GNet Solutions » GNU/Linux Administration

Support #696

Updated by Daniel Curtis about 9 years ago

This is a guide on installing an authoritative DNS server using the Unbound on FreeBSD 9. 

 h2. Prepare the Environment 

 * Make sure the system is up to date: 
 <pre> 
 pacman -Syu 
 </pre> 

 h2. Install Unbound 

 * Install unbound: 
 <pre> 
 pacman -S unbound 
 </pre> 

 * Make a config directory for the various domains served by unbound: 
 <pre> 
 mkdir /etc/unbound/conf.d 
 </pre> 

 * Edit the unbound config: 
 <pre> 
 vi /etc/unbound/unbound.conf 
 </pre> 
 #* And add the following: 
 <pre> 
 ## Authoritative, validating, recursive caching DNS 
 server: 
     verbosity: 1 
     logfile: "/var/log/unbound.log" 

     use-syslog: yes 
     username: "unbound" 
     directory: "/etc/unbound" 
     trust-anchor-file: trusted-key.key 

     interface: 0.0.0.0 

     port: 53 

     do-ip4: yes 
     do-udp: yes 
     do-tcp: yes 

     access-control: 127.0.0.0/8 allow 
     access-control: 10.0.0.0/16 allow 

     include: "/etc/unbound/conf.d/*.conf" 

     chroot: ""     

     hide-identity: yes 
     hide-version: yes 
     harden-glue: yes 
     harden-dnssec-stripped: yes 
     use-caps-for-id: yes 
     prefetch: yes 

     forward-zone: 
        name: "." 
        forward-addr: 208.67.222.222 
 </pre> 

 * Create an unbound config for the example.com domain: 
 <pre> 
 vi /etc/unbound/conf.d/example.com.conf 
 </pre> 
 #* And add the following: 
 <pre> 
 # example.com domain 
 local-zone: "example.com." static 

 local-data: "gateway.example.com.    IN A 192.168.55.1" 
 local-data: "nas.example.com.        IN A 192.168.55.2" 
 local-data: "pc1.example.com.        IN A 192.168.55.3" 
 local-data: "pc2.example.com.        IN A 192.168.55.4" 
 local-data: "wap1.example.com.       IN A 192.168.55.5" 
 local-data: "dhcp1.example.com.      IN A 192.168.55.6" 
 local-data: "dhcp2.example.com.      IN A 192.168.55.7" 

 local-data-ptr: "192.168.55.1    gateway.example.com" 
 local-data-ptr: "192.168.55.2    nas.example.com" 
 local-data-ptr: "192.168.55.3    pc1.example.com" 
 local-data-ptr: "192.168.55.4    pc2.example.com" 
 local-data-ptr: "192.168.55.5    wap1.example.com" 
 local-data-ptr: "192.168.55.6    dhcp1.example.com" 
 local-data-ptr: "192.168.55.7    dhcp2.example.com" 
 </pre> 

 * Start and enable unbound at boot: 
 <pre> 
 systemctl enable unbound 
 systemctl start unbound 
 </pre> 

 * With unbound configured and running edit the resolve config file: 
 <pre> 
 vi /etc/resolv.conf 
 </pre> 
 #* And change the nameserver to the localhost: 
 <pre> 
 nameserver 127.0.0.1 
 </pre> 
 #* *NOTE*: I needed to disable the systemd-resolved service to prevent the resolv.conf file from being overwritten on every reboot: 
 <pre> 
 systemctl disable systemd-resolved 
 </pre> 

 h2. Resources 

 * https://wiki.archlinux.org/index.php/Unbound

Back