unbound で内向き DNS

環境は、Fedora19

まず、unboundのインストール

# yum install unbound

設定ファイルを色々変更

/etc/unbound/unbound.conf

--- unbound.conf.orig   2014-01-24 03:01:49.046023864 +0900
+++ unbound.conf        2014-01-24 03:31:23.681894978 +0900
@@ -35,7 +35,7 @@
        # specify 0.0.0.0 and ::0 to bind to all available interfaces.
        # specify every interface on a new 'interface:' labelled line.
        # The listen interfaces are not changed on reload, only on restart.
-       # interface: 0.0.0.0
+       interface: 0.0.0.0
        # interface: ::0
        # interface: 192.0.2.153
        # interface: 192.0.2.154
@@ -181,10 +181,11 @@
        # Choose deny (drop message), refuse (polite error reply),
        # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
        # access-control: 0.0.0.0/0 refuse
-       # access-control: 127.0.0.0/8 allow
+       access-control: 127.0.0.0/8 allow
        # access-control: ::0/0 refuse
        # access-control: ::1 allow
        # access-control: ::ffff:127.0.0.1 allow
+       access-control: 10.0.0.0/24 allow

        # if given, a chroot(2) is done to the given directory.
        # i.e. you can chroot to the working directory, for example,
@@ -502,7 +503,7 @@
        # Enable remote control with unbound-control(8) here.
        # set up the keys and certificates with unbound-control-setup.
        # Note: required for unbound-munin package
-       control-enable: yes
+       control-enable: no

        # what interfaces are listened to for remote control.
        # give 0.0.0.0 and ::0 to listen to all interfaces.

/etc/unbound/local.d/forward.conf

# Google Public DNS
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.8.4

/etc/unbound/conf.d/tndl.net.conf

# tndl.net sample config
local-zone "tndl.net." static
# 正引き設定
local-data: "tndl.net. 3600 IN MX 5 10.0.0.1"
local-data: "www.tndl.net. 3600 IN A 10.0.0.2" # 書いた順に解決されるため、サブドメインから定義していくこと。
local-data: "tndl.net. 3600 IN A 10.0.0.1"
# 逆引き設定
local-data-ptr: "10.0.0.2 www.tndl.net."
local-data-ptr: "10.0.0.1 tndl.net."

config のチェック、起動と動作確認、サービスの有効化

# unbound-checkconf
# service unbound start
# drill tndl.net@10.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 30853
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; tndl.net@127.0.0.1.  IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
.       285     IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2014012301 1800 900 604800 86400

;; ADDITIONAL SECTION:

;; Query time: 177 msec
;; SERVER: 10.0.0.1
;; WHEN: Fri Jan 24 10:27:30 2014
;; MSG SIZE  rcvd: 111
# service unbound enable

コメントを残す

メールアドレスが公開されることはありません。

このサイトはスパムを低減するために Akismet を使っています。コメントデータの処理方法の詳細はこちらをご覧ください