UNbound DNS服务器概述:
RHEL7.x附带了两种类型的DNS服务包:绑定和Unbound。 Unbound是红帽公司推荐的DNS服务器。 Bind目前拥有全球最多的用户,但这一老字号产品是针对简单网络设计的,随着网络的快速发展,Bind系统越来越不适应在当今复杂的大规模网络环境下提供DNS服务Unbound是FreeBSDOS类的默认DNS服务器软件,功能强大、安全性高、跨平台(类Unix、Linux、Windows)、易于配置,以及支持验证、递归(转发)、缓存等功能是DNS服务软件unbound dns服务器配置。
(假定已装入磁盘,已设置yum源,并且已关闭防火墙。 selinux是警告模式((root@llh ) ) rpm-QAunbound )/安装软件包unbound-libs-1.4.20-26.el7.x86 _ 64 ) root@llh )检查是否已安装7.2 unbound.x86 _ 64.4.20-26.El7base///主安装包unbound-26 yuminstallunbound-y [ root @ llh~] # rpm-QC 显示unbound/conf.d/eeetc/的example.com.key/etc/unbound/local.d/block-example.com.conf/etc/unbounbound
主配置文件[ root @ llh~~ ] # vim/etc/unbound/unbound.conf 38 interface :192.168.154.140//侦听的网络接口176将访问-控制:192.168.154.0/24允许//allow、refuse为哪个地址提供解析服务211 username: '' //'转换为空字符串表示任何用户都可以跳过372域名: ' Haha.edu '//验证域“haha.edu”,并配置区域文件以避免信任链验证失败----记录local.d///模板所在的目录[ root @ llh local.d ] # ltotal4- rw-rw-rw---1 root unbound 359 sep 222015 block-examplh 按模板复制模板排列: [ root @ llh local.d ] # CP-p block-example.com.conf haha.edu.conf /正反向分析文件名必须以. conf [ ronf ] 12 local-data : ' haha.edu.86400 inso ans1.haha.edu.root.haha.edu1 D1 h1h ' 13 local-data 3360 ' NS1.haha.edu aha.edu.ina 192.168.154.11 ' 15 local-data 3360 ' www.haha.edu.ina 192.168.154 ewww.haha.edu.' 17 local 360 ' haha.edu.140 ' 18 local-data 3360 ' haha.edu .反分析20 local-data-ptr : ' 192.168.154.140 NS1.haha.edu
ns2.haha.edu" 22 local-data-ptr: "192.168.154.12 www.haha.edu" 23 local-data-ptr: "192.168.154.12 web.haha.edu" 24 local-data-ptr: "192.168.154.140 mail.haha.edu"也可以直接在主配置文件中进行配置,以下给出参考模板:
[root@dns1~]# vim /etc/unbound/unbound.conflocal-zone: "haha.edu." static //455行:设置解析的区域名//添加以下7行local-data,以定义正向解析记录 local-data: "haha.edu. 86400 IN SOA ns1.haha.edu. root.haha.edu 1 1D 1H 1W 1H" local-data: "ns1.haha.edu. IN A 192.168.154.140"local-data: "ns2.haha.edu. IN A 192.168.154.11" local-data: "www.haha.edu. IN A 192.168.154.12" local-data: "web.haha.edu. IN CNAME www.haha.edu." local-data: "mail.haha.edu. IN A 192.168.154.140" local-data: "haha.edu. IN MX 5 mail.haha.edu."//添加以下5行local-data-ptr,以定义反向解析记录local-data-ptr: "192.168.154.140 ns1.haha.edu"local-data-ptr: "192.168.154.11 ns2.haha.edu"local-data-ptr: "192.168.154.12 www.haha.edu"local-data-ptr: "192.168.154.12 web.haha.edu"local-data-ptr: "192.168.154.140 mail.haha.edu" 语法测试并重启: [root@llh local.d]# unbound-checkconf/etc/unbound/unbound_server.key: No such file or directory[1584074279] unbound-checkconf[5445:0] fatal error: server-key-file: "/etc/unbound/unbound_server.key" does not exist //发现报错,显示该文件不存在报错处理: 对报错中的文件进行注释:[root@llh ~]# vim /etc/unbound/unbound.conf 499 #control-enable: yes510 #server-key-file: "/etc/unbound/unbound_server.key"513 #server-cert-file: "/etc/unbound/unbound_server.pem"516 #control-key-file: "/etc/unbound/unbound_control.key"519 #control-cert-file: "/etc/unbound/unbound_control.pem"再次测试:[root@llh local.d]# unbound-checkconfunbound-checkconf: no errors in /etc/unbound/unbound.conf //显示配置文件没有错误即配置成功重启:[root@llh local.d]# systemctl start unbound //启用无报错 测试: [root@llh local.d]# nslookup> server 192.168.154.140 //指定dns服务地址Default server: 192.168.154.140Address: 192.168.154.140#53> www.haha.eduServer:192.168.154.140Address:192.168.154.140#53Name:www.haha.edu> set type=cname //别名测试> web.haha.eduServer:192.168.154.140Address:192.168.154.140#53web.haha.educanonical name = www.haha.edu.> set type=mx //邮件测试需指定type> haha.eduServer:192.168.154.140Address:192.168.154.140#53haha.edumail exchanger = 5 mail.haha.edu.> 192.168.154.12 //反向测试Server:192.168.154.140Address:192.168.154.140#5312.154.168.192.in-addr.arpaname = www.haha.edu.12.154.168.192.in-addr.arpaname = web.haha.edu.> 192.168.154.140 //反向测试Server:192.168.154.140Address:192.168.154.140#53140.154.168.192.in-addr.arpaname = ns1.haha.edu.140.154.168.192.in-addr.arpaname = mail.haha.edu.> exit //退出或者用host测试:[root@llh local.d]# host -t mx haha.edu 192.168.154.140Using domain server:Name: 192.168.154.140Address: 192.168.154.140#53Aliases: haha.edu mail is handled by 5 mail.haha.edu.也可以像bind dns一样配置永久测试文件:
[root@client ~]# vim /etc/resolv.conf
nameserver 192.168.154.140