Setting up unbound DNS server: Difference between revisions
Ginjachris (talk | contribs) m (→Install) |
Ginjachris (talk | contribs) m (→Configure) |
||
| Line 8: | Line 8: | ||
= Configure = | = Configure = | ||
The following configuration is an example of a caching name server (in a production server, it's recommended to adjust the access-control parameter to limit access to your network). The forward-zone section will forward all DNS queries to the specified servers. | The following configuration is an example of a caching name server (in a production server, it's recommended to adjust the access-control parameter to limit access to your network). The forward-zone(s) section will forward all DNS queries to the specified servers. | ||
* /etc/unbound/unbound.conf | * /etc/unbound/unbound.conf | ||
<pre> | <pre> | ||
| Line 27: | Line 27: | ||
#enable to not answer version.server and version.bind queries. | #enable to not answer version.server and version.bind queries. | ||
hide-version: yes | hide-version: yes | ||
forward-zone: name: "." | ## Forward all *.example.com queries to the server at 192.168.1.1 | ||
#forward-zone: | |||
# name: "example.com" | |||
# forward-addr: 192.168.1.1 | |||
## Forward all other queries to the Verizon DNS servers | |||
forward-zone: | |||
name: "." | |||
#Level3 Verizon | #Level3 Verizon | ||
forward-addr: 4.2.2.1 | forward-addr: 4.2.2.1 | ||
Revision as of 16:14, 11 November 2013
Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC.
Install
Install the unbound package:
apk add unbound
Configure
The following configuration is an example of a caching name server (in a production server, it's recommended to adjust the access-control parameter to limit access to your network). The forward-zone(s) section will forward all DNS queries to the specified servers.
- /etc/unbound/unbound.conf
server:
verbosity: 1
interface: 10.0.0.1
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 allow
python:
remote-control:
control-enable: no
#enable to not answer id.server and hostname.bind queries.
hide-identity: yes
#enable to not answer version.server and version.bind queries.
hide-version: yes
## Forward all *.example.com queries to the server at 192.168.1.1
#forward-zone:
# name: "example.com"
# forward-addr: 192.168.1.1
## Forward all other queries to the Verizon DNS servers
forward-zone:
name: "."
#Level3 Verizon
forward-addr: 4.2.2.1
forward-addr: 4.2.2.4
Set auto-start, start and test the daemon
Set to auto-start then start unbound:
rc-update add unbound rc-service unbound start
Test:
dig nl.alpinelinux.org @10.0.0.1