0

I want to use Unbound as caching and as my ns1.domain.com nameserver with DNSSEC.

I came across Unbind which looks quite easy to setup and use.

unbound-control local_data "mywebsite.com A 11.22.3.44"

I created a NS entry at my registry for my domain and ns1 pointing to that IP.

Hope that far I didn't make any mistake.

Now I would like to use that same nameserver at home, because I'll import AdAway host in it. Is it possible to split Unbound in two parts (kind of) so there is the caching part and the "my website" part of it?

(As a little addition, any suggested guide to harden/use DNSSEC/DNSCrypt with unbound?)

Thanks for your help!

Jeremy Dicaire
  • 165
  • 1
  • 5
  • 15

1 Answers1

1

Please run separate daemons for authoritative-only DNS (mywebsite.com) and for your (internal) caching resolver. (Not precluding them being on a single machine or even both being BIND, for example.)

Unbound is meant as non-authoritative server only. You may achieve something via local_data etc. but it's ugly, and even worse is the effect that you would run a publicly accessible DNS resolver instance that isn't maintained with that in mind (and thus is misusable to amplificate attacks).

Vladimír Čunát
  • 123
  • 5