Setting up unbound DNS server

From Alpine Linux
Revision as of 17:15, 2 October 2011 by Jbilyk (talk | contribs) (split zone into it's own file)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Unbound is a validating, recursive, and caching DNS resolver that supports DNSSEC.

Install

At the time of writing, unbound is only available in the Edge/Testing repository. To install the package on a system that doesn't already have the edge/testing repository configured:

apk add -X http://nl.alpinelinux.org/alpine/edge/testing -U unbound

If your system already has the edge/testing repository, the following command will work:

apk add unbound

Configure

The following configuration is an example of a server that is authoritative for a zone (alpinelinux.org in the example below with a subset of the records for alpinelinux.org), but is not (yet) setup with that zone signed for DNSSEC support.

  • /etc/unbound/unbound.conf
server:
        verbosity: 1
        interface: 64.56.207.219
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        access-control: 0.0.0.0/0 allow
        include: /etc/unbound/alpinelinux.org.conf
python:
remote-control:
        control-enable: no
  • /etc/unbound/alpinelinux.org.conf
       # Getting things started
        local-zone: "alpinelinux.org." static
        local-data: "alpinelinux.org. 10800 IN NS ns1.alpinelinux.org."
        local-data: "alpinelinux.org. 10800 IN SOA alpinelinux.org.  webmaster.alpinelinux.org. 1 3600 1200 604800 10800"
        local-data: "ns1.alpinelinux.org. 1080 IN A 64.56.207.219"
        local-data: "alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org."
        local-data: "lists.alpinelinux.org. 1080 IN MX 10 mail.alpinelinux.org."

        # Services
        local-data: "alpinelinux.org. 10800 IN A 81.175.82.11"
        local-data: "mail.alpinelinux.org. 1080 IN A 64.56.207.219"
        local-data: "www.alpinelinux.org. 1080 IN A 81.175.82.11"
        local-data: "www-prd.alpinelinux.org. 1080 IN A 74.117.189.132"
        local-data: "wiki.alpinelinux.org. 1080 IN A 74.117.189.132"
        local-data: "lists.alpinelinux.org. 1080 IN A 64.56.207.219"
        local-data: "monitor.alpinelinux.org. 1080 IN A 213.234.126.133"
        local-data: "bugs.alpinelinux.org. 1080 IN A 81.175.82.11"

        # Package mirrors
        local-data: "nl.alpinelinux.org. 1080 IN A 81.175.82.11"
        local-data: "dl-2.alpinelinux.org. 1080 IN A 208.74.141.33"
        local-data: "dl-3.alpinelinux.org. 1080 IN A 74.117.189.132"
        local-data: "dl-4.alpinelinux.org. 1080 IN A 64.56.207.216"

        # Build Infra
        local-data: "rsync.alpinelinux.org. 1080 IN A 81.175.82.11"
        local-data: "distfiles.alpinelinux.org. 1080 IN A 91.220.88.29"
        local-data: "build-edge.alpinelinux.org. 1080 IN A 91.220.88.23"
        local-data: "build64-edge.alpinelinux.org. 1080 IN A 204.152.221.26"
        local-data: "build-2-2.alpinelinux.org. 1080 IN A 91.220.88.34"
        local-data: "build64-2-2.alpinelinux.org. 1080 IN A 91.220.88.35"
        local-data: "build-2-1.alpinelinux.org. 1080 IN A 91.220.88.32"
        local-data: "build-2-0.alpinelinux.org. 1080 IN A 91.220.88.31"
        local-data: "build-1-10.alpinelinux.org. 1080 IN A 91.220.88.26"

Set auto-start, start and test the daemon

Set to auto-start then start unbound:

rc-update add unbound /etc/init.d/unbound start

Test:

dig nl.alpinelinux.org @64.56.207.219

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Setting_up_unbound_DNS_server&oldid=5757"