Centos系统上搭建_unbound_dns_服务器搭建_DNS服务器搭建

unbound介绍


实现DNS的软件 unbound (貌似bind更强大)
unbound是红帽公司推荐的DNS软件
Unbound已经取代Berkeley internetnamedomain(BIND)成为几个开源项目中的默认基本系统名称服务器,在这些项目中,它被认为是更小、更现代、更安全的应用程序。

服务器准备


centos7.6,rsync.x86_64 0:3.1.2-6.el7_6.1
Red Hat Enterprise Linux Server release 7.4 (Maipo)

解析说明


DNS服务器有多种软件可以实现,这次用的是unbound简单的使用介绍
unbound配置文件:/etc/unbound/unbound.conf
DNS解析文件为:/etc/unbound/local.d/*.conf
本机DNS解析地址:/etc/resolv.conf

服务端的安装设置


  1. 安装unbound服务软件
    yum install unbound
[root@unbound ~]# yum install unbound
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package unbound.x86_64 0:1.6.6-5.el7_8 will be installed
--> Processing Dependency: unbound-libs(x86-64) = 1.6.6-5.el7_8 for package: unbound-1.6.6-5.el7_8.x86_64
--> Running transaction check
---> Package unbound-libs.x86_64 0:1.4.20-34.el7 will be updated
---> Package unbound-libs.x86_64 0:1.6.6-5.el7_8 will be an update
--> Finished Dependency Resolution
y
Dependencies Resolved
======================================================================
 Package                                                     Arch                                                  Version                                                        Repository                                           Size
======================================================================
Installing:
 unbound                                                     x86_64                                                1.6.6-5.el7_8                                                  base                                                674 k
Updating for dependencies:
 unbound-libs                                                x86_64                                                1.6.6-5.el7_8                                                  base                                                406 k

Transaction Summary
======================================================================
Install  1 Package
Upgrade             ( 1 Dependent package)

Total size: 1.1 M
Total download size: 674 k
Is this ok [y/d/N]: 
Downloading packages:
unbound-1.6.6-5.el7_8.x86_64.rpm                                                                                                                                                                                     | 674 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : unbound-libs-1.6.6-5.el7_8.x86_64                                                                                                                                                                                        1/3 
  Installing : unbound-1.6.6-5.el7_8.x86_64 [                                                                                                                                                                                         ] 2/3
  Installing : unbound-1.6.6-5.el7_8.x86_64                                                                                                                                                                                             2/3 
  Cleanup    : unbound-libs-1.4.20-34.el7.x86_64                                                                                                                                                                                        3/3 
  Verifying  : unbound-libs-1.6.6-5.el7_8.x86_64                                                                                                                                                                                        1/3 
  Verifying  : unbound-1.6.6-5.el7_8.x86_64                                                                                                                                                                                             2/3 
  Verifying  : unbound-libs-1.4.20-34.el7.x86_64                                                                                                                                                                                        3/3 
Installed:
  unbound.x86_64 0:1.6.6-5.el7_8                                                                                                                                                                                                            
Dependency Updated:
  unbound-libs.x86_64 0:1.6.6-5.el7_8                                                                                                                                                                                                       
Complete!
  1. 启动unbound服务,并设置开机自启
[root@unbound ~]# systemctl start unbound
[root@unbound ~]# 
[root@unbound ~]# systemctl enable unbound
Created symlink from /etc/systemd/system/multi-user.target.wants/unbound.service to /usr/lib/systemd/system/unbound.service.

  1. 查看unbound状态
    systemctl status unbound
[root@unbound ~]# systemctl status unbound
● unbound.service - Unbound recursive Domain Name Server
   Loaded: loaded (/usr/lib/systemd/system/unbound.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2021-07-09 15:55:58 CST; 21s ago
  Process: 21173 ExecStartPre=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem (code=exited, status=0/SUCCESS)
  Process: 21171 ExecStartPre=/usr/sbin/unbound-checkconf (code=exited, status=0/SUCCESS)
 Main PID: 21188 (unbound)
   CGroup: /system.slice/unbound.service
           └─21188 /usr/sbin/unbound -d

Jul 09 15:55:08 host-192-168-65-94 systemd[1]: Starting Unbound recursive Domain Name Server...
Jul 09 15:55:08 host-192-168-65-94 unbound-checkconf[21171]: unbound-checkconf: no errors in /etc/unbound/unbound.conf
Jul 09 15:55:58 host-192-168-65-94 systemd[1]: Started Unbound recursive Domain Name Server.
Jul 09 15:55:58 host-192-168-65-94 unbound[21188]: [21188:0] notice: init module 0: ipsecmod
Jul 09 15:55:58 host-192-168-65-94 unbound[21188]: [21188:0] notice: init module 1: validator
Jul 09 15:55:58 host-192-168-65-94 unbound[21188]: [21188:0] notice: init module 2: iterator
Jul 09 15:55:58 host-192-168-65-94 unbound[21188]: [21188:0] info: start of service (unbound 1.6.6).

