参考文档
https://calomel.org/unbound_dns.html
https://unbound.net/documentation/index.html
安装unbound
[root@s1 ~]# yum install unbound -y [root@s1 ~]# systemctl start unbound.service [root@s1 ~]# systemctl enable unbound.service
修改/etc/unbound/unbound.conf 配置
1. 监听所有网卡;
interface: 0.0.0.0 interface-automatic: yes (记得设置这条!)
2. 允许192.168.122.0/24 网段查询;
access-control: 192.168.122.0/24 allow domain-insecure: "example.com"
设置成Caching Nameserver
修改/etc/unbound/unbound.conf
harden-dnssec-stripped: no
harden-below-nxdomain: no
domain-insecure: "."
forward-zone:
name: .
forward-addr: 8.8.8.8
检查配置是否正确;
[root@s1 ~]# unbound-checkconf unbound-checkconf: no errors in /etc/unbound/unbound.conf
重启服务,配置防火墙;
[root@s1 ~]# systemctl restart unbound.service [root@s1 ~]# firewall-cmd --permanent --add-service=dns success [root@s1 ~]# firewall-cmd --reload success [root@s1 ~]# unbound-control dump_cache START_RRSET_CACHE END_RRSET_CACHE START_MSG_CACHE END_MSG_CACHE EOF
提供域名解析记录
unbound也可以自己提供域名的解析信息。
修改/etc/unbound/unbound.conf
private-domain: "example.com" domain-insecure: "example.com" local-zone: "example.com." static local-data: "host1.example.com. IN A 192.168.1.111" local-data: "host2.example.com. IN A 192.168.2.222" local-data-ptr: "192.168.1.111 host1.example.com" local-data-ptr: "192.168.2.222 host2.example.com"
测试:
[root@r7-h1 ~]# dig @192.168.122.243 A host1.example.com