====== DNS Recursivo ======
Virtual Private Server - VPS, hospedado no cluster VMware localizado na sala de maquinas do PoP-CE/RNP.
Atua como servidor de DNS recursivo nas redes do IFCE:
===== Configurações da VPS =====
Hostname: dns.ifce.edu.br
IPv4: 200.17.33.89
OS: FreeBSD-10.1-RELEASE-amd64
Username: operador
Passwd: 1Password @ Dominios -> ifce.edu.br -> HP BladeSystem -> dns
vCPU's: 2
RAM: 2GiB
HDD: 8GiB
===== Software utilizados pelo serviço =====
unbound-1.5.3_1
vim-7.4.657
==== Instalação ====
A instalação do Unbound pode ser feita via PKG da seguinte forma:
root@dns:~ # pkg install unbound
Configure o Unbound para ser inicializado juntamente com o sistema:
root@dns:~ # echo 'unbound_enable="YES"' >> /etc/rc.conf
==== Estrutura de diretórios ====
Todos os arquivos de zona, devem ser colocados em ''/usr/local/etc/unbound''. O arquivo unbound.conf contém todas as configurações do serviço:
# The server clause sets the main parameters.
server:
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: no
num-threads: 4
interface: 200.17.33.89
interface-automatic: no
port: 53
outgoing-interface: 200.17.33.89
outgoing-range: 100
outgoing-num-tcp: 50
incoming-num-tcp: 50
so-reuseport: no
edns-buffer-size: 4096
max-udp-size: 4096
msg-buffer-size: 65552
msg-cache-size: 128m
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
# control which clients are allowed to make (recursive) queries
# to this server. Specify classless netblocks with /size and action.
# By default everything is refused, except for localhost.
# Choose deny (drop message), refuse (polite error reply),
# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
# deny_non_local (drop queries unless can be answered from local-data)
# refuse_non_local (like deny_non_local but polite error reply).
access-control: 127.0.0.0/8 allow
access-control: 200.17.33.0/24 allow
access-control: 200.17.32.0/24 allow
access-control: 186.225.63.200/29 allow
access-control: 187.19.201.48/29 allow
access-control: 201.20.93.170/29 allow
access-control: 200.129.0.33/32 allow
access-control: 200.129.0.34/32 allow
access-control: 200.129.9.0/24 allow
access-control: 200.129.10.0/24 allow
access-control: 200.129.11.0/24 allow
access-control: 200.129.16.0/24 allow
access-control: 200.129.17.0/24 allow
access-control: 200.129.18.0/26 allow
access-control: 200.129.18.64/26 allow
access-control: 200.129.18.128/26 allow
access-control: 200.129.24.0/24 allow
access-control: 200.129.25.0/24 allow
access-control: 200.129.46.0/24 allow
access-control: 200.129.48.0/24 allow
access-control: 201.20.97.248/29 allow
access-control: 201.20.98.0/29 allow
chroot: "/usr/local/etc/unbound"
username: "unbound"
directory: "/usr/local/etc/unbound"
logfile: "/usr/local/etc/unbound/unbound.log"
use-syslog: no
log-time-ascii: no
log-queries: no
pidfile: "/usr/local/etc/unbound/unbound.pid"
root-hints: "/usr/local/etc/unbound/root.hints"
hide-identity: yes
hide-version: yes
identity: "Servidor de DNS recursivo do IFCE"
remote-control:
control-enable: no
control-interface: 127.0.0.1
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . "
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: November 05, 2014
; related version of root zone: 2014110501
;
; formerly NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file
==== Operando o serviço ====
=== Iniciando o serviço ===
Reincia-se o serviço do Unbound através do comando:
service unbound start
=== Parando o serviço ===
Reincia-se o serviço do Unbound através do comando:
service unbound stop
=== Reiniciando o serviço ===
Reincia-se o serviço do Unbound através do comando:
service unbound restart
===== Referências =====
* [[https://www.freebsd.org/doc/handbook/pkgng-intro.html|freebsd.org]]
* [[https://unbound.net/documentation/unbound.conf.html|unbound.net]]