Centos 7安装unbound

1.关闭firewall：

#停止firewall

systemctl stop firewalld.service

#禁止firewall开机启动

systemctl disable firewalld.service

2.永久关闭

vi /etc/selinux/config

将SELINUX=enforcing改为SELINUX=disabled 

设置后需要重启才能生效

下面开始正式安装unbound

3.安装unbound

yum -y install unbound

清理缓存

yum clean all

重启服务

systemctl restart unbound  

设置开机启动

systemctl enable unbound

4.备份配置文件

cd /etc/unbound/

mv unbound.conf unbound.conf.bak

5.编辑配置文件

vim unbound.conf

注释的地方,全部被我删除了!

完整内容如下:

server:

verbosity: 1

statistics-interval: 0

statistics-cumulative: no

extended-statistics: yes

num-threads: 2

#监听地址

interface: 0.0.0.0

interface-automatic: no

#让所有主机能够向本机查询DNS

access-control: 0.0.0.0/0 allow

chroot: ""

#安全起见,禁用服务用户(DNS 的服务用户为 unbound)

username: ""

directory: "/etc/unbound"

log-time-ascii: yes

pidfile: "/var/run/unbound/unbound.pid"

harden-glue: yes

harden-dnssec-stripped: yes

harden-below-nxdomain: yes

harden-referral-path: yes

use-caps-for-id: no

unwanted-reply-threshold: 10000000

prefetch: yes

prefetch-key: yes

rrset-roundrobin: yes

minimal-responses: yes

trusted-keys-file: /etc/unbound/keys.d/*.key

auto-trust-anchor-file: "/var/lib/unbound/root.key"

val-clean-additional: yes

val-permissive-mode: no

val-log-level: 1

include: /etc/unbound/local.d/*.conf

remote-control:

control-enable: yes

server-key-file: "/etc/unbound/unbound_server.key"

server-cert-file: "/etc/unbound/unbound_server.pem"

control-key-file: "/etc/unbound/unbound_control.key"

control-cert-file: "/etc/unbound/unbound_control.pem"

include: /etc/unbound/conf.d/*.conf

6.验证配置文件是否正确

unbound-checkconf

提示以下内容，就说明没有错误

unbound-checkconf: no errors in /etc/unbound/unbound.conf

重启unbound服务

systemctl restart unbound

7.查看监听端口，53号端口是否存在

[root@localhost unbound]# netstat -tunlp |grep unbound

tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      2382/unbound        

tcp        0      0 127.0.0.1:8953          0.0.0.0:*               LISTEN      2382/unbound        

tcp6       0      0 ::1:8953                :::*                    LISTEN      2382/unbound        

udp        0      0 0.0.0.0:53              0.0.0.0:*                           2382/unbound  

8.创建新的配置文件,这里以example.com为例:

vim /etc/unbound/local.d/example.conf

内容如下:

local-zone: "example.com." static

local-data: "example.com. 86400 IN SOA ns.example.com. root 1 1D 1H 1W 1H"

local-data: "ns.example.com. IN A 192.168.10.10"

local-data: "linuxprobe.example.com. IN A 192.168.10.10"

local-data-ptr: "192.168.10.10 ns.example.com."

local-data-ptr: "192.168.10.10 linuxprobe.example.com."

9.编辑本机网卡配置文件

vim /etc/sysconfig/network-scripts/ifcfg-eth0

主要配置如下:

.....

#系统启动时激活网卡

ONBOOT=yes

#静态IP地址

IPADDR="192.168.78.133"

#子网掩码

PREFIX="24"

#网关地址

GATEWAY="192.168.78.2"

#DNS地址,指向本机

DNS1=192.168.78.133

重启网络服务

systemctl restart network

10.安装解析工具

yum install -y bind-utils

测试解析

[root@localhost ~]# nslookup 

> linuxprobe.example.com.

Server:192.168.78.133

Address:192.168.78.133#53

Name:linuxprobe.example.com

Address: 192.168.10.10

> exit

域名解析正确!!!