infraestrutura:unbound

DNS Recursivo

Virtual Private Server - VPS, hospedado no cluster VMware localizado na sala de maquinas do PoP-CE/RNP. Atua como servidor de DNS recursivo nas redes do IFCE:

Hostname: dns.ifce.edu.br
IPv4: 200.17.33.89
OS: FreeBSD-10.1-RELEASE-amd64
Username: operador
Passwd: 1Password @ Dominios -> ifce.edu.br -> HP BladeSystem -> dns
vCPU's: 2
RAM: 2GiB
HDD: 8GiB
unbound-1.5.3_1
vim-7.4.657

A instalação do Unbound pode ser feita via PKG da seguinte forma:

root@dns:~ # pkg install unbound

Configure o Unbound para ser inicializado juntamente com o sistema:

root@dns:~ # echo 'unbound_enable="YES"' >> /etc/rc.conf

Todos os arquivos de zona, devem ser colocados em /usr/local/etc/unbound. O arquivo unbound.conf contém todas as configurações do serviço:

unbound.conf
# The server clause sets the main parameters. 
server:
	verbosity: 1
	statistics-interval: 0
	statistics-cumulative: no
	extended-statistics: no
	num-threads: 4
	interface: 200.17.33.89
	interface-automatic: no
	port: 53
	outgoing-interface: 200.17.33.89
	outgoing-range: 100
	outgoing-num-tcp: 50
	incoming-num-tcp: 50
	so-reuseport: no
	edns-buffer-size: 4096
	max-udp-size: 4096
	msg-buffer-size: 65552
	msg-cache-size: 128m
	do-ip4: yes
	do-ip6: yes
	do-udp: yes
	do-tcp: yes
	do-daemonize: yes
	# control which clients are allowed to make (recursive) queries
	# to this server. Specify classless netblocks with /size and action.
	# By default everything is refused, except for localhost.
	# Choose deny (drop message), refuse (polite error reply),
	# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
	# deny_non_local (drop queries unless can be answered from local-data)
	# refuse_non_local (like deny_non_local but polite error reply).
	access-control: 127.0.0.0/8 allow
	access-control: 200.17.33.0/24 allow
	access-control: 200.17.32.0/24 allow
	access-control: 186.225.63.200/29 allow
	access-control: 187.19.201.48/29 allow
	access-control: 201.20.93.170/29 allow
	access-control: 200.129.0.33/32 allow
	access-control: 200.129.0.34/32 allow
	access-control: 200.129.9.0/24 allow
	access-control: 200.129.10.0/24 allow
	access-control: 200.129.11.0/24 allow
	access-control: 200.129.16.0/24 allow
	access-control: 200.129.17.0/24 allow
	access-control: 200.129.18.0/26 allow
	access-control: 200.129.18.64/26 allow
	access-control: 200.129.18.128/26 allow
	access-control: 200.129.24.0/24 allow
	access-control: 200.129.25.0/24 allow
	access-control: 200.129.46.0/24 allow
	access-control: 200.129.48.0/24 allow
	access-control: 201.20.97.248/29 allow
	access-control: 201.20.98.0/29 allow
	chroot: "/usr/local/etc/unbound"
	username: "unbound"
	directory: "/usr/local/etc/unbound"
	logfile: "/usr/local/etc/unbound/unbound.log"
	use-syslog: no
	log-time-ascii: no
	log-queries: no
	pidfile: "/usr/local/etc/unbound/unbound.pid"
	root-hints: "/usr/local/etc/unbound/root.hints"
	hide-identity: yes
	hide-version: yes
	identity: "Servidor de DNS recursivo do IFCE"
 
remote-control:
	control-enable: no
	control-interface: 127.0.0.1
root.hints
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    November 05, 2014
;       related version of root zone:   2014110501
;
; formerly NS.INTERNIC.NET
;
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803f:235
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
; End of file

Iniciando o serviço

Reincia-se o serviço do Unbound através do comando:

service unbound start

Parando o serviço

Reincia-se o serviço do Unbound através do comando:

service unbound stop

Reiniciando o serviço

Reincia-se o serviço do Unbound através do comando:

service unbound restart
  • infraestrutura/unbound.txt
  • Última modificação: 2021/08/25 10:33
  • (edição externa)