I have created a Compile-Unbound.sh script
#!/bin/bash
# Variables
BASEDIR=$(dirname "$0")
localsrc="/usr/local/src"
ub_log="/var/log/unbound"
ub="unbound-1.12.0"
opnssl="openssl-1.1.1h"
libmnl="libmnl-1.0.4"
libnghttp2="nghttp2-1.41.0"
# Download required software
function dwnlsw() {
ubsrc="https://nlnetlabs.nl/downloads/unbound/$ub.tar.gz"
opensslsrc="https://www.openssl.org/source/$opnssl.tar.gz"
libmnlsrc="https://www.netfilter.org/projects/libmnl/files/$libmnl.tar.bz2"
libnghttp2src="https://github.com/nghttp2/nghttp2/releases/download/v1.41.0/$libnghttp2.tar.gz"
wget -P $localsrc $ubsrc $opensslsrc $libmnlsrc $libnghttp2src
}
# Unpack software
function extractsw() {
tar -xvf $localsrc/$ub.tar.gz -C $localsrc
tar -xvf $localsrc/$opnssl.tar.gz -C $localsrc
tar -xvf $localsrc/$libmnl.tar.bz2 -C $localsrc
tar -xvf $localsrc/$libnghttp2.tar.gz -C $localsrc
}
# Install needed software from repo
function installfromrepo() {
yum install -y epel-release ;
yum install -y expat-devel libmnl libevent-devel openssl-devel systemd-devel hiredis-devel python3 python3-devel swig systemd-timesyncd ;
yum groupinstall -y "Development Tools" ;
yum erase -y unbound
alternatives --set python /usr/bin/python3
}
# Add unbound user and group
function adduser() {
useradd -M unbound
usermod -L unbound
groupadd unbound
usermod -a -G unbound unbound
}
# Compile OpenSSL
function compileopenssl() {
cd $localsrc/$opnssl ; ./config ; make ; make install
}
# Compile libmnl
function compilelibmnl() {
cd $localsrc/$libmnl ; ./configure ; make ; make install
}
# Compile libnghttp2
function compilelibnghttp2() {
cd $localsrc/$libnghttp2 ; ./configure ; make ; make install
}
# Compile Unbound
function compileub() {
cd $localsrc/$ub ; ./configure --prefix=/usr --sysconfdir=/etc --disable-static --with-pidfile=/etc/unbound/unbound.pid --with-username=unbound --with-ssl --with-libexpat=/usr --with-libmnl --with-libevent --with-pthreads --with-libhiredis --with-libnghttp2 --with-pyunbound --with-pythonmodule --enable-cachedb --enable-checking --enable-subnet --enable-ipset ; make; make install
}
# Install systemd function
function ubsystemd() {
cp unbound.service /usr/lib/systemd/system/unbound.service
systemctl daemon-reload
systemctl stop systemd-resolved.service
systemctl disable systemd-resolved.service
systemctl enable --now systemd-timesyncd.service
systemctl enable unbound.service
systemctl start unbound.service
}
# Create logfile
function ublogfile() {
touch /var/log/unbound/unbound.log
chown unbound:unbound /var/log/unbound/unbound.log
}
# Setup function. Runs the above functions
function setup() {
mkdir $ub_log
dwnlsw
extractsw | tee $ub_log/untar_software.log
installfromrepo | tee $ub_log/install_dependencies.log
compileopenssl | tee $ub_log/compile_openssl.log
compilelibmnl | tee $ub_log/compile_limnl.log
compilelibnghttp2 | tee $ub_log/compile_libnghttp2.log
adduser
compileub | tee $ub_log/compile_unbound.log
ublogfile
ubsystemd
echo ""
echo "logs can be found in $ub_log!!"
echo ""
}
# Run setup function
if [ -e /etc/centos-release ]; then
if [ $(whoami) != "root" ]; then
echo "please run as root"
else
setup
fi
else
echo "Your distribution is not supported!"
echo "This script is only supported on CentOS 8"
fiCreate unbound.service and place it in /usr/lib/systemd/system/
[Unit]
Description=Unbound DNS server
After=network-online.target
Before=nss-lookup.target
Wants=network-online.target nss-lookup.target
[Install]
WantedBy=multi-user.target
[Service]
Type=simple
PIDFile=/etc/unbound/unbound.pid
ExecStart=/usr/sbin/unbound -c /etc/unbound/unbound.conf
ExecReload=+/bin/kill -HUP $MAINPID
ExecStop=+/bin/kill -TERM $MAINPID
#KillMode=process
#Restart=on-failure