dns-unbound/service-install.sh

raw link view readme
1 yum install firewalld -y
2 systemctl start firewalld
3 systemctl enable firewalld
4 firewall-cmd --permanent --zone=public --add-interface=eth0
5 firewall-cmd --reload
6 firewall-cmd --permanent --add-service=dns --zone=public
7 firewall-cmd --reload
8
9 yum install -y unbound bind-utils
10
11 export PUBLIC_IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
12
13 sed -i.original "s/\t/ /;/^\s*#/d;/^$/d" /etc/unbound/unbound.conf
14 sed -i "/server:/a\ interface: 127.0.0.1\n interface: $PUBLIC_IP\n do-not-query-localhost: no\n access-control: 10.0.0.0/8 allow" /etc/unbound/unbound.conf
15 cat >> /etc/unbound/unbound.conf << EOF
16 forward-zone:
17 name: "."
18 forward-addr: 8.8.8.8
19 forward-addr: 8.8.4.4
20 EOF
21
22 sed -i "s/PEERDNS=.*/PEERDNS=no/" /etc/sysconfig/network-scripts/ifcfg-eth0
23 sed -i "s/nameserver.*/nameserver 127.0.0.1/" /etc/resolv.conf
24
25 systemctl start unbound
26 systemctl enable unbound
27