Setting up unbound DNS server: Difference between revisions

From Alpine Linux
Line 56: Line 56:
= Set auto-start, start and test the daemon =
= Set auto-start, start and test the daemon =


Set to auto-start then start unbound:
Check the configuration for errors:
{{Cmd|unbound-checkconf}}
and if no errors are reported, set to auto-start then start unbound:
{{Cmd|rc-update add unbound
{{Cmd|rc-update add unbound
rc-service unbound start}}
rc-service unbound start}}
Line 65: Line 67:
or use drill, which requires the {{Pkg|drill}} package:  
or use drill, which requires the {{Pkg|drill}} package:  
{{Cmd|drill www.bbc.co.uk @10.0.0.1}}
{{Cmd|drill www.bbc.co.uk @10.0.0.1}}


= Further information =
= Further information =

Revision as of 22:31, 12 November 2013

Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC.

Install

Install the unbound package:

apk add unbound

Configure

The following configuration is an example of a caching name server (in a production server, it's recommended to adjust the access-control parameter to limit access to your network). The forward-zone(s) section will forward all DNS queries to the specified servers.

  • /etc/unbound/unbound.conf
server:
        verbosity: 1
## Specify the interface address to listen on:
        interface: 10.0.0.1
## To listen on all interfaces use the following line instead
#       interface: 0.0.0.0
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        access-control: 0.0.0.0/0 allow
## Other access control examples
#access-control: 192.168.1.0/24 action
## 'action' should be replaced by any one of:
#deny (drop message)
#refuse (sends  a  DNS  rcode REFUSED error message back)
#allow (recursive ok)
#allow_snoop (recursive and nonrecursive ok).
## Minimum lifetime of cache entries in seconds.  Default is 0.
#cache-min-ttl: 60
## Maximum lifetime of cached entries. Default is 86400 seconds (1  day).
#cache-max-ttl: 172800
##enable to not answer id.server and hostname.bind queries. 
        hide-identity: yes
##enable to not answer version.server and version.bind queries. 
        hide-version: yes
python:
remote-control:
        control-enable: no
## Note for forward zones, the destination servers must be able to handle recursion to other DNS server
## Forward all *.example.com queries to the server at 192.168.1.1
#forward-zone:
#        name: "example.com"
#        forward-addr: 192.168.1.1
## Forward all other queries to the Verizon DNS servers
forward-zone:      
        name: "."
## Level3 Verizon
        forward-addr: 4.2.2.1
        forward-addr: 4.2.2.4

Set auto-start, start and test the daemon

Check the configuration for errors:

unbound-checkconf

and if no errors are reported, set to auto-start then start unbound:

rc-update add unbound rc-service unbound start

Test, for example:

dig nl.alpinelinux.org @10.0.0.1

or:

nslookup www.google.cz @10.0.0.1

or use drill, which requires the drill package:

drill www.bbc.co.uk @10.0.0.1

Further information

unbound.conf man page unbound.conf here or here

unbound optimization guide

excellent unbound tutorial at calomel.org

General information via the Wikipedia pages on DNS, record types, zones, name servers and DNSsec