1.关闭firewall:
#停止firewall
systemctl stop firewalld.service
#禁止firewall开机启动
systemctl disable firewalld.service
2.永久关闭
vi /etc/selinux/config
将SELINUX=enforcing改为SELINUX=disabled
设置后需要重启才能生效
下面开始正式安装unbound
3.安装unbound
yum -y install unbound
清理缓存
yum clean all
重启服务
systemctl restart unbound
设置开机启动
systemctl enable unbound
4.备份配置文件
cd /etc/unbound/
mv unbound.conf unbound.conf.bak
5.编辑配置文件
vim unbound.conf
注释的地方,全部被我删除了!
完整内容如下:
server:
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: yes
num-threads: 2
#监听地址
interface: 0.0.0.0
interface-automatic: no
#让所有主机能够向本机查询DNS
access-control: 0.0.0.0/0 allow
chroot: ""
#安全起见,禁用服务用户(DNS 的服务用户为 unbound)
username: ""
directory: "/etc/unbound"
log-time-ascii: yes
pidfile: "/var/run/unbound/unbound.pid"
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
use-caps-for-id: no
unwanted-reply-threshold: 10000000
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
trusted-keys-file: /etc/unbound/keys.d/*.key
auto-trust-anchor-file: "/var/lib/unbound/root.key"
val-clean-additional: yes
val-permissive-mode: no
val-log-level: 1
include: /etc/unbound/local.d/*.conf
remote-control:
control-enable: yes
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
include: /etc/unbound/conf.d/*.conf
6.验证配置文件是否正确
unbound-checkconf
提示以下内容,就说明没有错误
unbound-checkconf: no errors in /etc/unbound/unbound.conf
重启unbound服务
systemctl restart unbound
7.查看监听端口,53号端口是否存在
[root@localhost unbound]# netstat -tunlp |grep unbound
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 2382/unbound
tcp 0 0 127.0.0.1:8953 0.0.0.0:* LISTEN 2382/unbound
tcp6 0 0 ::1:8953 :::* LISTEN 2382/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:* 2382/unbound
8.创建新的配置文件,这里以example.com为例:
vim /etc/unbound/local.d/example.conf
内容如下:
local-zone: "example.com." static
local-data: "example.com. 86400 IN SOA ns.example.com. root 1 1D 1H 1W 1H"
local-data: "ns.example.com. IN A 192.168.10.10"
local-data: "linuxprobe.example.com. IN A 192.168.10.10"
local-data-ptr: "192.168.10.10 ns.example.com."
local-data-ptr: "192.168.10.10 linuxprobe.example.com."
9.编辑本机网卡配置文件
vim /etc/sysconfig/network-scripts/ifcfg-eth0
主要配置如下:
.....
#系统启动时激活网卡
ONBOOT=yes
#静态IP地址
IPADDR="192.168.78.133"
#子网掩码
PREFIX="24"
#网关地址
GATEWAY="192.168.78.2"
#DNS地址,指向本机
DNS1=192.168.78.133
重启网络服务
systemctl restart network
10.安装解析工具
yum install -y bind-utils
测试解析
[root@localhost ~]# nslookup
> linuxprobe.example.com.
Server:192.168.78.133
Address:192.168.78.133#53
Name:linuxprobe.example.com
Address: 192.168.10.10
> exit
域名解析正确!!!