How to Installing and Configure Unbound on Ubuntu Server 12.04

Unbound is a validating, recursive, and caching DNS resolver. created with C programming and Developed by NLnetlabs . Unbound’s design is a set of modular components which incorporate features including enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver library API as an integral part of the architecture. Originally written for Posix-compatible Unix-like operating system, Unbound currently runs on FreeBSD, OpenBSD, NetBSD, and Linux.

Unbound now available in new version 1.4.18, it was released on August 2 2012. On ubuntu server, unbound packge is available in official ubuntu repository but still in version 1.4.16. The install and configuration of Unbound on Ubuntu Server 12.04 is incredibly easy. Follow the guide How to Installing and Configure Unbound on Ubuntu Server 12.04

Installing Unbound

Login to your ubuntu server using ssh. before installing unbound, make sure your package repositories and installed programs are up to date.

sudo apt-get update

install unbound:

sudo apt-get install unbound

Configure Unbound

Unbound configuration file will be located at /etc/unbound/unbound.conf.

Login as root, Enter to directory /etc/unbound

sudo -i
cd /etc/unbound

Download the latest root DNS hints file from ftp://ftp.internic.net/domain/named.cache

wget ftp://ftp.internic.net/domain/named.cache

Run unbound-control-setup to generate the necessary TLS key files

unbound-control-setup

Change owner all file unbound_* in the directory /etc/unbound to (unbound:root = user unbound : group root)

chown unbound:root unbound_*

Change permissions all file unbound_* to 440

chmod 440 unbound_*

Backup old unbound configuration with following command

mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default

Create new file unbound configuration, just copy and paste these config in to terminal:

cat > /etc/unbound/unbound.conf <<-EOF
server:
access-control: 127.0.0.0/8 allow
access-control: 192.168.42.0/24 allow
auto-trust-anchor-file: "/var/lib/unbound/root.key"
verbosity: 1
statistics-interval: 120
num-threads: 1
interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 16m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
logfile: ""
use-syslog: no
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
local-zone: "ubuntuprecise.net." static
local-data: "ubuntuprecise.net. 86400 IN NS ns1.ubuntuprecise.net."
local-data: "ubuntuprecise.net. 86400 IN SOA ubuntuprecise.net. proxy.ubuntuprecise.net. 3 3600 1200 604800 86400"
local-data: "ubuntuprecise.net. 86400 IN A 192.168.34.4"
local-data: "www.ubuntuprecise.net. 86400 IN A 192.168.34.4"
local-data: "ns1.ubuntuprecise.net. 86400 IN A 192.168.34.4" 
local-data: "mail.ubuntuprecise.net. 86400 IN A 192.168.34.4"
local-data: "ubuntuprecise.net. 86400 IN MX 10 mail.ubuntuprecise.net."
local-data: "ubuntuprecise.net. 86400 IN TXT v=spf1 a mx ~all"
local-zone: "42.168.192.in-addr.arpa." static
local-data: "42.168.192.in-addr.arpa. 10800 IN NS ubuntuprecise.net."
local-data: "42.168.192.in-addr.arpa. 10800 IN SOA ubuntuprecise.net. proxy.ubuntuprecise.net. 4 3600 1200 604800 864000"
local-data: "1.42.168.192.in-addr.arpa. 10800 IN PTR ubuntuprecise.net."
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-interface: 192.168.42.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
EOF

Check unbound configuration with following command:

unbound-checkconf /etc/unbound/unbound.conf
Restart unbound service
service unbound restart

When you restart unbound and get an error messege like this:

* Restarting recursive DNS server unbound
[1351477671] unbound[20492:0] error: bind: address already in use
[1351477671] unbound[20492:0] fatal error: could not open ports

You need stop dnsmasq service.

service dnsmasq stop

If you have installed squid proxy server on your machine, add this option on squid file configuration. then restart squid server.

dns_nameservers 127.0.0.1 192.168.42.1
service squid3 restart

use this command to check unbound performance:

unbound-control stats

Note:

Link Reference:

Tags: #DNS #DNS Resolver #Ubuntu Server 12.04 #Unbound

How to Upgrade Ubuntu Server 12.04 to Ubuntu Server 14.04 LTS
How to Upgrade Ubuntu Server 12.04 to Ubuntu Server 14.04 LTS
This tutorial will describes how to upgrade
How to Setup OwnCloud Server 5 with SSL Connection
How to Setup OwnCloud Server 5 with SSL Connection
Today ownCloud is the best cloud storage
  • minggu dijanuary

    terima kasih banyak atas tutornya… :-)

  • inspire22

    Thanks :) Gotta change ‘192.168.42.1’ to your local IP address in the config file FYI.

  • isud

    what is ip 192.168.34.4
    ip public ??

Must read×

Top