| 1 |
systemctl start firewalld |
| 2 |
systemctl enable firewalld |
| 3 |
firewall-cmd --permanent --zone=public --add-interface=eth0 |
| 4 |
firewall-cmd --reload |
| 5 |
firewall-cmd --permanent --add-service=dns --zone=public |
| 6 |
firewall-cmd --reload |
| 7 |
|
| 8 |
yum install -y unbound bind-utils |
| 9 |
|
| 10 |
export PUBLIC_IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') |
| 11 |
|
| 12 |
sed -i.original "s/\t/ /;/^\s*#/d;/^$/d" /etc/unbound/unbound.conf |
| 13 |
sed -i "/server:/a\ interface: 127.0.0.1\n interface: $PUBLIC_IP\n do-not-query-localhost: no\n access-control: 10.0.0.0/8 allow" /etc/unbound/unbound.conf |
| 14 |
cat >> /etc/unbound/unbound.conf << EOF |
| 15 |
forward-zone: |
| 16 |
name: "." |
| 17 |
forward-addr: 8.8.8.8 |
| 18 |
forward-addr: 8.8.4.4 |
| 19 |
EOF |
| 20 |
|
| 21 |
sed -i "s/PEERDNS=.*/PEERDNS=no/" /etc/sysconfig/network-scripts/ifcfg-eth0 |
| 22 |
sed -i "s/nameserver.*/nameserver 127.0.0.1/" /etc/resolv.conf |
| 23 |
|
| 24 |
systemctl start unbound |
| 25 |
systemctl enable unbound |
| 26 |
|