Difference between revisions of "Setting up unbound DNS server"

From Alpine Linux
Jump to: navigation, search
(Created page with "Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC. = Install = At the time of writing, unbound is only available in the Edge/Testing repository....")
 
m (split zone into it's own file)
Line 12: Line 12:
  
 
The following configuration is an example of a server that is authoritative for a zone (alpinelinux.org in the example below with a subset of the records for alpinelinux.org), but is not (yet) setup with that zone signed for DNSSEC support.
 
The following configuration is an example of a server that is authoritative for a zone (alpinelinux.org in the example below with a subset of the records for alpinelinux.org), but is not (yet) setup with that zone signed for DNSSEC support.
 +
* /etc/unbound/unbound.conf
 
<pre>
 
<pre>
 
server:
 
server:
Line 22: Line 23:
 
         do-daemonize: yes
 
         do-daemonize: yes
 
         access-control: 0.0.0.0/0 allow
 
         access-control: 0.0.0.0/0 allow
 
+
        include: /etc/unbound/alpinelinux.org.conf
         # Getting things started
+
python:
 +
remote-control:
 +
         control-enable: no
 +
</pre>
 +
* /etc/unbound/alpinelinux.org.conf
 +
<pre>
 +
      # Getting things started
 
         local-zone: "alpinelinux.org." static
 
         local-zone: "alpinelinux.org." static
 
         local-data: "alpinelinux.org. 10800 IN NS ns1.alpinelinux.org."
 
         local-data: "alpinelinux.org. 10800 IN NS ns1.alpinelinux.org."
Line 57: Line 64:
 
         local-data: "build-2-0.alpinelinux.org. 1080 IN A 91.220.88.31"
 
         local-data: "build-2-0.alpinelinux.org. 1080 IN A 91.220.88.31"
 
         local-data: "build-1-10.alpinelinux.org. 1080 IN A 91.220.88.26"
 
         local-data: "build-1-10.alpinelinux.org. 1080 IN A 91.220.88.26"
python:
 
remote-control:
 
        control-enable: no
 
 
</pre>
 
</pre>
  

Revision as of 17:15, 2 October 2011

Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC.

Install

At the time of writing, unbound is only available in the Edge/Testing repository. To install the package on a system that doesn't already have the edge/testing repository configured:

apk add -X http://nl.alpinelinux.org/alpine/edge/testing -U unbound

If your system already has the edge/testing repository, the following command will work:

apk add unbound

Configure

The following configuration is an example of a server that is authoritative for a zone (alpinelinux.org in the example below with a subset of the records for alpinelinux.org), but is not (yet) setup with that zone signed for DNSSEC support.

  • /etc/unbound/unbound.conf
server:
        verbosity: 1
        interface: 64.56.207.219
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        access-control: 0.0.0.0/0 allow
        include: /etc/unbound/alpinelinux.org.conf
python:
remote-control:
        control-enable: no
  • /etc/unbound/alpinelinux.org.conf
       # Getting things started
        local-zone: "alpinelinux.org." static
        local-data: "alpinelinux.org. 10800 IN NS ns1.alpinelinux.org."
        local-data: "alpinelinux.org. 10800 IN SOA alpinelinux.org.  webmaster.alpinelinux.org. 1 3600 1200 604800 10800"
        local-data: "ns1.alpinelinux.org. 1080 IN A 64.56.207.219"
        local-data: "alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org."
        local-data: "lists.alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org."

        # Services
        local-data: "alpinelinux.org. 10800 IN A 81.175.82.11"
        local-data: "mail.alpinelinux.org. 1080 IN A 64.56.207.219"
        local-data: "www.alpinelinux.org. 1080 IN A 81.175.82.11"
        local-data: "www-prd.alpinelinux.org. 1080 IN A 74.117.189.132"
        local-data: "wiki.alpinelinux.org. 1080 IN A 74.117.189.132"
        local-data: "lists.alpinelinux.org. 1080 IN A 64.56.207.219"
        local-data: "monitor.alpinelinux.org. 1080 IN A 213.234.126.133"
        local-data: "bugs.alpinelinux.org. 1080 IN A 81.175.82.11"

        # Package mirrors
        local-data: "nl.alpinelinux.org. 1080 IN A 81.175.82.11"
        local-data: "dl-2.alpinelinux.org. 1080 IN A 208.74.141.33"
        local-data: "dl-3.alpinelinux.org. 1080 IN A 74.117.189.132"
        local-data: "dl-4.alpinelinux.org. 1080 IN A 64.56.207.216"

        # Build Infra
        local-data: "rsync.alpinelinux.org. 1080 IN A 81.175.82.11"
        local-data: "distfiles.alpinelinux.org. 1080 IN A 91.220.88.29"
        local-data: "build-edge.alpinelinux.org. 1080 IN A 91.220.88.23"
        local-data: "build64-edge.alpinelinux.org. 1080 IN A 204.152.221.26"
        local-data: "build-2-2.alpinelinux.org. 1080 IN A 91.220.88.34"
        local-data: "build64-2-2.alpinelinux.org. 1080 IN A 91.220.88.35"
        local-data: "build-2-1.alpinelinux.org. 1080 IN A 91.220.88.32"
        local-data: "build-2-0.alpinelinux.org. 1080 IN A 91.220.88.31"
        local-data: "build-1-10.alpinelinux.org. 1080 IN A 91.220.88.26"

Set auto-start, start and test the daemon

Set to auto-start then start unbound:

rc-update add unbound /etc/init.d/unbound start

Test:

dig nl.alpinelinux.org @64.56.207.219