RHEL7: unbound(DNS server)的简单配置
参考文档https://calomel.org/unbound_dns.html
https://unbound.net/documentation/index.html
安装unbound
# yum install unbound y
# systemctl start unbound.service# systemctl enable unbound.service
修改/etc/unbound/unbound.conf 配置
1. 监听所有网卡;
interface: 0.0.0.0
interface-automatic: yes (记得设置这条!)
2. 允许192.168.122.0/24 网段查询;
access-control: 192.168.122.0/24 allow
domain-insecure: "example.com"
设置成Caching Nameserver
修改/etc/unbound/unbound.conf
harden-dnssec-stripped:no
harden-below-nxdomain:no
domain-insecure: "."
forward-zone:
name: .
forward-addr: 8.8.8.8
检查配置是否正确;
# unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf
重启服务,配置防火墙;
# systemctl restart unbound.service
# firewall-cmd --permanent --add-service=dns
# firewall-cmd --reload
# unbound-control dump_cache
START_RRSET_CACHE
END_RRSET_CACHE
START_MSG_CACHE
END_MSG_CACHE
EOF
提供域名解析记录
unbound也可以自己提供域名的解析信息。
修改/etc/unbound/unbound.conf
private-domain: "example.com"
domain-insecure: "example.com"
local-zone: "example.com." static
local-data: "host1.example.com. IN A 192.168.1.111"
local-data: "host2.example.com. IN A 192.168.2.222"
local-data-ptr: "192.168.1.111 host1.example.com"
local-data-ptr: "192.168.2.222 host2.example.com"
测试:
# dig @192.168.122.243 A host1.example.com http://blog.163.com/hk_bs/blog/static/24503801120163834148485/
页:
[1]