Difference between revisions of "Setting up unbound DNS server"

From Alpine Linux
Jump to: navigation, search
m (useful little word "not" :))
(remove the zone data, unbound is far more useful as caching-only)
Line 3: Line 3:
 
= Install =
 
= Install =
  
At the time of writing, unbound is only available in the Edge/Testing repository.  To install the package on a system that doesn't already have the edge/testing repository configured:
+
Install the package:
{{Cmd|apk add -X http://nl.alpinelinux.org/alpine/edge/testing -U unbound}}
 
 
 
If your system already has the edge/testing repository, the following command will work:
 
 
{{Cmd|apk add unbound}}
 
{{Cmd|apk add unbound}}
  
 
= Configure =
 
= Configure =
  
The following configuration is an example of a server that is not authoritative for a zone (alpinelinux.org in the example below with a subset of the records for alpinelinux.org), but is not (yet) setup with that zone signed for DNSSEC support.
+
The following configuration is an example of a caching name server (in a production server, it's recommended to adjust the access-control parameter to limit to your network).
 
* /etc/unbound/unbound.conf
 
* /etc/unbound/unbound.conf
 
<pre>
 
<pre>
 
server:
 
server:
 
         verbosity: 1
 
         verbosity: 1
         interface: 64.56.207.219
+
         interface: 10.0.0.1
 
         do-ip4: yes
 
         do-ip4: yes
 
         do-ip6: no
 
         do-ip6: no
Line 23: Line 20:
 
         do-daemonize: yes
 
         do-daemonize: yes
 
         access-control: 0.0.0.0/0 allow
 
         access-control: 0.0.0.0/0 allow
        include: /etc/unbound/alpinelinux.org.conf
 
 
python:
 
python:
 
remote-control:
 
remote-control:
 
         control-enable: no
 
         control-enable: no
</pre>
 
* /etc/unbound/alpinelinux.org.conf
 
<pre>
 
      # Getting things started
 
        local-zone: "alpinelinux.org." static
 
        local-data: "alpinelinux.org. 10800 IN NS ns1.alpinelinux.org."
 
        local-data: "alpinelinux.org. 10800 IN SOA alpinelinux.org.  webmaster.alpinelinux.org. 1 3600 1200 604800 10800"
 
        local-data: "ns1.alpinelinux.org. 1080 IN A 64.56.207.219"
 
        local-data: "alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org."
 
        local-data: "lists.alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org."
 
 
        # Services
 
        local-data: "alpinelinux.org. 10800 IN A 81.175.82.11"
 
        local-data: "mail.alpinelinux.org. 1080 IN A 64.56.207.219"
 
        local-data: "www.alpinelinux.org. 1080 IN A 81.175.82.11"
 
        local-data: "www-prd.alpinelinux.org. 1080 IN A 74.117.189.132"
 
        local-data: "wiki.alpinelinux.org. 1080 IN A 74.117.189.132"
 
        local-data: "lists.alpinelinux.org. 1080 IN A 64.56.207.219"
 
        local-data: "monitor.alpinelinux.org. 1080 IN A 213.234.126.133"
 
        local-data: "bugs.alpinelinux.org. 1080 IN A 81.175.82.11"
 
 
        # Package mirrors
 
        local-data: "nl.alpinelinux.org. 1080 IN A 81.175.82.11"
 
        local-data: "dl-2.alpinelinux.org. 1080 IN A 208.74.141.33"
 
        local-data: "dl-3.alpinelinux.org. 1080 IN A 74.117.189.132"
 
        local-data: "dl-4.alpinelinux.org. 1080 IN A 64.56.207.216"
 
 
        # Build Infra
 
        local-data: "rsync.alpinelinux.org. 1080 IN A 81.175.82.11"
 
        local-data: "distfiles.alpinelinux.org. 1080 IN A 91.220.88.29"
 
        local-data: "build-edge.alpinelinux.org. 1080 IN A 91.220.88.23"
 
        local-data: "build64-edge.alpinelinux.org. 1080 IN A 204.152.221.26"
 
        local-data: "build-2-2.alpinelinux.org. 1080 IN A 91.220.88.34"
 
        local-data: "build64-2-2.alpinelinux.org. 1080 IN A 91.220.88.35"
 
        local-data: "build-2-1.alpinelinux.org. 1080 IN A 91.220.88.32"
 
        local-data: "build-2-0.alpinelinux.org. 1080 IN A 91.220.88.31"
 
        local-data: "build-1-10.alpinelinux.org. 1080 IN A 91.220.88.26"
 
 
</pre>
 
</pre>
  
Line 72: Line 31:
 
/etc/init.d/unbound start}}
 
/etc/init.d/unbound start}}
 
Test:
 
Test:
{{Cmd|dig nl.alpinelinux.org @64.56.207.219}}
+
{{Cmd|dig nl.alpinelinux.org @10.0.0.1}}

Revision as of 11:25, 1 January 2012

Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC.

Install

Install the package:

apk add unbound

Configure

The following configuration is an example of a caching name server (in a production server, it's recommended to adjust the access-control parameter to limit to your network).

  • /etc/unbound/unbound.conf
server:
        verbosity: 1
        interface: 10.0.0.1
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        access-control: 0.0.0.0/0 allow
python:
remote-control:
        control-enable: no

Set auto-start, start and test the daemon

Set to auto-start then start unbound:

rc-update add unbound /etc/init.d/unbound start

Test:

dig nl.alpinelinux.org @10.0.0.1