This paper mainly introduces coredns Of unbound The process of compiling and installing plug-ins and common configuration methods .

coredns Official unbound file unbound (coredns.io), as well as unbound The plug-in github Address coredns/unbound: CoreDNS plugin that performs recursive queries using libunbound (github.com), I have already introduced coredns compile Other plug-in methods , Students who need it can review it first .

Besides ,unbound The plug-in is coredns Medium External Plugins, But from the details page we can see Maintained by CoreDNS: CoreDNS maintainers take care of this plugin., This indicates that the plug-in is officially maintained , It has a good guarantee in stability, reliability and subsequent update and maintenance , It should be safe to use .

1、 Configuration environment

To use CGO characteristic , Need to install C/C++ Build tool chain , stay macOS and Linux The following is to install GCC, stay windows The following is to be installed MinGW Tools . At the same time, the environment variables should be guaranteed CGO_ENABLED Set to 1, This means CGO Is the enabled status . When building locally CGO_ENABLED Enabled by default , When cross building CGO It is forbidden by default . For example, cross build ARM The environment is running Go Program , It needs to be set manually C/C++ Cross build tool chains , At the same time open CGO_ENABLED environment variable .

With CentOS8 For example , It's best to install it in advance gcc、unbound-devel and unbound-libs

[/home/coredns]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)

[/home/coredns]# go env | grep "CGO_ENABLED"
CGO_ENABLED="1"

[/home/coredns]# rpm -qa | grep gcc
libgcc-8.4.1-1.el8.x86_64
gcc-8.4.1-1.el8.x86_64
gcc-c++-8.4.1-1.el8.x86_64
gcc-gdb-plugin-8.4.1-1.el8.x86_64

[/home/coredns]# rpm -qa | grep unbound
unbound-devel-1.7.3-15.el8.x86_64
unbound-libs-1.7.3-15.el8.x86_64

If you are using go get Command acquisition unbound The plug-in encountered the following problem , You can refer to this issue Solutions for ：How to fix the issue: unbound.h: No such file or directory · Issue #3 · miekg/unbound (github.com)

[/home/coredns]# go get github.com/coredns/unbound
# github.com/miekg/unbound
../gopath/pkg/mod/github.com/miekg/[email protected]/unbound.go:36:10: fatal error: unbound.h: No such file or directory
   36 | #include <unbound.h>
      |          ^~~~~~~~~~~
compilation terminated.

For red hat Linux It can be installed directly unbound-devel,debian The solution of the system is similar to , The package name may be slightly different （libunbound-dev）.

yum install -y unbound-devel

Then the test found that it was normal

[/home/coredns]# go get github.com/coredns/unbound
go get: added github.com/coredns/unbound v0.0.7
go get: added github.com/miekg/unbound v0.0.0-20210309082708-dbeefb4cdb29

2、 Compilation and installation

Although we go The setting of the environment variable of enables CGO, however coredns Of Makefile Files are disabled by default , Therefore, it is necessary to put CGO_ENABLED Parameters from the default 0 Change it to 1, To enable CGO.

[/home/coredns]# grep "CGO_ENABLED" Makefile
CGO_ENABLED:=1

Then compile and install , After installation, view the... In the current directory coredns Whether the binary file contains unbound Plug-in to determine whether the compilation and installation are completed successfully .

[/home/coredns]# echo "unbound:github.com/coredns/unbound" >> plugin.cfg
[/home/coredns]# go generate
[/home/coredns]# go build
[/home/coredns]# make
CGO_ENABLED=1  go build -v -ldflags="-s -w -X github.com/coredns/coredns/coremain.GitCommit=7b43d042-dirty" -o coredns
[/home/coredns]# ./coredns -plugins | grep unbound
  dns.unbound

Compare whether to compile and install unbound The plug-in coredns, Can be found from the original static binary , It becomes the need to dynamically load dependent Libraries . Therefore, if you need to compile in advance and use it widely , It is best to ensure that the system of the compilation environment is consistent or fully compatible with the final use environment system （ The compiling environment of this article is CentOS8.2, The use environment is RockyLinux8.4）.

[[email protected] coredns]# file coredns.static
coredns.static: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
[[email protected] coredns]# file coredns
coredns: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, stripped

[[email protected] coredns]# file /lib64/ld-linux-x86-64.so.2
/lib64/ld-linux-x86-64.so.2: symbolic link to ld-2.28.so
[[email protected] coredns]# file /lib64/ld-2.28.so
/lib64/ld-2.28.so: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, BuildID[sha1]=04c0b62c6350fa6ec9158369de8b5b489e3d084b, not stripped

If the following error messages are encountered on the running machine , You need to install the... Mentioned above unbound-devel.

[[email protected] sbin]# ./coredns
./coredns: error while loading shared libraries: libunbound.so.2: cannot open shared object file: No such file or directory

3、 Configuration and use

Syntax configuration

unbound [FROM] {
    except IGNORED_NAMES...
    option NAME VALUE
}

• FROM It refers to the domain name that the client requests to resolve , for example blog.tinychen.com and tinychen.com These two FROM All are tinychen.com
• IGNORED_NAMES and except Use it with , Specify not to use unbound Of zone
• option You can add unbound Some parameters supported by itself , You can see unbound.conf Of man Document or view directly Documents on the official website

prometheus monitor

unbound The plug-in provides two monitoring indicators , As long as the corresponding zone enabled Prometheus plug-in unit , Then you can enable these two indicators at the same time ( The monitoring indicators of other plug-ins are the same ), They are ：

• coredns_unbound_request_duration_seconds{server} - duration per query.
• coredns_unbound_response_rcode_count_total{server, rcode} - count of RCODEs.

The data format and content of these two monitoring indicators are the same as coredns Native coredns_dns_request_duration_seconds and coredns_dns_response_rcode_count_total Agreement , Therefore, the relevant monitoring charts can be directly used after simple modification by applying the original ones .

Example

except tinychen.com This domain name is used by others unbound, And open DNS Minimize query functionality （DNS Query Name Minimisation）

. {
    unbound {
        except tinychen.com
        option qname-minimisation yes
    }
    log
    errors
    prometheus 0.0.0.0:9253
    bind 0.0.0.0
    cache {
        success 10240 600 60
        denial 5120 60 5
    }
}