Setting up unbound DNS server: Difference between revisions
m (split zone into it's own file) |
m (useful little word "not" :)) |
||
Line 11: | Line 11: | ||
= Configure = | = Configure = | ||
The following configuration is an example of a server that is authoritative for a zone (alpinelinux.org in the example below with a subset of the records for alpinelinux.org), but is not (yet) setup with that zone signed for DNSSEC support. | The following configuration is an example of a server that is not authoritative for a zone (alpinelinux.org in the example below with a subset of the records for alpinelinux.org), but is not (yet) setup with that zone signed for DNSSEC support. | ||
* /etc/unbound/unbound.conf | * /etc/unbound/unbound.conf | ||
<pre> | <pre> |
Revision as of 22:10, 5 October 2011
Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC.
Install
At the time of writing, unbound is only available in the Edge/Testing repository. To install the package on a system that doesn't already have the edge/testing repository configured:
apk add -X http://nl.alpinelinux.org/alpine/edge/testing -U unbound
If your system already has the edge/testing repository, the following command will work:
apk add unbound
Configure
The following configuration is an example of a server that is not authoritative for a zone (alpinelinux.org in the example below with a subset of the records for alpinelinux.org), but is not (yet) setup with that zone signed for DNSSEC support.
- /etc/unbound/unbound.conf
server: verbosity: 1 interface: 64.56.207.219 do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes do-daemonize: yes access-control: 0.0.0.0/0 allow include: /etc/unbound/alpinelinux.org.conf python: remote-control: control-enable: no
- /etc/unbound/alpinelinux.org.conf
# Getting things started local-zone: "alpinelinux.org." static local-data: "alpinelinux.org. 10800 IN NS ns1.alpinelinux.org." local-data: "alpinelinux.org. 10800 IN SOA alpinelinux.org. webmaster.alpinelinux.org. 1 3600 1200 604800 10800" local-data: "ns1.alpinelinux.org. 1080 IN A 64.56.207.219" local-data: "alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org." local-data: "lists.alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org." # Services local-data: "alpinelinux.org. 10800 IN A 81.175.82.11" local-data: "mail.alpinelinux.org. 1080 IN A 64.56.207.219" local-data: "www.alpinelinux.org. 1080 IN A 81.175.82.11" local-data: "www-prd.alpinelinux.org. 1080 IN A 74.117.189.132" local-data: "wiki.alpinelinux.org. 1080 IN A 74.117.189.132" local-data: "lists.alpinelinux.org. 1080 IN A 64.56.207.219" local-data: "monitor.alpinelinux.org. 1080 IN A 213.234.126.133" local-data: "bugs.alpinelinux.org. 1080 IN A 81.175.82.11" # Package mirrors local-data: "nl.alpinelinux.org. 1080 IN A 81.175.82.11" local-data: "dl-2.alpinelinux.org. 1080 IN A 208.74.141.33" local-data: "dl-3.alpinelinux.org. 1080 IN A 74.117.189.132" local-data: "dl-4.alpinelinux.org. 1080 IN A 64.56.207.216" # Build Infra local-data: "rsync.alpinelinux.org. 1080 IN A 81.175.82.11" local-data: "distfiles.alpinelinux.org. 1080 IN A 91.220.88.29" local-data: "build-edge.alpinelinux.org. 1080 IN A 91.220.88.23" local-data: "build64-edge.alpinelinux.org. 1080 IN A 204.152.221.26" local-data: "build-2-2.alpinelinux.org. 1080 IN A 91.220.88.34" local-data: "build64-2-2.alpinelinux.org. 1080 IN A 91.220.88.35" local-data: "build-2-1.alpinelinux.org. 1080 IN A 91.220.88.32" local-data: "build-2-0.alpinelinux.org. 1080 IN A 91.220.88.31" local-data: "build-1-10.alpinelinux.org. 1080 IN A 91.220.88.26"
Set auto-start, start and test the daemon
Set to auto-start then start unbound:
rc-update add unbound /etc/init.d/unbound start
Test:
dig nl.alpinelinux.org @64.56.207.219