Project

General

Profile

Support #694

Install a Forwarding DNS Server With Unbound on FreeBSD 9

Added by Daniel Curtis about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Curtis
Category:
Domain Name Server
Target version:
FreeBSD 9
Start date:
10/18/2015
Due date:
% Done:

100%

Estimated time:
1.00 h
Spent time:
1.50 h

Description

This is a guide on installing an authoritative DNS server using the Unbound on FreeBSD 9.

Prepare the Environment

  • Make sure the system is up to date:
    pkg update && pkg upgrade

Install Unbound

  • Install unbound:
    pkg install unbound
  • Create an unbound config from the installed sample:
    cp /usr/local/etc/unbound/unbound.conf.sample /usr/local/etc/unbound/unbound.conf
  • Make a config directory for the various domains served by unbound:
    mkdir /usr/local/etc/unbound/conf.d
  • Edit the unbound config:
    vi /usr/local/etc/unbound/unbound.conf
    • And add the following:
      ## Authoritative, validating, recursive caching DNS
server:
    verbosity: 1
    logfile: "/var/log/unbound.log" 

    interface: 0.0.0.0

    port: 53

    do-ip4: yes
    do-udp: yes
    do-tcp: yes

    access-control: 127.0.0.0/8 allow
    access-control: 10.0.0.0/16 allow

    include: "/usr/local/etc/unbound/conf.d/*.conf" 

    chroot: ""    

    hide-identity: yes
    hide-version: yes
    harden-glue: yes
    harden-dnssec-stripped: yes
    use-caps-for-id: yes
    prefetch: yes

    forward-zone:
       name: "." 
       forward-addr: 208.67.222.222
  • Create an unbound config for the example.com domain:
    vi /usr/local/etc/unbound/conf.d/example.com.conf
    • And add the following:
      # example.com domain
local-zone: "example.com." static

local-data: "gateway.example.com.  IN A 192.168.55.1" 
local-data: "nas.example.com.      IN A 192.168.55.2" 
local-data: "pc1.example.com.      IN A 192.168.55.3" 
local-data: "pc2.example.com.      IN A 192.168.55.4" 
local-data: "wap1.example.com.     IN A 192.168.55.5" 
local-data: "dhcp1.example.com.    IN A 192.168.55.6" 
local-data: "dhcp2.example.com.    IN A 192.168.55.7" 

local-data-ptr: "192.168.55.1  gateway.example.com" 
local-data-ptr: "192.168.55.2  nas.example.com" 
local-data-ptr: "192.168.55.3  pc1.example.com" 
local-data-ptr: "192.168.55.4  pc2.example.com" 
local-data-ptr: "192.168.55.5  wap1.example.com" 
local-data-ptr: "192.168.55.6  dhcp1.example.com" 
local-data-ptr: "192.168.55.7  dhcp2.example.com"
  • Start and enable unbound at boot:
    echo 'unbound_enable="YES"' >> /etc/rc.conf
service unbound start
  • With unbound configured and running edit the resolve config file:
    vi /etc/resolv.conf
    • And change the nameserver to the localhost:
      nameserver 127.0.0.1

Resources

Related issues

Copied from FreeBSD Administration - Support #677: Install an Authoritative DNS Server With Unbound on FreeBSD 10ClosedDaniel Curtis10/18/2015

Actions

Also available in: Atom PDF