dns unbound + mikrotik
server:
verbosity: 1
statistics-interval: 120
num-threads: 1
interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 16m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#zone warnet-sudiro.net
local-zone: "warnet-sudiro.net." static
local-data: "warnet-sudiro.net. 86400 IN NS ns1.warnet-sudiro.net."
local-data: "warnet-sudiro.net. 86400 IN SOA warnet-sudiro.net. hostmaster.warnet-sudiro.net. 3 3600 1200 604800 86400"
local-data: "warnet-sudiro.net. 86400 IN A 192.168.100.2"
local-data: "www.warnet-sudiro.net. 86400 IN A 192.168.100.2"
local-data: "ns1.warnet-sudiro.net. 86400 IN A 192.168.100.2"
local-data: "mail.warnet-sudiro.net. 86400 IN A 192.168.100.5"
local-data: "warnet-sudiro.net. 86400 IN MX 10 mail.warnet-sudiro.net."
local-data: "warnet-sudiro.net. 86400 IN TXT v=spf1 a mx ~all"
local-zone: "100.168.192.in-addr.arpa." static
local-data: "100.168.192.in-addr.arpa. 10800 IN NS warnet-sudiro.net."
local-data: "100.168.192.in-addr.arpa. 10800 IN SOA warnet-sudiro.net. hostmaster.warnet-sudiro.net. 4 3600 1200 604800 864000"
local-data: "2.100.168.192.in-addr.arpa. 10800 IN PTR warnet-sudiro.net."
forward-zone:
name: "."
forward-addr: 202.134.1.10
forward-addr: 222.124.204.34
forward-addr: 202.134.0.155
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
########################################
ubuntu conf
/etc/resolv.conf
nameserver 127.0.0.1
nameserver 192.168.3.29
###################
mikrotik---
/ip firewall nat
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \
dst-port=53 in-interface=Local protocol=udp to-addresses=192.168.100.2 \
to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=Local protocol=tcp to-addresses=192.168.100.2 to-ports=53
---------------------
ovaj conf radi na obincom routeru ali na mikrotiku ne radi!
sta treba dodati u firewall mikrotik ? hvala
 |  |
 |
Re: dns unbound + mikrotik