Project

General

Profile

Support #694

Install a Forwarding DNS Server With Unbound on FreeBSD 9

Added by Daniel Curtis over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Domain Name Server
Target version:
Start date:
10/18/2015
Due date:
% Done:

100%

Estimated time:
1.00 h
Spent time:

Description

This is a guide on installing an authoritative DNS server using the Unbound on FreeBSD 9.

Prepare the Environment

  • Make sure the system is up to date:
    pkg update && pkg upgrade
    

Install Unbound

  • Install unbound:
    pkg install unbound
    
  • Create an unbound config from the installed sample:
    cp /usr/local/etc/unbound/unbound.conf.sample /usr/local/etc/unbound/unbound.conf
    
  • Make a config directory for the various domains served by unbound:
    mkdir /usr/local/etc/unbound/conf.d
    
  • Edit the unbound config:
    vi /usr/local/etc/unbound/unbound.conf
    
    • And add the following:
      ## Authoritative, validating, recursive caching DNS
      server:
          verbosity: 1
          logfile: "/var/log/unbound.log" 
      
          interface: 0.0.0.0
      
          port: 53
      
          do-ip4: yes
          do-udp: yes
          do-tcp: yes
      
          access-control: 127.0.0.0/8 allow
          access-control: 10.0.0.0/16 allow
      
          include: "/usr/local/etc/unbound/conf.d/*.conf" 
      
          chroot: ""    
      
          hide-identity: yes
          hide-version: yes
          harden-glue: yes
          harden-dnssec-stripped: yes
          use-caps-for-id: yes
          prefetch: yes
      
          forward-zone:
             name: "." 
             forward-addr: 208.67.222.222
      
  • Create an unbound config for the example.com domain:
    vi /usr/local/etc/unbound/conf.d/example.com.conf
    
    • And add the following:
      # example.com domain
      local-zone: "example.com." static
      
      local-data: "gateway.example.com.  IN A 192.168.55.1" 
      local-data: "nas.example.com.      IN A 192.168.55.2" 
      local-data: "pc1.example.com.      IN A 192.168.55.3" 
      local-data: "pc2.example.com.      IN A 192.168.55.4" 
      local-data: "wap1.example.com.     IN A 192.168.55.5" 
      local-data: "dhcp1.example.com.    IN A 192.168.55.6" 
      local-data: "dhcp2.example.com.    IN A 192.168.55.7" 
      
      local-data-ptr: "192.168.55.1  gateway.example.com" 
      local-data-ptr: "192.168.55.2  nas.example.com" 
      local-data-ptr: "192.168.55.3  pc1.example.com" 
      local-data-ptr: "192.168.55.4  pc2.example.com" 
      local-data-ptr: "192.168.55.5  wap1.example.com" 
      local-data-ptr: "192.168.55.6  dhcp1.example.com" 
      local-data-ptr: "192.168.55.7  dhcp2.example.com" 
      
  • Start and enable unbound at boot:
    echo 'unbound_enable="YES"' >> /etc/rc.conf
    service unbound start
    
  • With unbound configured and running edit the resolve config file:
    vi /etc/resolv.conf
    
    • And change the nameserver to the localhost:
      nameserver 127.0.0.1
      

Resources


Related issues

Copied from FreeBSD Administration - Support #677: Install an Authoritative DNS Server With Unbound on FreeBSD 10ClosedDaniel Curtis10/18/2015

Actions
#1

Updated by Daniel Curtis over 8 years ago

  • Copied from Support #677: Install an Authoritative DNS Server With Unbound on FreeBSD 10 added
#2

Updated by Daniel Curtis over 8 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 50
#3

Updated by Daniel Curtis over 8 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 50 to 100
#4

Updated by Daniel Curtis over 8 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF