Difference between revisions of "Setting up unbound DNS server"

From Alpine Linux
Jump to: navigation, search
m (Configure)
(Configure)
Line 14: Line 14:
 
         verbosity: 1
 
         verbosity: 1
 
         interface: 10.0.0.1
 
         interface: 10.0.0.1
 +
## To listen on all interfaces use the following line instead
 +
#      interface: 0.0.0.0
 
         do-ip4: yes
 
         do-ip4: yes
 
         do-ip6: no
 
         do-ip6: no
Line 20: Line 22:
 
         do-daemonize: yes
 
         do-daemonize: yes
 
         access-control: 0.0.0.0/0 allow
 
         access-control: 0.0.0.0/0 allow
 +
## Other access control examples
 +
#access-control: 192.168.1.0/24 action
 +
## 'action' should be replaced by any one of:
 +
#deny (drop message)
 +
#refuse (polite error reply)
 +
#allow (recursive ok)
 +
#allow_snoop (recursive and nonrecursive ok).
 
python:
 
python:
 
remote-control:
 
remote-control:
 
         control-enable: no
 
         control-enable: no
#enable to not answer id.server and hostname.bind queries.  
+
##enable to not answer id.server and hostname.bind queries.  
 
         hide-identity: yes
 
         hide-identity: yes
#enable to not answer version.server and version.bind queries.  
+
##enable to not answer version.server and version.bind queries.  
 
         hide-version: yes
 
         hide-version: yes
## Note for forward zones, the destination servers must be able to handle recursion
+
## Note for forward zones, the destination servers must be able to handle recursion to other DNS server
# to other DNS server
 
 
## Forward all *.example.com queries to the server at 192.168.1.1
 
## Forward all *.example.com queries to the server at 192.168.1.1
 
#forward-zone:
 
#forward-zone:
Line 36: Line 44:
 
forward-zone:       
 
forward-zone:       
 
         name: "."
 
         name: "."
#Level3 Verizon
+
# Level3 Verizon
 
         forward-addr: 4.2.2.1
 
         forward-addr: 4.2.2.1
 
         forward-addr: 4.2.2.4</pre>
 
         forward-addr: 4.2.2.4</pre>

Revision as of 20:04, 11 November 2013

Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC.

Install

Install the unbound package:

apk add unbound

Configure

The following configuration is an example of a caching name server (in a production server, it's recommended to adjust the access-control parameter to limit access to your network). The forward-zone(s) section will forward all DNS queries to the specified servers.

  • /etc/unbound/unbound.conf
server:
        verbosity: 1
        interface: 10.0.0.1
## To listen on all interfaces use the following line instead
#       interface: 0.0.0.0
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        access-control: 0.0.0.0/0 allow
## Other access control examples
#access-control: 192.168.1.0/24 action
## 'action' should be replaced by any one of:
#deny (drop message)
#refuse (polite error reply)
#allow (recursive ok)
#allow_snoop (recursive and nonrecursive ok).
python:
remote-control:
        control-enable: no
##enable to not answer id.server and hostname.bind queries. 
        hide-identity: yes
##enable to not answer version.server and version.bind queries. 
        hide-version: yes
## Note for forward zones, the destination servers must be able to handle recursion to other DNS server
## Forward all *.example.com queries to the server at 192.168.1.1
#forward-zone:
#        name: "example.com"
#        forward-addr: 192.168.1.1
## Forward all other queries to the Verizon DNS servers
forward-zone:      
        name: "."
# Level3 Verizon
        forward-addr: 4.2.2.1
        forward-addr: 4.2.2.4

Set auto-start, start and test the daemon

Set to auto-start then start unbound:

rc-update add unbound rc-service unbound start

Test:

dig nl.alpinelinux.org @10.0.0.1