Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [unbound]

Unbound is an open-source DNSSEC validating DNS resolver.

Unbound is an open-source BSD licensed caching DNS resolver developed by NLnet Labs, and is included in FreeBSD & OpenBSD's base installation.

In addition to validation, Unbound implements many enabled-by-default security features including hardening, cache poisoning prevention and zone overrides. Guides are available in the Documentation for configuration, and the underlying libunbound C library.

Documentation: https://www.unbound.net/documentation/index.html

Unbound(8) https://www.unbound.net/documentation/unbound.html

Unbound.conf(5) https://www.unbound.net/documentation/unbound.conf.html

63 questions
12
votes
3 answers

unbound/nsd returning SERVFAIL resolving local LAN DNS. nsd alone works fine

I've been using unbound as a local recursive DNS server. Just added nsd to set up local LAN DNS. nsd is listening on port 53530 and that works fine: $ dig @127.0.0.1 data2.datanet.home -p 53530 ; <<>> DiG 9.9.2-P2 <<>> @127.0.0.1 data2.datanet.home…
Micah Yoder
  • 320
  • 1
  • 2
  • 7
4
votes
2 answers

Unbound - domains cached only for short time

I recently set up Unbound for DNS caching, along with DNScrypt on Linux Mint 18.1. It works, but I noticed the pages are cached only for short time: First query to google.com - 48ms (domain not cached) Second query to google.com (immediately after…
Liberul
  • 143
  • 1
  • 3
4
votes
1 answer

Reverse DNS Lookup for 10.* Failing

I am trying to configure NSD and Unbound to handle Internal DNS. I have everything working for forward look ups but reverse looks ups are failing. I am not sure what to do next, but looking at the dig (reverse) response, it has something to do with…
Adz
  • 41
  • 4
4
votes
1 answer

Alternative ways to get past 32 rpz zone limit in BIND? ...without running BIND a thousand times

Using BIND RPZs gives me exactly what I'm looking for to alter queries. However, my recursive DNS server is in use by hundreds of clients and I am looking for a way to allow each client some level of customization. There's possibly a couple hundred…
user74078
4
votes
1 answer

Unbound stub-host option not resolving using /etc/hosts

I have unbound running as an validating, caching, recursive dns server and nsd3 running as an authoritative nameserver. It seems like every aspect of both work correctly until I attempt to resolve an address that should be forwarded to nsd3. I've…
Lindenk
  • 143
  • 1
  • 4
4
votes
4 answers

How to do views in Unbound DNS Server

How would I use the BIND "views" feature in Unbound? I don't seem to be able to find anything online regarding this.
Richard Hum
  • 185
  • 1
  • 7
4
votes
1 answer

Understanding how Unbound listen on Port 53

I have installed unbound on Debian Buster. Now I wonder why unbound listens 2 times on each Protocol. netstat -tulpn tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1150/unbound tcp 0 0 0.0.0.0:53…
Gill-Bates
  • 489
  • 5
  • 17
3
votes
2 answers

unbound forward zone syntax

I want to configure unbound to lookup certain domain names with an alternative dns server, with forward-zone. The documentation I find have two syntaxes: forward-zone: name: "mynetwork.com." forward-addr: 10.0.0.1 e.g. here or forward-zone: name:…
egwene sedai
  • 133
  • 1
  • 1
  • 5
3
votes
1 answer

Configure LXC to use specific DNS server instead of DNSMASQ

Out of the box, my LXC containers connect to a running instance of dnsmasq, which is started with the lxc-net service. In my case, I am running a local unbound DNS server that connects to a thing called ncdns which lets me browse .bit domains that…
jcarpenter2
  • 233
  • 1
  • 3
  • 14
3
votes
1 answer

How to make Unbound block private IPs in resolved domains (DNS rebinding)

I set up Unbound in my local network as a local DNS resolver. I noticed that it will not filter any private IP addresses in the resolved domains and forward any IP address that a domain resolves to. In order to protect against DNS rebinding, I would…
comfreak
  • 1,451
  • 1
  • 21
  • 32
3
votes
1 answer

Unbound Syntax Error

I am trying to use unbound to forward requests to a pair of dns servers, while answering a small hand full of queries locally. In testing this out, I have built the following configuration at /etc/unbound/conf.d/my.zone.com.conf forward-zone: …
TheWellington
  • 199
  • 2
  • 6
3
votes
1 answer

Unbound refuses requests from localhost even though `access-control: 127.0.0.1 allow_snoop`

This is my unbound.conf server: interface: 0.0.0.0 access-control: 10.0.0.0/8 allow_snoop access-control: 127.0.0.1 allow_snoop access-control: 192.168.0.0/16 allow_snoop ... Reading the documentation, it should be enough. And then in…
Cray
  • 190
  • 2
  • 9
2
votes
0 answers

Unbound DNS Partial Authority of Zone

There is a public domain registered by somebody on the Internet. Let's say "example.com". I need my Unbound server to be partially authoritative for the zone "example.com" for my internal client servers. I want Unbound to serve the following…
Erica993
  • 21
  • 2
2
votes
1 answer

Unbound doesnt start

after installing Unbound apt-get -y install unbound dnsutils su -c "unbound-anchor -a /var/lib/unbound/root.key" - unbound systemctl reload unbound apt-get -y install resolvconf echo "nameserver 127.0.0.1" >>…
Aeris
  • 23
  • 1
  • 1
  • 6
2
votes
1 answer

How can I prevent unbound from restarting?

I'm running unbound version 1.4.22 Every time I run pon or poff (PPPoE connections) unbound restarts, as seen in the unbound logfile. I easily confirm this is the case by repeating a DNS query that was cached just before I ran poff Every time it…
Josh
  • 61
  • 6
1
2 3 4 5