Setting up unbound DNS server

From Alpine Linux
Revision as of 17:08, 2 October 2011 by Jbilyk (talk | contribs) (Created page with "Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC. = Install = At the time of writing, unbound is only available in the Edge/Testing repository....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC.

Install

At the time of writing, unbound is only available in the Edge/Testing repository. To install the package on a system that doesn't already have the edge/testing repository configured:

apk add -X http://nl.alpinelinux.org/alpine/edge/testing -U unbound

If your system already has the edge/testing repository, the following command will work:

apk add unbound

Configure

The following configuration is an example of a server that is authoritative for a zone (alpinelinux.org in the example below with a subset of the records for alpinelinux.org), but is not (yet) setup with that zone signed for DNSSEC support.

server:
        verbosity: 1
        interface: 64.56.207.219
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        access-control: 0.0.0.0/0 allow

        # Getting things started
        local-zone: "alpinelinux.org." static
        local-data: "alpinelinux.org. 10800 IN NS ns1.alpinelinux.org."
        local-data: "alpinelinux.org. 10800 IN SOA alpinelinux.org.  webmaster.alpinelinux.org. 1 3600 1200 604800 10800"
        local-data: "ns1.alpinelinux.org. 1080 IN A 64.56.207.219"
        local-data: "alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org."
        local-data: "lists.alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org."

        # Services
        local-data: "alpinelinux.org. 10800 IN A 81.175.82.11"
        local-data: "mail.alpinelinux.org. 1080 IN A 64.56.207.219"
        local-data: "www.alpinelinux.org. 1080 IN A 81.175.82.11"
        local-data: "www-prd.alpinelinux.org. 1080 IN A 74.117.189.132"
        local-data: "wiki.alpinelinux.org. 1080 IN A 74.117.189.132"
        local-data: "lists.alpinelinux.org. 1080 IN A 64.56.207.219"
        local-data: "monitor.alpinelinux.org. 1080 IN A 213.234.126.133"
        local-data: "bugs.alpinelinux.org. 1080 IN A 81.175.82.11"

        # Package mirrors
        local-data: "nl.alpinelinux.org. 1080 IN A 81.175.82.11"
        local-data: "dl-2.alpinelinux.org. 1080 IN A 208.74.141.33"
        local-data: "dl-3.alpinelinux.org. 1080 IN A 74.117.189.132"
        local-data: "dl-4.alpinelinux.org. 1080 IN A 64.56.207.216"

        # Build Infra
        local-data: "rsync.alpinelinux.org. 1080 IN A 81.175.82.11"
        local-data: "distfiles.alpinelinux.org. 1080 IN A 91.220.88.29"
        local-data: "build-edge.alpinelinux.org. 1080 IN A 91.220.88.23"
        local-data: "build64-edge.alpinelinux.org. 1080 IN A 204.152.221.26"
        local-data: "build-2-2.alpinelinux.org. 1080 IN A 91.220.88.34"
        local-data: "build64-2-2.alpinelinux.org. 1080 IN A 91.220.88.35"
        local-data: "build-2-1.alpinelinux.org. 1080 IN A 91.220.88.32"
        local-data: "build-2-0.alpinelinux.org. 1080 IN A 91.220.88.31"
        local-data: "build-1-10.alpinelinux.org. 1080 IN A 91.220.88.26"
python:
remote-control:
        control-enable: no

Set auto-start, start and test the daemon

Set to auto-start then start unbound:

rc-update add unbound /etc/init.d/unbound start

Test:

dig nl.alpinelinux.org @64.56.207.219