安裝Unbound

3-1 安裝Unbound

    FreeBSD 10.x以後的版本，開始支援Unbound作為DNS服務，相較之下Unbound又更為簡單，方便許多。如果使用者仍習慣以傳統Bind來操作DNS服務，做法跟舊版的方式是一樣，有興趣的讀者，可以自行試試看。

安裝

# pkg install unbound

結果，會顯示目前安裝的版本號

pdating FreeBSD repository catalogue... ．略． New packages to be INSTALLED:         unbound: 1.5.8         ldns: 1.6.17_5 ．略．

將local_unbound_enable=YES寫入 /etc/rc.conf

# sysrc local_unbound_enable=YES

回報寫入成功

local_unbound_enable: YES -> YES

啟動local_unbound

# service local_unbound restart

結果

Stopping local_unbound. Waiting for PIDS: 340. Starting local_unbound. Waiting for nameserver to start... good

3-1-1 外部解析

　　編輯unbound.conf讓內網的使用者，能解析到外部FQDN。

# ee /var/unbound/unbound.conf

增加兩行interface，access-control

# This file was generated by local-unbound-setup. # Modifications will be overwritten. server:         username: unbound         directory: /var/unbound         chroot: /var/unbound         pidfile: /var/run/local_unbound.pid         auto-trust-anchor-file: /var/unbound/root.key         interface: 0.0.0.0                        　// 0.0.0.0 監聽所有地址         access-control: 192.168.9.0/24 allow　　　　　　　// 只允許內部訪問 include: /var/unbound/forward.conf include: /var/unbound/lan-zones.conf include: /var/unbound/control.conf

重新起動local_unbound

# service local_unbound restart

如執行有錯誤，會有訊號提醒

Stopping local_unbound. Starting local_unbound. Waiting for nameserver to start... good

　　此刻已經能把網內單機的TCP/IP內DNS指向這台主機，會發現已經能解析到外部網址，是不是很簡單？

3-1-2 內部解析

　　當網內有多部主機提供網路服務時（如：www，ftp，mail，FileServer，等等，也需要有內部DNS提供解析本地域名與主機。

再次編輯unbound.conf

# ee /var/unbound/unbound.conf

內容如下：

# This file was generated by local-unbound-setup. # Modifications will be overwritten. server:         username: unbound         directory: /var/unbound         chroot: /var/unbound         pidfile: /var/run/local_unbound.pid         auto-trust-anchor-file: /var/unbound/root.key         interface: 0.0.0.0         access-control: 192.168.9.0/24 allow private-domain: "testbsd.com" local-zone: "testbsd.com." static local-data: "f10.testbsd.com. IN A 192.168.9.10" local-data: "f20.testbsd.com. IN A 192.168.9.20" local-data: "f30.testbsd.com. IN A 192.168.9.30" local-data: "f40.testbsd.com. IN A 192.168.9.40" local-data: "testbsd.com. IN mx 10 f10.testbsd.com" local-data-ptr: "192.168.9.10 f10.testbsd.com" local-data-ptr: "192.168.9.20 f20.testbsd.com" local-data-ptr: "192.168.9.30 f30.testbsd.com" local-data-ptr: "192.168.9.40 f40.testbsd.com" include: /var/unbound/forward.conf include: /var/unbound/lan-zones.conf include: /var/unbound/control.conf include: /var/unbound/conf.d/*.conf

再次啟動unbound

# service local_unbound restart

區域網路內的作業用機，把TCP/IP的DNS指向這台主機，進而解析到內部主機，是不是一樣很簡單且快速？

補充：在設定的過程中，可以使用下列指令確認設定是否正確？

# unbound-checkconf /var/unbound/unbound.conf

顯示正確無誤

unbound-checkconf: no errors in /var/unbound/unbound.conf