参考文档
https://calomel.org/unbound_dns.html
https://unbound.net/documentation/index.html
安装unbound
# yum install unbound y # systemctl start unbound.service[root@s1 ~]# systemctl enable unbound.service
修改/etc/unbound/unbound.conf 配置
1. 监听所有网卡;
interface: 0.0.0.0 interface-automatic: yes (记得设置这条!)
2. 允许192.168.122.0/24 网段查询;
access-control: 192.168.122.0/24 allow domain-insecure: "example.com"
设置成Caching Nameserver
修改/etc/unbound/unbound.conf
harden-dnssec-stripped:no harden-below-nxdomain:no domain-insecure: "." forward-zone: name: . forward-addr: 8.8.8.8
检查配置是否正确;
[root@s1 ~]# unbound-checkconf unbound-checkconf: no errors in /etc/unbound/unbound.conf
重启服务,配置防火墙;
# systemctl restart unbound.service # firewall-cmd --permanent --add-service=dns # firewall-cmd --reload # unbound-control dump_cache START_RRSET_CACHE END_RRSET_CACHE START_MSG_CACHE END_MSG_CACHE EOF
提供域名解析记录
unbound也可以自己提供域名的解析信息。
修改/etc/unbound/unbound.conf
private-domain: "example.com" domain-insecure: "example.com" local-zone: "example.com." static local-data: "host1.example.com. IN A 192.168.1.111" local-data: "host2.example.com. IN A 192.168.2.222" local-data-ptr: "192.168.1.111 host1.example.com" local-data-ptr: "192.168.2.222 host2.example.com"
测试:
# dig @192.168.122.243 A host1.example.com
http://blog.163.com/hk_bs/blog/static/24503801120163834148485/
本文转自babylater51CTO博客,原文链接:http://blog.51cto.com/babylater/1914586 ,如需转载请自行联系原作者
