Unbound is a validating, recursive, and caching DNS server alternative to BIND(Berkeley Internet Name Daemon) its a software product from NLnet Labs, VeriSign, Nominet, and Kirei. And of course its open source under BSD license.
Unbound supports DNSSEC(DNS security extensions ), which authenticate DNS lookups and data transfer but are not yet widely deployed.
Quick Debian way installation:
1 | aptitude update && aptitude install unbound |
After installation unbound will be automatically started, “/etc/default/unbound” configuration file should contain a “true”
1 | UNBOUND_ENABLE=true |
BTW found a little bug in version “1.4.6-1” if you disable unbound UNBOUND_ENABLE=false you cannot stop the running service…
By default, unbound will listen for and respond to requests for DNS queries only on the localhost interface IPv4=”127.0.0.1″ and IPv6=”::1″
If you want to change this behavior you can modify the unbound configuration file and add additional addresses or networks:
1 2 3 4 5 6 7 8 | vim /etc/unbound/unbound.conf # Allow requests from 172.16.18.0/24 access-control: 172.16.18.0/24 allow # Deny requests from one single host access-control: 172.16.18.254 refuse # Allow requests from single host 192.168.1.2 access-control: 192.168.1.2 allow # Allow |
Logging not to syslog:
1 2 3 4 | mkdir /var/log/unbound chown unbound:root /var/log/unbound # add to /etc/unbound/unbound.conf logfile: "/var/log/unbound/unbound.log" |
Security section:
Hide version of the installed unbound version
1 | hide-version: yes |
Local resolving:
1 2 | cat /etc/resolv.conf nameserver 127.0.0.1 |
Hey
I am using unbound and it is a delight.
But i have a problem with the logging
i have followed the steps .
But i get an error in logging
It SAYS PERMISSION DENIED: CANNOT OPEN LOG FILE