# cat /etc/redhat-release
CentOS release 6.2 (Final)
# uname -ri
2.6.32-220.7.1.el6.x86_64 x86_64
|
download unbound-1.4.16.tar.gz from http://www.unbound.net/download.html
[ preparation ]
install RPMs via yum
# yum install –y gcc openssl openssl-devel expat expat-devel make
|
download ldns from http://www.nlnetlabs.nl/projects/ldns/ and compile it.
# tar xzvf ldns-1.6.12.tar.gz
# cd ldns-1.6.12
# ./configure --disable-gost
# make
# make install
|
# ls /usr/local/lib/
libldns.a libldns.la libldns.so libldns.so.1 libldns.so.1.6.12
# ls /usr/local/include/ldns/
buffer.h dnssec_zone.h ldns.h resolver.h tsig.h
common.h error.h net.h rr.h update.h
dname.h higher.h packet.h rr_functions.h util.h
dnssec.h host2str.h parse.h sha1.h wire2host.h
dnssec_sign.h host2wire.h rbtree.h sha2.h zone.h
dnssec_verify.h keys.h rdata.h str2host.h
|
[ compile unbound ]
# yum install –y gcc openssl openssl-devel expat expat-devel
# tar xzvf unbound-1.4.16.tar.gz
# cd unbound-1.4.16
# ./configure --disable-gost
# make
# make install
|
config file
# head -5 /usr/local/etc/unbound/unbound.conf
#
# Example configuration file.
#
# See unbound.conf(5) man page, version 1.4.16.
#
|
start unbound
nn , error
# /usr/local/sbin/unbound
/usr/local/sbin/unbound: error while loading shared libraries: libldns.so.1: cannot open shared object file: No such file or directory
|
# locate libldns.so.1
/usr/local/lib/libldns.so.1
/usr/local/lib/libldns.so.1.6.12
|
re-compile unbound
specify ldns’s dir.
# ./configure --disable-gost --with-ldns=/usr/local/
# make
# make install
|
start unbound
# /usr/local/sbin/unbound
[1333368325] unbound[25463:0] fatal error: user 'unbound' does not exist.
|
add unbound user.
# adduser unbound -s /bin/false
|
start unbound
# /usr/local/sbin/unbound
# lsof -ni:53
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
unbound 25484 unbound 3u IPv6 94645 0t0 UDP [::1]:domain
unbound 25484 unbound 4u IPv6 94647 0t0 TCP [::1]:domain (LISTEN)
unbound 25484 unbound 5u IPv4 94649 0t0 UDP 127.0.0.1:domain
unbound 25484 unbound 6u IPv4 94651 0t0 TCP 127.0.0.1:domain (LISTEN)
|
make keys to use unbound-control command
# /usr/local/sbin/unbound-control-setup
|
edit unbound.conf
# egrep control-enable /usr/local/etc/unbound/un
bound.conf
# control-enable: no
control-enable: yes
|
stop/start unbound
# kill ‘unbound’s PID’
# /usr/local/sbin/unbound
# unbound-control status
version: 1.4.16
verbosity: 1
threads: 1
modules: 2 [ validator iterator ]
uptime: 7 seconds
unbound (pid 25521) is running...
|
confirm name resolution
# dig @127.1 www.google.com +short
www.l.google.com.
74.125.235.83
74.125.235.81
74.125.235.84
74.125.235.82
74.125.235.80
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.