DNS Recursivo
Virtual Private Server - VPS, hospedado no cluster VMware localizado na sala de maquinas do PoP-CE/RNP. Atua como servidor de DNS recursivo nas redes do IFCE:
Configurações da VPS
Hostname: dns.ifce.edu.br IPv4: 200.17.33.89 OS: FreeBSD-10.1-RELEASE-amd64 Username: operador Passwd: 1Password @ Dominios -> ifce.edu.br -> HP BladeSystem -> dns vCPU's: 2 RAM: 2GiB HDD: 8GiB
Software utilizados pelo serviço
unbound-1.5.3_1 vim-7.4.657
Instalação
A instalação do Unbound pode ser feita via PKG da seguinte forma:
root@dns:~ # pkg install unbound
Configure o Unbound para ser inicializado juntamente com o sistema:
root@dns:~ # echo 'unbound_enable="YES"' >> /etc/rc.conf
Estrutura de diretórios
Todos os arquivos de zona, devem ser colocados em /usr/local/etc/unbound
. O arquivo unbound.conf contém todas as configurações do serviço:
- unbound.conf
# The server clause sets the main parameters. server: verbosity: 1 statistics-interval: 0 statistics-cumulative: no extended-statistics: no num-threads: 4 interface: 200.17.33.89 interface-automatic: no port: 53 outgoing-interface: 200.17.33.89 outgoing-range: 100 outgoing-num-tcp: 50 incoming-num-tcp: 50 so-reuseport: no edns-buffer-size: 4096 max-udp-size: 4096 msg-buffer-size: 65552 msg-cache-size: 128m do-ip4: yes do-ip6: yes do-udp: yes do-tcp: yes do-daemonize: yes # control which clients are allowed to make (recursive) queries # to this server. Specify classless netblocks with /size and action. # By default everything is refused, except for localhost. # Choose deny (drop message), refuse (polite error reply), # allow (recursive ok), allow_snoop (recursive and nonrecursive ok) # deny_non_local (drop queries unless can be answered from local-data) # refuse_non_local (like deny_non_local but polite error reply). access-control: 127.0.0.0/8 allow access-control: 200.17.33.0/24 allow access-control: 200.17.32.0/24 allow access-control: 186.225.63.200/29 allow access-control: 187.19.201.48/29 allow access-control: 201.20.93.170/29 allow access-control: 200.129.0.33/32 allow access-control: 200.129.0.34/32 allow access-control: 200.129.9.0/24 allow access-control: 200.129.10.0/24 allow access-control: 200.129.11.0/24 allow access-control: 200.129.16.0/24 allow access-control: 200.129.17.0/24 allow access-control: 200.129.18.0/26 allow access-control: 200.129.18.64/26 allow access-control: 200.129.18.128/26 allow access-control: 200.129.24.0/24 allow access-control: 200.129.25.0/24 allow access-control: 200.129.46.0/24 allow access-control: 200.129.48.0/24 allow access-control: 201.20.97.248/29 allow access-control: 201.20.98.0/29 allow chroot: "/usr/local/etc/unbound" username: "unbound" directory: "/usr/local/etc/unbound" logfile: "/usr/local/etc/unbound/unbound.log" use-syslog: no log-time-ascii: no log-queries: no pidfile: "/usr/local/etc/unbound/unbound.pid" root-hints: "/usr/local/etc/unbound/root.hints" hide-identity: yes hide-version: yes identity: "Servidor de DNS recursivo do IFCE" remote-control: control-enable: no control-interface: 127.0.0.1
- root.hints
; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: November 05, 2014 ; related version of root zone: 2014110501 ; ; formerly NS.INTERNIC.NET ; . 3600000 NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d ; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f ; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 ; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 ; End of file
Operando o serviço
Iniciando o serviço
Reincia-se o serviço do Unbound através do comando:
service unbound start
Parando o serviço
Reincia-se o serviço do Unbound através do comando:
service unbound stop
Reiniciando o serviço
Reincia-se o serviço do Unbound através do comando:
service unbound restart