Project

General

Profile

Support #696

Install a Forwarding DNS Server With Unbound on Arch

Added by Daniel Curtis about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Domain Name Server
Target version:
Start date:
11/15/2015
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:

Description

This is a guide on installing a forwarding DNS server using the Unbound on Arch Linux.

Prepare the Environment

  • Make sure the system is up to date:
    pacman -Syu
    

Install Unbound

  • Install unbound:
    pacman -S unbound
    
  • Make a config directory for the various domains served by unbound:
    mkdir /etc/unbound/conf.d
    
  • Create a log file for unbound:
    touch /var/log/unbound.log
    chown unbound:unbound /var/log/unbound.log
    
  • Set the unbound config files ownership to the unbound user:
    chown -R unbound:unbound /etc/unbound
    
  • Edit the unbound config:
    vi /etc/unbound/unbound.conf
    
    • And add the following:
      ## Forwarding, validating, recursive caching DNS
      server:
          verbosity: 1
          logfile: "/var/log/unbound.log" 
          use-syslog: no
          username: "unbound" 
          trust-anchor-file: trusted-key.key
      
          interface: 0.0.0.0
          port: 53
      
          do-ip4: yes
          do-udp: yes
          do-tcp: yes
      
          access-control: 127.0.0.0/8 allow
          access-control: 10.0.0.0/16 allow
      
              local-zone: "localhost." static
              local-data: "localhost. 10800 IN NS localhost." 
              local-data: "localhost. 10800 IN A 127.0.0.1" 
              local-zone: "127.in-addr.arpa." static
              local-data: "127.in-addr.arpa. 10800 IN NS localhost." 
              local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost." 
      
              include: "/etc/unbound/conf.d/*.conf" 
      
          chroot: ""    
      
          hide-identity: yes
          hide-version: yes
          harden-glue: yes
          harden-dnssec-stripped: yes
          use-caps-for-id: yes
          prefetch: yes
      
          forward-zone:
             name: "." 
             forward-addr: 208.67.222.222
      
  • Create an unbound config for the example.com domain:
    vi /etc/unbound/conf.d/example.com.conf
    
    • And add the following:
      # example.com domain
      local-zone: "example.com." static
      
      local-data: "gateway.example.com.  IN A 192.168.55.1" 
      local-data: "nas.example.com.      IN A 192.168.55.2" 
      local-data: "pc1.example.com.      IN A 192.168.55.3" 
      local-data: "pc2.example.com.      IN A 192.168.55.4" 
      local-data: "wap1.example.com.     IN A 192.168.55.5" 
      local-data: "dhcp1.example.com.    IN A 192.168.55.6" 
      local-data: "dhcp2.example.com.    IN A 192.168.55.7" 
      
      local-data-ptr: "192.168.55.1  gateway.example.com" 
      local-data-ptr: "192.168.55.2  nas.example.com" 
      local-data-ptr: "192.168.55.3  pc1.example.com" 
      local-data-ptr: "192.168.55.4  pc2.example.com" 
      local-data-ptr: "192.168.55.5  wap1.example.com" 
      local-data-ptr: "192.168.55.6  dhcp1.example.com" 
      local-data-ptr: "192.168.55.7  dhcp2.example.com" 
      
  • Start and enable unbound at boot:
    systemctl enable unbound
    systemctl start unbound
    
  • With unbound configured and running edit the interface netctl config file:
    vi /etc/netctl/wired
    
    • And change the nameserver to the localhost and the search domain to example.com:
      DNS=('127.0.0.1')
      DNSSearch='example.com'
      

Resources

Also available in: Atom PDF