Support #696: Install a Forwarding DNS Server With Unbound on Arch - GNU/Linux Administration - ALT Project Management

Support #696

Install a Forwarding DNS Server With Unbound on Arch

Added by Daniel Curtis over 8 years ago. Updated over 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Daniel Curtis

Category:

Domain Name Server

Target version:

Arch Linux

Start date:

11/15/2015

Due date:

% Done:

100%

Estimated time:

0.50 h

Spent time:

2.00 h

Description

This is a guide on installing a forwarding DNS server using the Unbound on Arch Linux.

Prepare the Environment¶

Make sure the system is up to date:
```
pacman -Syu
```

Install Unbound¶

Install unbound:
```
pacman -S unbound
```

Make a config directory for the various domains served by unbound:
```
mkdir /etc/unbound/conf.d
```

Create a log file for unbound:

touch /var/log/unbound.log
chown unbound:unbound /var/log/unbound.log

Set the unbound config files ownership to the unbound user:
```
chown -R unbound:unbound /etc/unbound
```

Edit the unbound config:

vi /etc/unbound/unbound.conf

And add the following:

## Forwarding, validating, recursive caching DNS
server:
    verbosity: 1
    logfile: "/var/log/unbound.log" 
    use-syslog: no
    username: "unbound" 
    trust-anchor-file: trusted-key.key

    interface: 0.0.0.0
    port: 53

    do-ip4: yes
    do-udp: yes
    do-tcp: yes

    access-control: 127.0.0.0/8 allow
    access-control: 10.0.0.0/16 allow

        local-zone: "localhost." static
        local-data: "localhost. 10800 IN NS localhost." 
        local-data: "localhost. 10800 IN A 127.0.0.1" 
        local-zone: "127.in-addr.arpa." static
        local-data: "127.in-addr.arpa. 10800 IN NS localhost." 
        local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost." 

        include: "/etc/unbound/conf.d/*.conf" 

    chroot: ""    

    hide-identity: yes
    hide-version: yes
    harden-glue: yes
    harden-dnssec-stripped: yes
    use-caps-for-id: yes
    prefetch: yes

    forward-zone:
       name: "." 
       forward-addr: 208.67.222.222

Create an unbound config for the example.com domain:

vi /etc/unbound/conf.d/example.com.conf

And add the following:

# example.com domain
local-zone: "example.com." static

local-data: "gateway.example.com.  IN A 192.168.55.1" 
local-data: "nas.example.com.      IN A 192.168.55.2" 
local-data: "pc1.example.com.      IN A 192.168.55.3" 
local-data: "pc2.example.com.      IN A 192.168.55.4" 
local-data: "wap1.example.com.     IN A 192.168.55.5" 
local-data: "dhcp1.example.com.    IN A 192.168.55.6" 
local-data: "dhcp2.example.com.    IN A 192.168.55.7" 

local-data-ptr: "192.168.55.1  gateway.example.com" 
local-data-ptr: "192.168.55.2  nas.example.com" 
local-data-ptr: "192.168.55.3  pc1.example.com" 
local-data-ptr: "192.168.55.4  pc2.example.com" 
local-data-ptr: "192.168.55.5  wap1.example.com" 
local-data-ptr: "192.168.55.6  dhcp1.example.com" 
local-data-ptr: "192.168.55.7  dhcp2.example.com"

Start and enable unbound at boot:

systemctl enable unbound
systemctl start unbound

With unbound configured and running edit the interface netctl config file:
```
vi /etc/netctl/wired
```
- And change the nameserver to the localhost and the search domain to example.com:
```
DNS=('127.0.0.1')
DNSSearch='example.com'
```