首页 > 代码库 > Unbound+Munin自建DNS解析系统

Unbound+Munin自建DNS解析系统

Unbound  一款很不错的递归DNS软件,Munin 一款免费的统计软件,可配合apache实现图形化的监控,而且支持unbound的plugin模块,还能监控服务器的各项指标参数。下面介绍Unbound+Munin建站方法。

测试环境:centos 6.4 x86 unbound-1.4.22.tar.gz

【第一部分 安装并配置unbound】
(1)解压unbound源码包
(2)进入源码包后执行./configure --prefix=/usr/local/unbound
(3)执行make
(4)执行make install 
注意:
a.如果configure时提示:configure: error: OpenSSLdoes not support ECC, needed for GOST support
   是因为openssl的版本过低,请用yum 升级本机的openssl
b.操作系统默认安装了expat的rpm包,但是缺少lib库包,所以configure是可能还会提示 configureerror could not find expat h
    请安装 expat-devel-2.0.1-11.el6_2.x86_64.rpm
(5)进入/usr/local/unbound目录可看到如下目录
 [root@localhost sbin]# cd/usr/local/unbound/
[root@localhost unbound]# ls

etc  include lib  sbin  share
(6)进入etc下执行 wget ftp://ftp.internic.net/domain/named.cache
(7)Vimunbound.conf文件初步修改如下:

interface: 0.0.0.0

port: 53

do-ip4: yes

do-ip6: yes

do-udp: yes

do-tcp: yes

do-daemonize: yes

access-control: 0.0.0.0/0 allow

chroot:"/usr/local/unbound/etc/unbound"

username: "root"

directory:"/usr/local/unbound/etc/unbound"

use-syslog: yes

pidfile:"/usr/local/unbound/etc/unbound/unbound.pid"

root-hints:"/usr/local/unbound/etc/unbound/named.cache"

rrset-roundrobin: yes

minimal-responses: no

control-enable: yes

control-port: 8953

control-key-file:"/usr/local/unbound/etc/unbound/unbound_control.key"

control-cert-file:"/usr/local/unbound/etc/unbound/unbound_control.pem"
(8) cd/usr/local/unbound/sbin
执行./unbound-checkconf/usr/local/unbound/etc/unbound/unbound.conf
确认输出的是no errors in/usr/local/unbound/etc/unbound/unbound.conf
执行./unboun-control-setup
(9) 执行./unbound -d -c /usr/local/unbound/etc/unbound/unbound.conf &
ps –ef|grepunbound确认unbound
netstat–nap|grep 53 确认unbound
注意:如果要用unbound-control脚本做控制需要设置环境变量,否则执行./unbound-control start启动进程,提示fatal error: couldnot exec unbound: No such file or directory。
 设置方法如下

cd /usr/local/unbound/sbin

vim ~/.bashrc

在最下面增加:exportPATH=/usr/local/unbound/sbin/:$PATH
(10)使用dig @localhost测试域名解析

【第二部分 安装并配置Munin】
(1)使用yum安装munin、munin-node、httpd、unbound-munin
  [root@localhost plugins]# rpm -qa|grep munin

munin-common-2.0.20-1.el6.noarch

munin-node-2.0.20-1.el6.noarch

munin-2.0.20-1.el6.noarch
 unbound-munin-1.4.21-1.el6.noarch
(2) 初始化配置munin和httpd
cd /etc/munin
 vim munin.conf取消注释如下:

 wKiom1RFL_rAsMORAABwF6OAj8Q558.jpg

其余配置都保持默认。
 cd /etc/httpd/conf.d/
 vim munin.conf

wKioL1RFMHeifCueAADSESQxGTw489.jpg

保存退出
执行htpasswd -cm /etc/munin/munin-htpasswd zsf设置密码
然后执行/etc/init.d/munin-node start和/etc/init.d/httpd start
 查看进程如下

wKiom1RFMFyisKqZAAIeg0Sl6vw298.jpg

在电脑浏览器上输入http://192.168.187.176/munin

wKioL1RFMNGyxBM1AAEANPf4RgI204.jpg

输入用户名zsf和密码

wKiom1RFMKqhZLrIAAGV3DlIdXU682.jpg

 

wKioL1RFMRXSRdQ_AAOcUXKKsaU303.jpg

 

【第三部分 配置unbound和munin】
a)配置Unbound确认DNS软件能正常工作。

(1)必须开启remote功能,即能使用unbound-control

wKiom1RFMQ3T2Ui-AACPkKzvfmU567.jpg

b) cd /usr/share/munin/plugins/确认unbound相关plugin都已经安装如下

wKioL1RFMZWD1L9GAAH6NzRaKKs555.jpg

c)vim unbound然后选择E,编辑脚本内容如下.
指向unbound源码包安装的位置,默认指向的是unbound的rpm包安装位置

wKiom1RFMYTBimyWAACzUtwFwfQ401.jpg

d)cd /etc/munin/plugins执行如下软连接命令
 ln -s /usr/share/munin/plugins/unbound_munin_by_class /etc/munin/plugins/unbound_munin_by_class
 ln -s /usr/share/munin/plugins/unbound_munin_by_flags /etc/munin/plugins/unbound_munin_by_flags
 ln -s /usr/share/munin/plugins/unbound_munin_by_opcode /etc/munin/plugins/unbound_munin_by_opcode
 ln -s /usr/share/munin/plugins/unbound_munin_by_rcode /etc/munin/plugins/unbound_munin_by_rcode
 ln -s /usr/share/munin/plugins/unbound_munin_by_type /etc/munin/plugins/unbound_munin_by_type
 ln -s /usr/share/munin/plugins/unbound_munin_histogram /etc/munin/plugins/unbound_munin_histogram
 ln -s /usr/share/munin/plugins/unbound_munin_hits /etc/munin/plugins/unbound_munin_hits
 ln -s /usr/share/munin/plugins/unbound_munin_memory /etc/munin/plugins/unbound_munin_memory
 ln -s /usr/share/munin/plugins/unbound_munin_queue /etc/munin/plugins/unbound_munin_queue

wKioL1RFMhvTM_JNAAK8_MDa398185.jpg

e)cd /etc/munin/plugin-conf.d
   vim unbound

wKioL1RFMkqAo0vfAADgMdmx1_8525.jpg

f)启动munin和httpd
 /etc/init.d/munin-node start/etc/init.d/httpd start

g)使用浏览器登录http://192.168.187.169/munin然后单击左侧的dns可查看相关统计数据

wKiom1RFMoHgYMgPAADx5bwHzls330.jpg

 

wKiom1RFMoGhtNNqAAHeKNKyg30637.jpg

 

wKioL1RFMsujWKwUAAJCmoLqsQQ830.jpg

 

wKiom1RFMoHTsAZjAAJJNE6w6dc701.jpg

 

wKioL1RFMsvQ3bArAAGxVCzV4jc723.jpg

本文出自 “张舵主” 博客,转载请与作者联系!

Unbound+Munin自建DNS解析系统