首页 > 代码库 > Unbound+Munin自建DNS解析系统
Unbound+Munin自建DNS解析系统
Unbound 一款很不错的递归DNS软件,Munin 一款免费的统计软件,可配合apache实现图形化的监控,而且支持unbound的plugin模块,还能监控服务器的各项指标参数。下面介绍Unbound+Munin建站方法。
测试环境:centos 6.4 x86 unbound-1.4.22.tar.gz
【第一部分 安装并配置unbound】
(1)解压unbound源码包
(2)进入源码包后执行./configure --prefix=/usr/local/unbound
(3)执行make
(4)执行make install
注意:
a.如果configure时提示:configure: error: OpenSSLdoes not support ECC, needed for GOST support
是因为openssl的版本过低,请用yum 升级本机的openssl
b.操作系统默认安装了expat的rpm包,但是缺少lib库包,所以configure是可能还会提示 configureerror could not find expat h
请安装 expat-devel-2.0.1-11.el6_2.x86_64.rpm
(5)进入/usr/local/unbound目录可看到如下目录
[root@localhost sbin]# cd/usr/local/unbound/
[root@localhost unbound]# ls
etc include lib sbin share
(6)进入etc下执行 wget ftp://ftp.internic.net/domain/named.cache
(7)Vimunbound.conf文件初步修改如下:
interface: 0.0.0.0
port: 53
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 allow
chroot:"/usr/local/unbound/etc/unbound"
username: "root"
directory:"/usr/local/unbound/etc/unbound"
use-syslog: yes
pidfile:"/usr/local/unbound/etc/unbound/unbound.pid"
root-hints:"/usr/local/unbound/etc/unbound/named.cache"
rrset-roundrobin: yes
minimal-responses: no
control-enable: yes
control-port: 8953
control-key-file:"/usr/local/unbound/etc/unbound/unbound_control.key"
control-cert-file:"/usr/local/unbound/etc/unbound/unbound_control.pem"
(8) cd/usr/local/unbound/sbin
执行./unbound-checkconf/usr/local/unbound/etc/unbound/unbound.conf
确认输出的是no errors in/usr/local/unbound/etc/unbound/unbound.conf
执行./unboun-control-setup
(9) 执行./unbound -d -c /usr/local/unbound/etc/unbound/unbound.conf &
ps –ef|grepunbound确认unbound
netstat–nap|grep 53 确认unbound
注意:如果要用unbound-control脚本做控制需要设置环境变量,否则执行./unbound-control start启动进程,提示fatal error: couldnot exec unbound: No such file or directory。
设置方法如下
cd /usr/local/unbound/sbin
vim ~/.bashrc
在最下面增加:exportPATH=/usr/local/unbound/sbin/:$PATH
(10)使用dig @localhost测试域名解析
【第二部分 安装并配置Munin】
(1)使用yum安装munin、munin-node、httpd、unbound-munin
[root@localhost plugins]# rpm -qa|grep munin
munin-common-2.0.20-1.el6.noarch
munin-node-2.0.20-1.el6.noarch
munin-2.0.20-1.el6.noarch
unbound-munin-1.4.21-1.el6.noarch
(2) 初始化配置munin和httpd
cd /etc/munin
vim munin.conf取消注释如下:
其余配置都保持默认。
cd /etc/httpd/conf.d/
vim munin.conf
保存退出
执行htpasswd -cm /etc/munin/munin-htpasswd zsf设置密码
然后执行/etc/init.d/munin-node start和/etc/init.d/httpd start
查看进程如下
在电脑浏览器上输入http://192.168.187.176/munin
输入用户名zsf和密码
【第三部分 配置unbound和munin】
a)配置Unbound确认DNS软件能正常工作。
(1)必须开启remote功能,即能使用unbound-control
b) cd /usr/share/munin/plugins/确认unbound相关plugin都已经安装如下
c)vim unbound然后选择E,编辑脚本内容如下.
指向unbound源码包安装的位置,默认指向的是unbound的rpm包安装位置
d)cd /etc/munin/plugins执行如下软连接命令
ln -s /usr/share/munin/plugins/unbound_munin_by_class /etc/munin/plugins/unbound_munin_by_class
ln -s /usr/share/munin/plugins/unbound_munin_by_flags /etc/munin/plugins/unbound_munin_by_flags
ln -s /usr/share/munin/plugins/unbound_munin_by_opcode /etc/munin/plugins/unbound_munin_by_opcode
ln -s /usr/share/munin/plugins/unbound_munin_by_rcode /etc/munin/plugins/unbound_munin_by_rcode
ln -s /usr/share/munin/plugins/unbound_munin_by_type /etc/munin/plugins/unbound_munin_by_type
ln -s /usr/share/munin/plugins/unbound_munin_histogram /etc/munin/plugins/unbound_munin_histogram
ln -s /usr/share/munin/plugins/unbound_munin_hits /etc/munin/plugins/unbound_munin_hits
ln -s /usr/share/munin/plugins/unbound_munin_memory /etc/munin/plugins/unbound_munin_memory
ln -s /usr/share/munin/plugins/unbound_munin_queue /etc/munin/plugins/unbound_munin_queue
e)cd /etc/munin/plugin-conf.d
vim unbound
f)启动munin和httpd
/etc/init.d/munin-node start/etc/init.d/httpd start
g)使用浏览器登录http://192.168.187.169/munin然后单击左侧的dns可查看相关统计数据
本文出自 “张舵主” 博客,转载请与作者联系!
Unbound+Munin自建DNS解析系统