dns-unbound/service-install.sh

raw link view readme
1 systemctl start firewalld
2 systemctl enable firewalld
3 firewall-cmd --permanent --zone=public --add-interface=eth0
4 firewall-cmd --reload
5 firewall-cmd --permanent --add-service=dns --zone=public
6 firewall-cmd --reload
7
8 yum install -y unbound bind-utils
9
10 export PUBLIC_IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
11
12 sed -i.original "s/\t/ /;/^\s*#/d;/^$/d" /etc/unbound/unbound.conf
13 sed -i "/server:/a\ interface: 127.0.0.1\n interface: $PUBLIC_IP\n do-not-query-localhost: no\n access-control: 10.0.0.0/8 allow" /etc/unbound/unbound.conf
14 cat >> /etc/unbound/unbound.conf << EOF
15 forward-zone:
16 name: "."
17 forward-addr: 8.8.8.8
18 forward-addr: 8.8.4.4
19 EOF
20
21 sed -i "s/PEERDNS=.*/PEERDNS=no/" /etc/sysconfig/network-scripts/ifcfg-eth0
22 sed -i "s/nameserver.*/nameserver 127.0.0.1/" /etc/resolv.conf
23
24 systemctl start unbound
25 systemctl enable unbound
26