Project

General

Profile

Support #677

Install an Authoritative DNS Server With Unbound on FreeBSD 10

Added by Daniel Curtis about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Domain Name Server
Target version:
Start date:
10/18/2015
Due date:
% Done:

100%

Estimated time:
1.00 h
Spent time:

Description

This is a guide on installing an authoritative DNS server using the Unbound on FreeBSD 10.

Prepare the Environment

  • Make sure the system is up to date:
    pkg update && pkg upgrade
    

Install Unbound

NOTE: Unbound is a part of the FreeBSD base system as of 10.1

  • Fetch the named.cache from internic:
    cd /var/unbound
    fetch ftp://ftp.internic.net/domain/named.cache
    
  • Get the root.key from IANA to verify DNSSEC extensions
    unbound-anchor -a "/var/unbound/root.key" 
    
  • Fetch the dlv.isc.org.key from ISC to verify DNSSEC extensions
    fetch http://ftp.isc.org/www/dlv/dlv.isc.org.key
    
  • Generate the keys Unbound needs to be safely controlled via unbound-control:
    unbound-control-setup
    
  • Create a config file for unbound:
    vi /var/unbound/unbound.conf
    
    • And add the following:
      ## Authoritative, validating, recursive caching DNS
      server:
          verbosity: 1
          logfile: "/var/log/unbound.log" 
      
          interface: 0.0.0.0
      
          port: 53
      
          do-ip4: yes
          do-udp: yes
          do-tcp: yes
      
          access-control: 127.0.0.0/8 allow
          access-control: 10.0.0.0/16 allow
      
          include: "/var/unbound/conf.d/*.conf" 
      
          root-hints: "/var/unbound/named.cache" 
      
          hide-identity: yes
          hide-version: yes
          harden-glue: yes
          harden-dnssec-stripped: yes
          use-caps-for-id: yes
          prefetch: yes
      
          forward-zone:
             name: "." 
             forward-addr: 208.67.222.222
      
  • Create an unbound config for the example.com domain:
    vi /var/unbound/conf.d/example.com.conf
    
    • And add the following:
      # example.com domain
      local-zone: "example.com." static
      
      local-data: "gateway.example.com.  IN A 192.168.55.1" 
      local-data: "nas.example.com.      IN A 192.168.55.2" 
      local-data: "pc1.example.com.      IN A 192.168.55.3" 
      local-data: "pc2.example.com.      IN A 192.168.55.4" 
      local-data: "wap1.example.com.     IN A 192.168.55.5" 
      local-data: "dhcp1.example.com.    IN A 192.168.55.6" 
      local-data: "dhcp2.example.com.    IN A 192.168.55.7" 
      
      local-data-ptr: "192.168.55.1  gateway.example.com" 
      local-data-ptr: "192.168.55.2  nas.example.com" 
      local-data-ptr: "192.168.55.3  pc1.example.com" 
      local-data-ptr: "192.168.55.4  pc2.example.com" 
      local-data-ptr: "192.168.55.5  wap1.example.com" 
      local-data-ptr: "192.168.55.6  dhcp1.example.com" 
      local-data-ptr: "192.168.55.7  dhcp2.example.com" 
      
  • Start and enable unbound at boot:
    echo 'local_unbound_enable="YES"' >> /etc/rc.conf
    service local_unbound start
    
NOTE: I needed to edit the local_unbound init script
vi /etc/rc.d/local_unbound
  • And set the correct pid file:
    pidfile="/var/unbound/unbound.pid" 
    
  • With unbound configured and running edit the resolve config file:
    vi /etc/resolv.conf
    
    • And change the nameserver to the localhost:
      nameserver 127.0.0.1
      

Resources


Related issues

Copied to FreeBSD Administration - Support #694: Install a Forwarding DNS Server With Unbound on FreeBSD 9ClosedDaniel Curtis10/18/2015

Actions

Also available in: Atom PDF