Difference between revisions of "Setting up unbound DNS server"

From Alpine Linux
Jump to: navigation, search
m (Further information)
m (Further information)
Line 64: Line 64:
or use drill, which requires the {{Pkg|drill}} package:  
or use drill, which requires the {{Pkg|drill}} package:  
{{Cmd|drill www.bbc.co.uk @}}
{{Cmd|drill www.bbc.co.uk @}}
= Further information =
= Further information =
Line 72: Line 73:
[https://calomel.org/unbound_dns.html excellent unbound tutorial at calomel.org]
[https://calomel.org/unbound_dns.html excellent unbound tutorial at calomel.org]
[https://wiki.archlinux.org/index.php/Unbound Arch linux wiki page]
General information via the Wikipedia pages on [https://en.wikipedia.org/wiki/Domain_Name_System DNS], [https://en.wikipedia.org/wiki/List_of_DNS_record_types record types], [https://en.wikipedia.org/wiki/Dns_zone zones], [https://en.wikipedia.org/wiki/Name_server name servers] and [https://en.wikipedia.org/wiki/Dnssec DNSsec]  

Revision as of 21:39, 11 November 2013

Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC.


Install the unbound package:

apk add unbound


The following configuration is an example of a caching name server (in a production server, it's recommended to adjust the access-control parameter to limit access to your network). The forward-zone(s) section will forward all DNS queries to the specified servers.

  • /etc/unbound/unbound.conf
        verbosity: 1
## Specify the interface address to listen on:
## To listen on all interfaces use the following line instead
#       interface:
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        access-control: allow
## Other access control examples
#access-control: action
## 'action' should be replaced by any one of:
#deny (drop message)
#refuse (sends  a  DNS  rcode REFUSED error message back)
#allow (recursive ok)
#allow_snoop (recursive and nonrecursive ok).
## Minimum lifetime of cache entries in seconds.  Default is 0.
#cache-min-ttl: 60
## Maximum lifetime of cached entries. Default is 86400 seconds (1  day).
#cache-max-ttl: 172800
        control-enable: no
##enable to not answer id.server and hostname.bind queries. 
        hide-identity: yes
##enable to not answer version.server and version.bind queries. 
        hide-version: yes
## Note for forward zones, the destination servers must be able to handle recursion to other DNS server
## Forward all *.example.com queries to the server at
#        name: "example.com"
#        forward-addr:
## Forward all other queries to the Verizon DNS servers
        name: "."
## Level3 Verizon

Set auto-start, start and test the daemon

Set to auto-start then start unbound:

rc-update add unbound rc-service unbound start

Test, for example:

dig nl.alpinelinux.org @


nslookup www.google.cz @

or use drill, which requires the drill package:

drill www.bbc.co.uk @

Further information

unbound.conf man page

unbound optimization guide

excellent unbound tutorial at calomel.org

General information via the Wikipedia pages on DNS, record types, zones, name servers and DNSsec