一、目标
centos7下unbound(dns)服务器搭建
二、平台
centos7.6,rsync.x86_64 0:3.1.2-6.el7_6.1
三、解析
DNS服务器有多种软件可以实现,这次用的是unbound简单的使用介绍
unbound配置文件:/etc/unbound/unbound.conf
DNS解析文件为:/etc/unbound/local.d/*.conf
本机DNS解析地址:/etc/resolv.conf
四、服务端的安装设置
1.安装unbound服务软件
[root@xserver ~]# yum install unbound -y
2.启动unbound服务,并设置开机自启
[root@xserver ~]# systemctl start unbound
[root@xserver ~]#
[root@xserver ~]# systemctl enable unbound
Created symlink from /etc/systemd/system/multi-user.target.wants/unbound.service to /usr/lib/systemd/system/unbound.service.
[root@xserver ~]#
3.查看unbound状态
systemctl status unbound
查看dns侦听端口[root@xserver ~]# netstat -tunlp | grep unbound
4.修改配置文件/etc/unbound/unbound.conf
将# interface: 0.0.0.0 的注释去掉,即改为:interface: 0.0.0.0
将# access-control: 0.0.0.0/0 refuse 的注释去掉,并将refuse改成allow。即access-control: 0.0.0.0/0 allow。
保存退出
5.自己编写一个dns解析文件,注意必须是这种格式/etc/unbound/local.d/*.conf
[root@xserver ~]# cat /etc/unbound/local.d/xdns.conf
local-zone: "hiibm.com." static
local-data: "hiibm.com. 3600 IN SOA xserver.hiibm.com. root 1 1D 1H 1W 1H"
local-data: "xserver.hiibm.com. IN A 10.100.100.210"
local-data-ptr: "10.100.100.210 xserver.hiibm.com."
local-data-ptr: "10.100.100.210 www.hiibm.com."
6.重启dns服务
[root@xserver ~]# systemctl restart unbound
7.ping刚定义好的自己
[root@xserver ~]# ping www.hiibm.com
ping: www.hiibm.com: Name or service not known
哎哟我去,几个意思,报错了?
赶紧看看dns状态[root@xserver ~]# systemctl status unbound
[root@xserver ~]# systemctl status unbound
● unbound.service - Unbound recursive Domain Name Server
Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-09-04 07:29:56 PDT; 2min 3s ago
Process: 17994 ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS (code=exited, status=1/FAILURE)
Process: 17983 ExecStartPre=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem (code=exited, status=0/SUCCESS)
Process: 17980 ExecStartPre=/usr/sbin/unbound-checkconf (code=exited, status=0/SUCCESS)
Main PID: 17994 (code=exited, status=1/FAILURE)
Sep 04 07:29:55 xserver systemd[1]: Starting Unbound recursive Domain Name Server...
Sep 04 07:29:55 xserver unbound-checkconf[17980]: unbound-checkconf: no errors in /etc/unbound/unbound.conf
Sep 04 07:29:56 xserver systemd[1]: Started Unbound recursive Domain Name Server.
Sep 04 07:29:56 xserver unbound[17994]: Sep 04 07:29:56 unbound[17994:0] error: can't bind socket: Address already in use for 0.0.0.0
Sep 04 07:29:56 xserver unbound[17994]: Sep 04 07:29:56 unbound[17994:0] fatal error: could not open ports
Sep 04 07:29:56 xserver systemd[1]: unbound.service: main process exited, code=exited, status=1/FAILURE
Sep 04 07:29:56 xserver systemd[1]: Unit unbound.service entered failed state.
Sep 04 07:29:56 xserver systemd[1]: unbound.service failed.
哎哟我去,unbound服务竟然没启动?
再看看dns的53端口是啥情况
[root@xserver ~]# netstat -ntulp | grep 53
此时就感觉好奇怪,unbound服务命名是失败的,为啥还有53端口开启呢?这非常不科学。
百度了一把找到答案了,把dns进程先干掉,再开启unbound服务即可。
[root@xserver ~]# kill -9 8589
再启动unbound服务,发现unbound状态就变成了active(running)了,
[root@xserver ~]# systemctl start unbound
[root@xserver ~]# systemctl status unbound
再去ping xserver.hiibm.com还不行,我去这更诡异了。这玩意跟windows dns一个尿性,本机的dns都还没改,怎么能ping通呢,于是乎赶紧去改一下解析文件,把dns地址改成本机ip。
[root@xserver ~]# vim /etc/resolv.conf
# /etc/resolv.conf
nameserver 10.100.100.210
第三次ping xserver.hiibm.com 终于ok了。至于添加其他主机的dns,就可以照葫芦画瓢往配置文件里加就行了。有一点要注意啊,其他主机的dns指向必须指向这次配置的unbound主机才行。
至此简单的unbound服务器(dns)就搭建完成了
————————————————
版权声明:本文为CSDN博主「潇洒哥Kahn」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/xoofly/article/details/100548374
- 上一篇:KMS激活服务器
- 下一篇:zimbra 腾讯云SSL证书安装
- 发表评论
- 查看评论
【暂无评论,快来评论吧!】发表评论: