Support #696
Updated by Daniel Curtis over 8 years ago
This is a guide on installing an authoritative DNS server using the Unbound on Arch Linux. h2. Prepare the Environment * Make sure the system is up to date: <pre> pacman -Syu </pre> h2. Install Unbound * Install unbound: <pre> pacman -S unbound </pre> * Create a config from the packaged example: <pre> cp /etc/unbound/unbound.conf.example /etc/unbound/unbound.conf </pre> * Make a config directory for the various domains served by unbound: <pre> mkdir /etc/unbound/conf.d </pre> * Create a log file for unbound: <pre> touch /etc/unbound/unbound.log chown unbound:unbound /etc/unbound/unbound.log </pre> * Edit the unbound config: <pre> vi /etc/unbound/unbound.conf </pre> #* And add the following: <pre> ## Authoritative, validating, recursive caching DNS server: verbosity: 1 logfile: "/etc/unbound/unbound.log" "/var/log/unbound.log" use-syslog: no yes username: "unbound" directory: "/etc/unbound" trust-anchor-file: trusted-key.key interface: 0.0.0.0 port: 53 do-ip4: yes do-udp: yes do-tcp: yes access-control: 127.0.0.0/8 allow access-control: 10.0.0.0/16 allow include: "/etc/unbound/conf.d/*.conf" chroot: "" hide-identity: yes hide-version: yes harden-glue: yes harden-dnssec-stripped: yes use-caps-for-id: yes prefetch: yes forward-zone: name: "." forward-addr: 208.67.222.222 </pre> * Create an unbound config for the example.com domain: <pre> vi /etc/unbound/conf.d/example.com.conf </pre> #* And add the following: <pre> # example.com domain local-zone: "example.com." static local-data: "gateway.example.com. IN A 192.168.55.1" local-data: "nas.example.com. IN A 192.168.55.2" local-data: "pc1.example.com. IN A 192.168.55.3" local-data: "pc2.example.com. IN A 192.168.55.4" local-data: "wap1.example.com. IN A 192.168.55.5" local-data: "dhcp1.example.com. IN A 192.168.55.6" local-data: "dhcp2.example.com. IN A 192.168.55.7" local-data-ptr: "192.168.55.1 gateway.example.com" local-data-ptr: "192.168.55.2 nas.example.com" local-data-ptr: "192.168.55.3 pc1.example.com" local-data-ptr: "192.168.55.4 pc2.example.com" local-data-ptr: "192.168.55.5 wap1.example.com" local-data-ptr: "192.168.55.6 dhcp1.example.com" local-data-ptr: "192.168.55.7 dhcp2.example.com" </pre> * Start and enable unbound at boot: <pre> systemctl enable unbound systemctl start unbound </pre> * With unbound configured and running edit the resolve config file: <pre> vi /etc/resolv.conf </pre> #* And change the nameserver to the localhost: <pre> nameserver 127.0.0.1 </pre> #* *NOTE*: I needed to disable the systemd-resolved service and remove to prevent the old resolv.conf file before creating the new resolv.conf: from being overwritten on every reboot: <pre> systemctl disable systemd-resolved rm -rf /etc/resolv.conf </pre> h2. Resources * https://wiki.archlinux.org/index.php/Unbound