查看dns侦听端口
netstat -tunlp | grep unbound

[root@host-192-168-65-94 ~]# netstat -tunlp | grep unbound
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      21188/unbound       
tcp        0      0 127.0.0.1:8953          0.0.0.0:*               LISTEN      21188/unbound       
tcp6       0      0 ::1:53                  :::*                    LISTEN      21188/unbound       
tcp6       0      0 ::1:8953                :::*                    LISTEN      21188/unbound       
udp        0      0 127.0.0.1:53            0.0.0.0:*                           21188/unbound       
udp        0      0 127.0.0.1:53            0.0.0.0:*                           21188/unbound       
udp        0      0 127.0.0.1:53            0.0.0.0:*                           21188/unbound       
udp        0      0 127.0.0.1:53            0.0.0.0:*                           21188/unbound       
udp6       0      0 ::1:53                  :::*                                21188/unbound       
udp6       0      0 ::1:53                  :::*                                21188/unbound       
udp6       0      0 ::1:53                  :::*                                21188/unbound       
udp6       0      0 ::1:53                  :::*                                21188/unbound       
  1. 修改配置文件 /etc/unbound/unbound.conf
vim /etc/unbound/unbound.conf
#将# interface: 0.0.0.0 的注释去掉
interface: 0.0.0.0
#将# access-control: 0.0.0.0/0 refuse 的注释去掉,并将refuse改成allow。
access-control: 0.0.0.0/0 allow。
#保存退出
  1. 自己编写一个dns解析文件,注意必须是这种格式 /etc/unbound/local.d/*.conf
[root@unbound~]# cat /etc/unbound/local.d/xdns.conf
local-zone: "code404.icu." static
local-data: "code404.icu. 3600 IN SOA www.code404.icu. root 1 1D 1H 1W 1H"
local-data: "www.code404.icu.	IN A 192.168.65.94"
local-data-ptr: "192.168.65.94 www.code404.icu."
local-data-ptr: "192.168.65.94 www.code404.icu."
  1. 重启dns服务
[root@unbound ~]# systemctl restart unbound

验证ping 刚定义好的域名www.code404.icu


[root@unbound ~]# ping www.code404.icu
ping: www.code404.icu: Name or service not known

哎哟我去,几个意思,报错了?
赶紧看看dns状态
systemctl status unbound

[root@unbound ~]# systemctl status unbound
● unbound.service - Unbound recursive Domain Name Server
   Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2019-09-04 07:29:56 PDT; 2min 3s ago
  Process: 17994 ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS (code=exited, status=1/FAILURE)
  Process: 17983 ExecStartPre=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem (code=exited, status=0/SUCCESS)
  Process: 17980 ExecStartPre=/usr/sbin/unbound-checkconf (code=exited, status=0/SUCCESS)
 Main PID: 17994 (code=exited, status=1/FAILURE)
 
Sep 04 07:29:55 unbound systemd[1]: Starting Unbound recursive Domain Name Server...
Sep 04 07:29:55 unbound unbound-checkconf[17980]: unbound-checkconf: no errors in /etc/unbound/unbound.conf
Sep 04 07:29:56 unbound systemd[1]: Started Unbound recursive Domain Name Server.
Sep 04 07:29:56 unbound unbound[17994]: Sep 04 07:29:56 unbound[17994:0] error: can't bind socket: Address already in use for 0.0.0.0
Sep 04 07:29:56 unbound unbound[17994]: Sep 04 07:29:56 unbound[17994:0] fatal error: could not open ports
Sep 04 07:29:56 unbound systemd[1]: unbound.service: main process exited, code=exited, status=1/FAILURE
Sep 04 07:29:56 unbound systemd[1]: Unit unbound.service entered failed state.
Sep 04 07:29:56 unbound systemd[1]: unbound.service failed.

哎哟我去,unbound服务竟然没启动?
再看看dns的53端口是啥情况

[root@unbound ~]# netstat -ntulp | grep 53

此时就感觉好奇怪,unbound服务命名是失败的,为啥还有53端口开启呢?这非常不科学。
百度了一把找到答案了,把dns进程先干掉,再开启unbound服务即可。

[root@unbound ~]# kill -9 8589

再启动unbound服务,发现unbound状态就变成了active(running)了,

[root@unbound ~]# systemctl start unbound
[root@unbound ~]# systemctl status unbound

再去ping www.code404.icu还不行,我去这更诡异了。这玩意跟windows dns一个尿性,本机的dns都还没改,怎么能ping通呢,于是乎赶紧去改一下解析文件,把dns地址改成本机ip。

[root@unbound ~]# vim /etc/resolv.conf
nameserver 192.168.65.94

第三次ping www.code404.icu 终于ok了。至于添加其他主机的dns,就可以照葫芦画瓢往配置文件里加就行了。有一点要注意啊,其他主机的dns指向必须指向这次配置的unbound主机才行。

至此简单的unbound服务器(dns)就搭建完成了

版权声明:本文为作者原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

原创文章,作者:老C,如若转载,请注明出处:https://www.code404.icu/938.html

发表评论

登录后才能评论