Project

General

Profile

Support #677

Install an Authoritative DNS Server With Unbound on FreeBSD 10

Added by Daniel Curtis about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Curtis
Category:
Domain Name Server
Target version:
FreeBSD 10
Start date:
10/18/2015
Due date:
% Done:

100%

Estimated time:
1.00 h
Spent time:
1.00 h

Description

This is a guide on installing an authoritative DNS server using the Unbound on FreeBSD 10.

Prepare the Environment

  • Make sure the system is up to date:
    pkg update && pkg upgrade

Install Unbound

NOTE: Unbound is a part of the FreeBSD base system as of 10.1

  • Fetch the named.cache from internic:
    cd /var/unbound
fetch ftp://ftp.internic.net/domain/named.cache
  • Get the root.key from IANA to verify DNSSEC extensions
    unbound-anchor -a "/var/unbound/root.key"
  • Fetch the dlv.isc.org.key from ISC to verify DNSSEC extensions
    fetch http://ftp.isc.org/www/dlv/dlv.isc.org.key
  • Generate the keys Unbound needs to be safely controlled via unbound-control:
    unbound-control-setup
  • Create a config file for unbound:
    vi /var/unbound/unbound.conf
    • And add the following:
      ## Authoritative, validating, recursive caching DNS
server:
    verbosity: 1
    logfile: "/var/log/unbound.log" 

    interface: 0.0.0.0

    port: 53

    do-ip4: yes
    do-udp: yes
    do-tcp: yes

    access-control: 127.0.0.0/8 allow
    access-control: 10.0.0.0/16 allow

    include: "/var/unbound/conf.d/*.conf" 

    root-hints: "/var/unbound/named.cache" 

    hide-identity: yes
    hide-version: yes
    harden-glue: yes
    harden-dnssec-stripped: yes
    use-caps-for-id: yes
    prefetch: yes

    forward-zone:
       name: "." 
       forward-addr: 208.67.222.222
  • Create an unbound config for the example.com domain:
    vi /var/unbound/conf.d/example.com.conf
    • And add the following:
      # example.com domain
local-zone: "example.com." static

local-data: "gateway.example.com.  IN A 192.168.55.1" 
local-data: "nas.example.com.      IN A 192.168.55.2" 
local-data: "pc1.example.com.      IN A 192.168.55.3" 
local-data: "pc2.example.com.      IN A 192.168.55.4" 
local-data: "wap1.example.com.     IN A 192.168.55.5" 
local-data: "dhcp1.example.com.    IN A 192.168.55.6" 
local-data: "dhcp2.example.com.    IN A 192.168.55.7" 

local-data-ptr: "192.168.55.1  gateway.example.com" 
local-data-ptr: "192.168.55.2  nas.example.com" 
local-data-ptr: "192.168.55.3  pc1.example.com" 
local-data-ptr: "192.168.55.4  pc2.example.com" 
local-data-ptr: "192.168.55.5  wap1.example.com" 
local-data-ptr: "192.168.55.6  dhcp1.example.com" 
local-data-ptr: "192.168.55.7  dhcp2.example.com"
  • Start and enable unbound at boot:
    echo 'local_unbound_enable="YES"' >> /etc/rc.conf
service local_unbound start
NOTE: I needed to edit the local_unbound init script
vi /etc/rc.d/local_unbound
  • And set the correct pid file:
    pidfile="/var/unbound/unbound.pid"
  • With unbound configured and running edit the resolve config file:
    vi /etc/resolv.conf
    • And change the nameserver to the localhost:
      nameserver 127.0.0.1

Resources

Related issues

Copied to FreeBSD Administration - Support #694: Install a Forwarding DNS Server With Unbound on FreeBSD 9ClosedDaniel Curtis10/18/2015

Actions

Also available in: Atom PDF