Support #696
Updated by Daniel Curtis about 9 years ago
This is a guide on installing an authoritative DNS server using the Unbound on Arch Linux.
h2. Prepare the Environment
* Make sure the system is up to date:
<pre>
pacman -Syu
</pre>
h2. Install Unbound
* Install unbound:
<pre>
pacman -S unbound
</pre>
* Create a config from the packaged example:
<pre>
cp /etc/unbound/unbound.conf.example /etc/unbound/unbound.conf
</pre>
* Make a config directory for the various domains served by unbound:
<pre>
mkdir /etc/unbound/conf.d
</pre>
* Create a log file for unbound:
<pre>
touch /etc/unbound/unbound.log
chown unbound:unbound /etc/unbound/unbound.log
</pre>
* Edit the unbound config:
<pre>
vi /etc/unbound/unbound.conf
</pre>
#* And add the following:
<pre>
## Authoritative, validating, recursive caching DNS
server:
verbosity: 1
logfile: "/etc/unbound/unbound.log"
use-syslog: no
username: "unbound"
trust-anchor-file: trusted-key.key
interface: 0.0.0.0
port: 53
do-ip4: yes
do-udp: yes
do-tcp: yes
access-control: 127.0.0.0/8 allow
access-control: 10.0.0.0/16 allow
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 $
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. $
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
include: "/etc/unbound/conf.d/*.conf"
chroot: ""
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes
prefetch: yes
forward-zone:
name: "."
forward-addr: 208.67.222.222
</pre>
* Create an unbound config for the example.com domain:
<pre>
vi /etc/unbound/conf.d/example.com.conf
</pre>
#* And add the following:
<pre>
# example.com domain
local-zone: "example.com." static
local-data: "gateway.example.com. IN A 192.168.55.1"
local-data: "nas.example.com. IN A 192.168.55.2"
local-data: "pc1.example.com. IN A 192.168.55.3"
local-data: "pc2.example.com. IN A 192.168.55.4"
local-data: "wap1.example.com. IN A 192.168.55.5"
local-data: "dhcp1.example.com. IN A 192.168.55.6"
local-data: "dhcp2.example.com. IN A 192.168.55.7"
local-data-ptr: "192.168.55.1 gateway.example.com"
local-data-ptr: "192.168.55.2 nas.example.com"
local-data-ptr: "192.168.55.3 pc1.example.com"
local-data-ptr: "192.168.55.4 pc2.example.com"
local-data-ptr: "192.168.55.5 wap1.example.com"
local-data-ptr: "192.168.55.6 dhcp1.example.com"
local-data-ptr: "192.168.55.7 dhcp2.example.com"
</pre>
* Start and enable unbound at boot:
<pre>
systemctl enable unbound
systemctl start unbound
</pre>
* With unbound configured and running edit the interface netctl config file:
<pre>
vi /etc/netctl/wired
</pre>
#* And change the nameserver to the localhost and the search domain to example.com:
<pre>
DNS=('127.0.0.1')
DNSSearch='example.com'
</pre>
h2. Resources
* https://wiki.archlinux.org/index.php/Unbound