![]() etc/unbound/unbound_server.key: No such file or directory Now, as a sanity check, we want to run the unbound-checkconf command, which checks the syntax of our configuration file. In this example, I'm just going to forward everything out to a couple of DNS servers on the Internet: forward-zone: Note that we could forward specific domains to specific DNS servers. Then add an entry to your nf file to let Unbound know where the hints file goes: # file to read root hints from.įinally, we want to add at least one entry that tells Unbound where to forward requests to for recursion. My preference is usually to go ahead and put it where the other unbound related files are in /etc/unbound: wget -O /etc/unbound/root.hints It is easiest to download it directly where you want it. ![]() If you were going to use this Unbound server as an authoritative DNS server, you would also want to make sure you have a root hints file, which is the zone file for the root DNS servers. These can be any type of record you need locally but note again that since these are all in the main configuration file, you might want to configure them as stub zones if you need authoritative records for more than a few hosts (see above). If you want or need to use your Unbound server as an authoritative server, you can add a set of local-zone entries that look like this: local-zone: “forest.local.” static Now I’m going to add my local authoritative BIND server as a stub-zone: stub-zone: We also want to add an exception for local, unsecured domains that aren't using DNSSEC validation: domain-insecure: "forest.local" It's a good basic practice to be specific when we can: Access-control: 127.0.0.0/8 allow # (allow queries from the local host) We're going to limit access to the local subnets we're using. Next, we may want to control who is allowed to use our DNS server. If you have more than one interface in your server and need to manage where DNS is available, you would put the address of the interface here. Here, the 0 entry indicates that we'll be accepting DNS queries on all interfaces. In this section, we'll work on the basic configuration of Unbound.įirst find and uncomment these two entries in nf: interface: 0.0.0.0 We looked at what Unbound is, and we discussed how to install it. In part 1 of this article, I introduced you to Unbound, a great name resolution option for home labs and small network environments. How well do you know Linux? Take a quiz and get a badge.Linux system administration skills assessment.A guide to installing applications on Linux.Download RHEL 9 at no charge through the Red Hat Developer program.
0 Comments
Leave a Reply. |