Support #677
Install an Authoritative DNS Server With Unbound on FreeBSD 10
Status:
Closed
Priority:
Normal
Assignee:
Category:
Domain Name Server
Target version:
Description
This is a guide on installing an authoritative DNS server using the Unbound on FreeBSD 10.
Prepare the Environment¶
- Make sure the system is up to date:
pkg update && pkg upgrade
Install Unbound¶
NOTE: Unbound is a part of the FreeBSD base system as of 10.1
- Fetch the named.cache from internic:
cd /var/unbound fetch ftp://ftp.internic.net/domain/named.cache
- Get the
root.key
from IANA to verify DNSSEC extensionsunbound-anchor -a "/var/unbound/root.key"
- Fetch the
dlv.isc.org.key
from ISC to verify DNSSEC extensionsfetch http://ftp.isc.org/www/dlv/dlv.isc.org.key
- Generate the keys Unbound needs to be safely controlled via unbound-control:
unbound-control-setup
- Create a config file for unbound:
vi /var/unbound/unbound.conf
- And add the following:
## Authoritative, validating, recursive caching DNS server: verbosity: 1 logfile: "/var/log/unbound.log" interface: 0.0.0.0 port: 53 do-ip4: yes do-udp: yes do-tcp: yes access-control: 127.0.0.0/8 allow access-control: 10.0.0.0/16 allow include: "/var/unbound/conf.d/*.conf" root-hints: "/var/unbound/named.cache" hide-identity: yes hide-version: yes harden-glue: yes harden-dnssec-stripped: yes use-caps-for-id: yes prefetch: yes forward-zone: name: "." forward-addr: 208.67.222.222
- And add the following:
- Create an unbound config for the example.com domain:
vi /var/unbound/conf.d/example.com.conf
- And add the following:
# example.com domain local-zone: "example.com." static local-data: "gateway.example.com. IN A 192.168.55.1" local-data: "nas.example.com. IN A 192.168.55.2" local-data: "pc1.example.com. IN A 192.168.55.3" local-data: "pc2.example.com. IN A 192.168.55.4" local-data: "wap1.example.com. IN A 192.168.55.5" local-data: "dhcp1.example.com. IN A 192.168.55.6" local-data: "dhcp2.example.com. IN A 192.168.55.7" local-data-ptr: "192.168.55.1 gateway.example.com" local-data-ptr: "192.168.55.2 nas.example.com" local-data-ptr: "192.168.55.3 pc1.example.com" local-data-ptr: "192.168.55.4 pc2.example.com" local-data-ptr: "192.168.55.5 wap1.example.com" local-data-ptr: "192.168.55.6 dhcp1.example.com" local-data-ptr: "192.168.55.7 dhcp2.example.com"
- And add the following:
- Start and enable unbound at boot:
echo 'local_unbound_enable="YES"' >> /etc/rc.conf service local_unbound start
vi /etc/rc.d/local_unbound
- And set the correct pid file:
pidfile="/var/unbound/unbound.pid"
- With unbound configured and running edit the resolve config file:
vi /etc/resolv.conf
- And change the nameserver to the localhost:
nameserver 127.0.0.1
- And change the nameserver to the localhost:
Resources¶
Related issues
Updated by Daniel Curtis about 9 years ago
- Tracker changed from Bug to Support
- Status changed from New to In Progress
- % Done changed from 0 to 50
Updated by Daniel Curtis about 9 years ago
- Description updated (diff)
- Status changed from In Progress to Resolved
- % Done changed from 50 to 100
Updated by Daniel Curtis about 9 years ago
- Subject changed from Install an Authoritative DNS Server With Unbound on FreeBSD to Install an Authoritative DNS Server With Unbound on FreeBSD 10
Updated by Daniel Curtis about 9 years ago
- Copied to Support #694: Install a Forwarding DNS Server With Unbound on FreeBSD 9 added