Support #677
Install an Authoritative DNS Server With Unbound on FreeBSD 10
Status:
Closed
Priority:
Normal
Assignee:
Category:
Domain Name Server
Target version:
Description
This is a guide on installing an authoritative DNS server using the Unbound on FreeBSD 10.
Prepare the Environment¶
- Make sure the system is up to date:
pkg update && pkg upgrade
Install Unbound¶
NOTE: Unbound is a part of the FreeBSD base system as of 10.1
- Fetch the named.cache from internic:
cd /var/unbound fetch ftp://ftp.internic.net/domain/named.cache
- Get the
root.keyfrom IANA to verify DNSSEC extensionsunbound-anchor -a "/var/unbound/root.key"
- Fetch the
dlv.isc.org.keyfrom ISC to verify DNSSEC extensionsfetch http://ftp.isc.org/www/dlv/dlv.isc.org.key
- Generate the keys Unbound needs to be safely controlled via unbound-control:
unbound-control-setup
- Create a config file for unbound:
vi /var/unbound/unbound.conf
- And add the following:
## Authoritative, validating, recursive caching DNS server: verbosity: 1 logfile: "/var/log/unbound.log" interface: 0.0.0.0 port: 53 do-ip4: yes do-udp: yes do-tcp: yes access-control: 127.0.0.0/8 allow access-control: 10.0.0.0/16 allow include: "/var/unbound/conf.d/*.conf" root-hints: "/var/unbound/named.cache" hide-identity: yes hide-version: yes harden-glue: yes harden-dnssec-stripped: yes use-caps-for-id: yes prefetch: yes forward-zone: name: "." forward-addr: 208.67.222.222
- And add the following:
- Create an unbound config for the example.com domain:
vi /var/unbound/conf.d/example.com.conf
- And add the following:
# example.com domain local-zone: "example.com." static local-data: "gateway.example.com. IN A 192.168.55.1" local-data: "nas.example.com. IN A 192.168.55.2" local-data: "pc1.example.com. IN A 192.168.55.3" local-data: "pc2.example.com. IN A 192.168.55.4" local-data: "wap1.example.com. IN A 192.168.55.5" local-data: "dhcp1.example.com. IN A 192.168.55.6" local-data: "dhcp2.example.com. IN A 192.168.55.7" local-data-ptr: "192.168.55.1 gateway.example.com" local-data-ptr: "192.168.55.2 nas.example.com" local-data-ptr: "192.168.55.3 pc1.example.com" local-data-ptr: "192.168.55.4 pc2.example.com" local-data-ptr: "192.168.55.5 wap1.example.com" local-data-ptr: "192.168.55.6 dhcp1.example.com" local-data-ptr: "192.168.55.7 dhcp2.example.com"
- And add the following:
- Start and enable unbound at boot:
echo 'local_unbound_enable="YES"' >> /etc/rc.conf service local_unbound start
vi /etc/rc.d/local_unbound
- And set the correct pid file:
pidfile="/var/unbound/unbound.pid"
- With unbound configured and running edit the resolve config file:
vi /etc/resolv.conf
- And change the nameserver to the localhost:
nameserver 127.0.0.1
- And change the nameserver to the localhost:
Resources¶
Related issues
Updated by Daniel Curtis almost 10 years ago
- Tracker changed from Bug to Support
- Status changed from New to In Progress
- % Done changed from 0 to 50
Updated by Daniel Curtis almost 10 years ago
- Description updated (diff)
- Status changed from In Progress to Resolved
- % Done changed from 50 to 100
Updated by Daniel Curtis almost 10 years ago
- Subject changed from Install an Authoritative DNS Server With Unbound on FreeBSD to Install an Authoritative DNS Server With Unbound on FreeBSD 10
Updated by Daniel Curtis almost 10 years ago
- Copied to Support #694: Install a Forwarding DNS Server With Unbound on FreeBSD 9 added