How to Installing and Configure Unbound on Ubuntu Server 12.04

in DNS Server, How To

Unbound is a validating, recursive, and caching DNS resolver. created with C programming and Developed by NLnetlabs . Unbound’s design is a set of modular components which incorporate features including enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver library API as an integral part of the architecture. Originally written for Posix-compatible Unix-like operating system, Unbound currently runs on FreeBSD, OpenBSD, NetBSD, and Linux.

Unbound now available in new version 1.4.18, it was released on August 2 2012. On ubuntu server, unbound packge is available in official ubuntu repository but still in version 1.4.16. The install and configuration of Unbound on Ubuntu Server 12.04 is incredibly easy. Follow the guide How to Installing and Configure Unbound on Ubuntu Server 12.04

Installing Unbound

Login to your ubuntu server using ssh. before installing unbound, make sure your package repositories and installed programs are up to date.

sudo apt-get update

install unbound:

sudo apt-get install unbound

Configure Unbound

Unbound configuration file will be located at /etc/unbound/unbound.conf.

Login as root, Enter to directory /etc/unbound

sudo -i
cd /etc/unbound

Download the latest root DNS hints file from


Run unbound-control-setup to generate the necessary TLS key files


Change owner all file unbound_* in the directory /etc/unbound to (unbound:root = user unbound : group root)

chown unbound:root unbound_*

Change permissions all file unbound_* to 440

chmod 440 unbound_*

Backup old unbound configuration with following command

mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default

Create new file unbound configuration, just copy and paste these config in to terminal:

cat > /etc/unbound/unbound.conf <<-EOF
access-control: allow
access-control: allow
auto-trust-anchor-file: "/var/lib/unbound/root.key"
verbosity: 1
statistics-interval: 120
num-threads: 1
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 16m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
logfile: ""
use-syslog: no
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-localhost: yes
module-config: "iterator"
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A"
local-zone: "" static
local-data: " 10800 IN NS localhost."
local-data: " 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: " 10800 IN PTR localhost."
local-zone: "" static
local-data: " 86400 IN NS"
local-data: " 86400 IN SOA 3 3600 1200 604800 86400"
local-data: " 86400 IN A"
local-data: " 86400 IN A"
local-data: " 86400 IN A" 
local-data: " 86400 IN A"
local-data: " 86400 IN MX 10"
local-data: " 86400 IN TXT v=spf1 a mx ~all"
local-zone: "" static
local-data: " 10800 IN NS"
local-data: " 10800 IN SOA 4 3600 1200 604800 864000"
local-data: " 10800 IN PTR"
name: "."
control-enable: yes
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"

Check unbound configuration with following command:

unbound-checkconf /etc/unbound/unbound.conf
Restart unbound service
service unbound restart

When you restart unbound and get an error messege like this:

* Restarting recursive DNS server unbound
[1351477671] unbound[20492:0] error: bind: address already in use
[1351477671] unbound[20492:0] fatal error: could not open ports

You need stop dnsmasq service.

service dnsmasq stop

If you have installed squid proxy server on your machine, add this option on squid file configuration. then restart squid server.

service squid3 restart

use this command to check unbound performance:

unbound-control stats


Link Reference:

  • minggu dijanuary

    terima kasih banyak atas tutornya… :-)

  • inspire22

    Thanks :) Gotta change ’′ to your local IP address in the config file FYI.

  • isud

    what is ip
    ip public ??

Previous post:

Next post: