Unbound is a validating, recursive, and caching DNS resolver. created with C programming and Developed by NLnetlabs . Unbound’s design is a set of modular components which incorporate features including enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver library API as an integral part of the architecture. Originally written for Posix-compatible Unix-like operating system, Unbound currently runs on FreeBSD, OpenBSD, NetBSD, and Linux.
Unbound now available in new version 1.4.18, it was released on August 2 2012. On ubuntu server, unbound packge is available in official ubuntu repository but still in version 1.4.16. The install and configuration of Unbound on Ubuntu Server 12.04 is incredibly easy. Follow the guide How to Installing and Configure Unbound on Ubuntu Server 12.04
Installing Unbound
Login to your ubuntu server using ssh. before installing unbound, make sure your package repositories and installed programs are up to date.
sudo apt-get update
install unbound:
sudo apt-get install unbound
Configure Unbound
Unbound configuration file will be located at /etc/unbound/unbound.conf.
Login as root, Enter to directory /etc/unbound
sudo -i
cd /etc/unbound
Download the latest root DNS hints file from ftp://ftp.internic.net/domain/named.cache
wget ftp://ftp.internic.net/domain/named.cache
Run unbound-control-setup to generate the necessary TLS key files
unbound-control-setup
Change owner all file unbound_* in the directory /etc/unbound to (unbound:root = user unbound : group root)
chown unbound:root unbound_*
Change permissions all file unbound_* to 440
chmod 440 unbound_*
Backup old unbound configuration with following command
mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default
Create new file unbound configuration, just copy and paste these config in to terminal:
cat > /etc/unbound/unbound.conf <<-EOF server: access-control: 127.0.0.0/8 allow access-control: 192.168.42.0/24 allow auto-trust-anchor-file: "/var/lib/unbound/root.key" verbosity: 1 statistics-interval: 120 num-threads: 1 interface: 0.0.0.0 outgoing-range: 512 num-queries-per-thread: 1024 msg-cache-size: 16m rrset-cache-size: 32m msg-cache-slabs: 4 rrset-cache-slabs: 4 cache-max-ttl: 86400 infra-host-ttl: 60 infra-lame-ttl: 120 infra-cache-numhosts: 10000 infra-cache-lame-size: 10k do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes do-daemonize: yes logfile: "" use-syslog: no identity: "DNS" version: "1.4" hide-identity: yes hide-version: yes harden-glue: yes do-not-query-address: 127.0.0.1/8 do-not-query-localhost: yes module-config: "iterator" local-zone: "localhost." static local-data: "localhost. 10800 IN NS localhost." local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" local-data: "localhost. 10800 IN A 127.0.0.1" local-zone: "127.in-addr.arpa." static local-data: "127.in-addr.arpa. 10800 IN NS localhost." local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800" local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost." local-zone: "ubuntuprecise.net." static local-data: "ubuntuprecise.net. 86400 IN NS ns1.ubuntuprecise.net." local-data: "ubuntuprecise.net. 86400 IN SOA ubuntuprecise.net. proxy.ubuntuprecise.net. 3 3600 1200 604800 86400" local-data: "ubuntuprecise.net. 86400 IN A 192.168.34.4" local-data: "www.ubuntuprecise.net. 86400 IN A 192.168.34.4" local-data: "ns1.ubuntuprecise.net. 86400 IN A 192.168.34.4" local-data: "mail.ubuntuprecise.net. 86400 IN A 192.168.34.4" local-data: "ubuntuprecise.net. 86400 IN MX 10 mail.ubuntuprecise.net." local-data: "ubuntuprecise.net. 86400 IN TXT v=spf1 a mx ~all" local-zone: "42.168.192.in-addr.arpa." static local-data: "42.168.192.in-addr.arpa. 10800 IN NS ubuntuprecise.net." local-data: "42.168.192.in-addr.arpa. 10800 IN SOA ubuntuprecise.net. proxy.ubuntuprecise.net. 4 3600 1200 604800 864000" local-data: "1.42.168.192.in-addr.arpa. 10800 IN PTR ubuntuprecise.net." forward-zone: name: "." forward-addr: 8.8.8.8 forward-addr: 8.8.4.4 forward-addr: 208.67.222.222 forward-addr: 208.67.220.220 remote-control: control-enable: yes control-interface: 127.0.0.1 control-interface: 192.168.42.1 control-port: 953 server-key-file: "/etc/unbound/unbound_server.key" server-cert-file: "/etc/unbound/unbound_server.pem" control-key-file: "/etc/unbound/unbound_control.key" control-cert-file: "/etc/unbound/unbound_control.pem" EOF
Check unbound configuration with following command:
unbound-checkconf /etc/unbound/unbound.conf
service unbound restart
When you restart unbound and get an error messege like this:
* Restarting recursive DNS server unbound [1351477671] unbound[20492:0] error: bind: address already in use [1351477671] unbound[20492:0] fatal error: could not open ports
You need stop dnsmasq service.
service dnsmasq stop
If you have installed squid proxy server on your machine, add this option on squid file configuration. then restart squid server.
dns_nameservers 127.0.0.1 192.168.42.1
service squid3 restart
use this command to check unbound performance:
unbound-control stats
Note:
Link Reference:
Tags: #DNS #DNS Resolver #Ubuntu Server 12.04 #Unbound
Related Post "How to Installing and Configure Unbound on Ubuntu Server 12.04"
