Unbound is a validating, recursive, and caching DNS server alternative to BIND(Berkeley Internet Name Daemon) its a software product from NLnet Labs, VeriSign, Nominet, and Kirei. And of course its open source under BSD license.
Unbound supports DNSSEC(DNS security extensions ), which authenticate DNS lookups and data transfer but are not yet widely deployed.
Quick Debian way installation:
aptitude update && aptitude install unbound
After installation unbound will be automatically started, “/etc/default/unbound” configuration file should contain a “true”
BTW found a little bug in version “1.4.6-1” if you disable unbound UNBOUND_ENABLE=false you cannot stop the running service…
By default, unbound will listen for and respond to requests for DNS queries only on the localhost interface IPv4=”127.0.0.1″ and IPv6=”::1″
If you want to change this behavior you can modify the unbound configuration file and add additional addresses or networks:
1 2 3 4 5 6 7 8
vim /etc/unbound/unbound.conf # Allow requests from 172.16.18.0/24 access-control: 172.16.18.0/24 allow # Deny requests from one single host access-control: 172.16.18.254 refuse # Allow requests from single host 192.168.1.2 access-control: 192.168.1.2 allow # Allow
Logging not to syslog:
1 2 3 4
mkdir /var/log/unbound chown unbound:root /var/log/unbound # add to /etc/unbound/unbound.conf logfile: "/var/log/unbound/unbound.log"
Hide version of the installed unbound version
cat /etc/resolv.conf nameserver 127.0.0.1