1.8"
local-data: "www.sip.com. 86400 IN A 192.168.1.9"
local-data: "ftp.sip.com. 86400 IN A 192.168.1.10"

这里添加了4个域名:

primary.sip.com

secondary.sip.com

www.sip.com

ftp.sip.com

都是IPv4 地址. 可以看出unbound 的zone config 与bind的zone file 实际上差不多,只是没有bind那么简化而已.使用unbound-checkconf 检查配置文件是否有错误:

cd /usr/local/sbin/

./unbound-checkconf unbound.conf
unbound-checkconf: no errors in unbound.conf


运行unbound,这里以debug模式运行:

cd /usr/local/sbin/

./unbound -d -c /var/unbound/unbound.conf -vvvv

......

测试unbound:

echo "nameserver 127.0.0.1" > /etc/resolv.conf

dig primary.sip.com

; <<>> DiG 9.5.0b2 <<>> primary.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18034
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;primary.sip.com. IN A

;; ANSWER SECTION:
primary.sip.com. 86400 IN A 192.168.1.7

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 49

dig secondary.sip.com

; <<>> DiG 9.5.0b2 <<>> secondary.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25490
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;secondary.sip.com. IN A

;; ANSWER SECTION:
secondary.sip.com. 86400 IN A 192.168.1.8

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 51


dig www.sip.com

; <<>> DiG 9.5.0b2 <<>> www.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30835
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.sip.com. IN A

;; ANSWER SECTION:
www.sip.com. 86400 IN A 192.168.1.9

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 45


dig ftp.sip.com

; <<>> DiG 9.5.0b2 <<>> ftp.sip.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19037
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ftp.sip.com. IN A

;; ANSWER SECTION:
ftp.sip.com. 86400 IN A 192.168.1.10

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 3 20:03:03 2008
;; MSG SIZE rcvd: 45

所有测试正常,unbound运行正常!可以添加一个脚本到/etc/init.d/,使用unbound作为system service启动!

3 Links

你可能感兴趣的:(.net,Debian,Google,Office,SOA)