Use Unbound to create a DNS server

Last Update:2018-12-03 Source: Internet

Author: User

Tags nameserver

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

1 installing unbound

Download and install unbound;

WgetHttp://www.unbound.net/downloads/unbound-latest.tar.gz

Tar xvfz unbound-latest.tar.gz

CD unbound- 1.0.2 /

./Configure -- prefix =/usr/local

Make
Make install

# Add unbound user groups and users

Groupadd unbound

Useradd-D/var/unbound-m-g unbound-S/bin/false unbound

Mkdir-P/var/unbound/var/run
Chown-r Unbound: unbound/var/unbound
Ln-S/var/unbound/var/run/unbound. PID/var/run/unbound. PID

Download root nameserver.

CD/var/unbound
Wget ftp://ftp.internic.net/domain/named.cache

Note: The root nameserver records the DNS servers responsible for each top domain. for example, when you are looking for www.google.com, the root nameserver will tell the local DNS server which name server is responsible. com domain, and then the local DNS is responsible for it. the name server of COM asks which name server is responsible for Google.com. finally, the local DNS can ask the name server in charge of Google.com about www. information about Google.com.

2 grouping ing unbound

Create/var/unbound. conf. You can also find an example. conf In the doc directory under the unbound source code. You can also accessHttp://www.unbound.net/documentation/unbound.conf.htmlView help information.

Add a "sip.com" zone as the sample configuration file.

VI/var/unbound. conf

Server:
Verbosity: 1
Interface: 0.0.0.0
Port: 53
Do-ip4: Yes
Do-ip6: No
Do-udp: Yes
Do-TCP: Yes
Do-daemonize: Yes
Access-control: 0.0.0.0/0 allow
# Access-control: 0.0.0.0/0 refuse
# Access-control: 127.0.0.0/8 allow
Chroot: "/var/Unbound"
Username: "Unbound"
Directory: "/var/Unbound"
Use-syslog: No
Pidfile: "/var/run/unbound. PID"
Root-hints: "/var/unbound/named. cache" Local-zone: "sip.com." static
Local-data: "sip.com. 86400 in SOA primary.sip.com kzy.sip.com. 200809031843 28800 7200 604800 86400"
Local-data: "sip.com. 86400 in NS primary.sip.com ."
Local-data: "sip.com. 86400 in NS secondary.sip.com ."
Local-data: "primary.sip.com. 86400 in a 192.168.1.7"
Local-data: "secondary.sip.com. 86400 in a 192.168.1.8"
Local-data: "www.sip.com. 86400 in a 192.168.1.9"
Local-data: "ftp.sip.com. 86400 in a 192.168.1.10"

Four domain names are added here:

Primary.sip.com

Secondary.sip.com

Www.sip.com

Ftp.sip.com

All are IPv4 addresses. It can be seen that the zone config of unbound is similar to the Zone file of BIND, but it is not as simplified as bind. Use unbound-checkconf to check whether the configuration file has an error:

CD/usr/local/sbin/

./Unbound-checkconf unbound. conf
Unbound-checkconf: no errors in unbound. conf

Run unbound. Run it in debug mode:

CD/usr/local/sbin/

./Unbound-D-C/var/unbound. conf-vvvv

......

Test Unbound:

Echo "nameserver 127.0.0.1">/etc/resolv. conf

Dig primary.sip.com

; <> Dig 9.5.0b2 <> primary.sip.com
; Global Options: printcmd
; Got answer:
;-> Header <-opcode: Query, status: noerror, ID: 18034
; Flags: qr aa rd ra; query: 1, answer: 1, authority: 0, additional: 0

; Question Section:
; Primary.sip.com. In

; Answer section:
Primary.sip.com. 86400 in a 192.168.1.7

; Query time: 6 msec
; Server: 127.0.0.1 #53 (127.0.0.1)
; When: Wed Sep 3 20:03:03 2008
; MSG size rcvd: 49

Dig secondary.sip.com

; <> Dig 9.5.0b2 <> secondary.sip.com
; Global Options: printcmd
; Got answer:
;-> Header <-opcode: Query, status: noerror, ID: 25490
; Flags: qr aa rd ra; query: 1, answer: 1, authority: 0, additional: 0

; Question Section:
; Secondary.sip.com. In

; Answer section:
Secondary.sip.com. 86400 in a 192.168.1.8

; Query time: 6 msec
; Server: 127.0.0.1 #53 (127.0.0.1)
; When: Wed Sep 3 20:03:03 2008
; MSG size rcvd: 51

Dig www.sip.com

; <> Dig 9.5.0b2 <> www.sip.com
; Global Options: printcmd
; Got answer:
;-> Header <-opcode: Query, status: noerror, ID: 30835
; Flags: qr aa rd ra; query: 1, answer: 1, authority: 0, additional: 0

; Question Section:
; Www.sip.com. In

; Answer section:
Www.sip.com. 86400 in a 192.168.1.9

; Query time: 6 msec
; Server: 127.0.0.1 #53 (127.0.0.1)
; When: Wed Sep 3 20:03:03 2008
; MSG size rcvd: 45

Dig ftp.sip.com

; <> Dig 9.5.0b2 <> ftp.sip.com
; Global Options: printcmd
; Got answer:
;-> Header <-opcode: Query, status: noerror, ID: 19037
; Flags: qr aa rd ra; query: 1, answer: 1, authority: 0, additional: 0

; Question Section:
; Ftp.sip.com. In

; Answer section:
Ftp.sip.com. 86400 in a 192.168.1.10

; Query time: 6 msec
; Server: 127.0.0.1 #53 (127.0.0.1)
; When: Wed Sep 3 20:03:03 2008
; MSG size rcvd: 45

All tests are normal and unbound runs normally! You can add a script to/etc/init. d/and use Unbound to start the system service!

3 links

Unbound:Http://www.unbound.net/index.html
Debian:Http://www.debian.org

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More