Setting up unbound DNS server
Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC.
Install
At the time of writing, unbound is only available in the Edge/Testing repository. To install the package on a system that doesn't already have the edge/testing repository configured:
apk add -X http://nl.alpinelinux.org/alpine/edge/testing -U unbound
If your system already has the edge/testing repository, the following command will work:
apk add unbound
Configure
The following configuration is an example of a server that is not authoritative for a zone (alpinelinux.org in the example below with a subset of the records for alpinelinux.org), but is not (yet) setup with that zone signed for DNSSEC support.
- /etc/unbound/unbound.conf
server:
verbosity: 1
interface: 64.56.207.219
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 allow
include: /etc/unbound/alpinelinux.org.conf
python:
remote-control:
control-enable: no
- /etc/unbound/alpinelinux.org.conf
# Getting things started
local-zone: "alpinelinux.org." static
local-data: "alpinelinux.org. 10800 IN NS ns1.alpinelinux.org."
local-data: "alpinelinux.org. 10800 IN SOA alpinelinux.org. webmaster.alpinelinux.org. 1 3600 1200 604800 10800"
local-data: "ns1.alpinelinux.org. 1080 IN A 64.56.207.219"
local-data: "alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org."
local-data: "lists.alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org."
# Services
local-data: "alpinelinux.org. 10800 IN A 81.175.82.11"
local-data: "mail.alpinelinux.org. 1080 IN A 64.56.207.219"
local-data: "www.alpinelinux.org. 1080 IN A 81.175.82.11"
local-data: "www-prd.alpinelinux.org. 1080 IN A 74.117.189.132"
local-data: "wiki.alpinelinux.org. 1080 IN A 74.117.189.132"
local-data: "lists.alpinelinux.org. 1080 IN A 64.56.207.219"
local-data: "monitor.alpinelinux.org. 1080 IN A 213.234.126.133"
local-data: "bugs.alpinelinux.org. 1080 IN A 81.175.82.11"
# Package mirrors
local-data: "nl.alpinelinux.org. 1080 IN A 81.175.82.11"
local-data: "dl-2.alpinelinux.org. 1080 IN A 208.74.141.33"
local-data: "dl-3.alpinelinux.org. 1080 IN A 74.117.189.132"
local-data: "dl-4.alpinelinux.org. 1080 IN A 64.56.207.216"
# Build Infra
local-data: "rsync.alpinelinux.org. 1080 IN A 81.175.82.11"
local-data: "distfiles.alpinelinux.org. 1080 IN A 91.220.88.29"
local-data: "build-edge.alpinelinux.org. 1080 IN A 91.220.88.23"
local-data: "build64-edge.alpinelinux.org. 1080 IN A 204.152.221.26"
local-data: "build-2-2.alpinelinux.org. 1080 IN A 91.220.88.34"
local-data: "build64-2-2.alpinelinux.org. 1080 IN A 91.220.88.35"
local-data: "build-2-1.alpinelinux.org. 1080 IN A 91.220.88.32"
local-data: "build-2-0.alpinelinux.org. 1080 IN A 91.220.88.31"
local-data: "build-1-10.alpinelinux.org. 1080 IN A 91.220.88.26"
Set auto-start, start and test the daemon
Set to auto-start then start unbound:
rc-update add unbound /etc/init.d/unbound start
Test:
dig nl.alpinelinux.org @64.56.207.219