@cdmonkey
2021-10-18T18:01:14.000000Z
字数 3638
阅读 1606
网络服务
Official Website: https://nlnetlabs.nl/projects/unbound/download
https://lisz.io/tech/unbound-dns.html
http://blog.51cto.com/11246696/1902705
http://3g.163.com/dy/article/DCCMUSBF0511RVML.html
https://www.linuxprobe.com/use-unbound-rhel7-setup-dns.html
https://blog.phoenixlzx.com/2016/04/27/better-dns-with-unbound
https://www.sooele.com/index.php/2018/03/08/1567https://loga.us/2014/08/03/unbound-caching-and-nsd-local-authoritative-master-slave-dns-server-part-1
https://calomel.org/unbound_dns.html
https://www.holoem.com/?p=768
官方文档:
安装依赖包:
yum install gcc libevent* expat*yum install openssl openssl-devel
[root@ldap01 unbound-1.8.1]# ./configure --prefix=/usr/local/unbound \--with-pthreads --with-libevent --with-sslmake && make install
ln -s /usr/local/unbound/sbin/unbound /usr/local/bin/unboundln -s /usr/local/unbound/sbin/unbound-anchor /usr/local/bin/unbound-anchorln -s /usr/local/unbound/sbin/unbound-checkconf /usr/local/bin/unbound-checkconfln -s /usr/local/unbound/sbin/unbound-control /usr/local/bin/unbound-controlln -s /usr/local/unbound/sbin/unbound-control-setup /usr/local/bin/unbound-control-setupln -s /usr/local/unbound/sbin/unbound-host /usr/local/bin/unbound-host
创建用户:
groupadd unbounduseradd -M -g unbound -s /sbin/nologin unbound
启动服务:
/usr/local/unbound/sbin/unbound -c /usr/local/unbound/etc/unbound/unbound.conf
查看状态:
[root@PBSNEWDNSNTP01 ~]# unbound-control statusversion: 1.8.1verbosity: 1threads: 8modules: 2 [ validator iterator ]uptime: 14307466 secondsoptions: reuseport controlunbound (pid 76444) is running...
[root@PBSNEWDNSNTP01 ~]# unbound-control list_forwards. IN forward 223.5.5.5 223.6.6.6
cache-min-ttl: 0 # 生存时间TTL值下限,单位秒,默认值0。若超过一个小时很容易因陈旧数据而出现问题。cache-max-ttl: 86400cache-max-negative-ttl: 3600infra-host-ttl: 900infra-cache-min-rtt: 50infra-cache-slabs: 4infra-cache-numhosts: 10000
使用 SSL 用于连接服务器而不管它是本地还是远程服务器,因而首先需要于服务器端创建 SSL 证书。连接至远程服务器时,于远程端创建证书并且于本地复制。
为此,请使用 unbound-control-setup 这个工具。
[root@PBSNEWDNSNTP04 ~]# unbound-control-setup...Getting CA Private KeySetup success. Certificates created. Enable in unbound.conf file to use# 设置成功。证书已创建。可于 unbound.conf 文件中启用以使用。
完成上述操作后,就于 /usr/local/unbound/etc/unbound/ 下创建了四种类型证书:
[root@PBSNEWDNSNTP04 ~]# ls /usr/local/unbound/etc/unbound/|grep unbound_unbound_control.key # 客户端的密钥 keyunbound_control.pem # 客户端的公钥证书 pemunbound_server.key # 服务器的密钥 keyunbound_server.pem # 服务器的公钥证书 pem
remote-control:# 这个区间为控制设置。配置如下内容可以控制 unbound 服务。# 使用 unbound-control 命令对能够该服务执行开启、关闭、重启等操作。control-enable: yescontrol-interface: 127.0.0.1control-port: 8953server-key-file: "/usr/local/unbound/etc/unbound/unbound_server.key"server-cert-file: "/usr/local/unbound/etc/unbound/unbound_server.pem"control-key-file: "/usr/local/unbound/etc/unbound/unbound_control.key"control-cert-file: "/usr/local/unbound/etc/unbound/unbound_control.pem"
注意:
若是服务器上禁用了 IPv6,则需要于配置文件中修改相关配置:
do-ip6: no
另外,日志目录需要自行创建。
https://nlnetlabs.nl/documentation/unbound/unbound-checkconf
[root@newdns01 ~]# unbound-checkconfunbound-checkconf: no errors in /usr/local/unbound/etc/unbound/unbound.conf[root@newdns01 ~]# unbound-checkconf /usr/local/unbound/etc/unbound/extra/vbillbank.confunbound-checkconf: no errors in /usr/local/unbound/etc/unbound/extra/vbillbank.conf
unbound-control reload
[root@PBSDNSNTP02 ~]# cd tools/bind-9.12.2-P2[root@PBSDNSNTP02 bind-9.12.2-P2]# cd contrib/queryperf/./configuremake
测试指令:
./queryperf -d ./yuming.txt -s 10.1.30.231
启动报错
unbound[111537:0] error: could not read root hints /etc/unbound/named.cache: No such file or directoryunbound[111537:0] error: Could not set root or stub hints
解决:
cd /usr/local/unbound/etc/unbound/wget https://www.internic.net/domain/named.cache