zeldor.biz

Linux, programming and more

Copyright © 2023
Log in

Unbound DNS-Server

August 9, 2011 by Igor Drobot 1 Comment

Unbound is a validating, recursive, and caching DNS server alternative to BIND(Berkeley Internet Name Daemon) its a software product from NLnet Labs, VeriSign, Nominet, and Kirei. And of course its open source under BSD license.

Unbound supports DNSSEC(DNS security extensions ), which authenticate DNS lookups and data transfer but are not yet widely deployed.

Quick Debian way installation:

1
aptitude update && aptitude install unbound

aptitude update && aptitude install unbound

After installation unbound will be automatically started, “/etc/default/unbound” configuration file should contain a “true”

1
UNBOUND_ENABLE=true

UNBOUND_ENABLE=true

BTW found a little bug in version “1.4.6-1” if you disable unbound UNBOUND_ENABLE=false you cannot stop the running service…

By default, unbound will listen for and respond to requests for DNS queries only on the localhost interface IPv4=”127.0.0.1″ and IPv6=”::1″

If you want to change this behavior you can modify the unbound configuration file and add additional addresses or networks:

1
2
3
4
5
6
7
8
vim /etc/unbound/unbound.conf
# Allow requests from 172.16.18.0/24
access-control: 172.16.18.0/24 allow
# Deny requests from one single host
access-control: 172.16.18.254 refuse 
# Allow requests from single host 192.168.1.2
access-control: 192.168.1.2 allow
# Allow

vim /etc/unbound/unbound.conf # Allow requests from 172.16.18.0/24 access-control: 172.16.18.0/24 allow # Deny requests from one single host access-control: 172.16.18.254 refuse # Allow requests from single host 192.168.1.2 access-control: 192.168.1.2 allow # Allow

Logging not to syslog:

1
2
3
4
mkdir /var/log/unbound
chown unbound:root /var/log/unbound
# add to /etc/unbound/unbound.conf
logfile: "/var/log/unbound/unbound.log"

mkdir /var/log/unbound chown unbound:root /var/log/unbound # add to /etc/unbound/unbound.conf logfile: "/var/log/unbound/unbound.log"

Security section:
Hide version of the installed unbound version

1
hide-version: yes

hide-version: yes

Local resolving:

1
2
cat /etc/resolv.conf
nameserver 127.0.0.1

cat /etc/resolv.conf nameserver 127.0.0.1

Filed Under: Linux, Networking Tagged With: DNS, dns resolving, DNS Server, dnssec, resolution, Unbound

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Comments

  1. MATHEW says

    October 10, 2018 at 15:34

    Hey
    I am using unbound and it is a delight.
    But i have a problem with the logging
    i have followed the steps .
    But i get an error in logging
    It SAYS PERMISSION DENIED: CANNOT OPEN LOG FILE

Leave a Reply

Your email address will not be published. Required fields are marked *