Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [unbound]

Unbound is an open-source DNSSEC validating DNS resolver.

Unbound is an open-source BSD licensed caching DNS resolver developed by NLnet Labs, and is included in FreeBSD & OpenBSD's base installation.

In addition to validation, Unbound implements many enabled-by-default security features including hardening, cache poisoning prevention and zone overrides. Guides are available in the Documentation for configuration, and the underlying libunbound C library.

Documentation: https://www.unbound.net/documentation/index.html

Unbound(8) https://www.unbound.net/documentation/unbound.html

Unbound.conf(5) https://www.unbound.net/documentation/unbound.conf.html

63 questions
2
votes
1 answer

DNS - Unbound - How to provide different IP for a server based on client network

We have an intranet DNS server using Unbound in FreeBSD. We have another file server with multiple network IP, First one is 10.10.10.10 and Second one in 192.168.10.10. Is there any way that DNS server provide different IP for this file server…
iamsumesh
  • 145
  • 6
2
votes
2 answers

How does unbound handle multiple forwarders (forward-addr)?

According to https://nlnetlabs.nl/documentation/unbound/unbound.conf/ multiple forwarders can be configured with forward-addr For the forward zone this list of nameservers is used to forward the queries to. The servers listed as forward-host: …
Hannes
  • 157
  • 8
2
votes
0 answers

Unbound block list , How to know from query log that if domain blocked or not?

I have configured an Unbound server with domain block list, blocking works perfectly fine. But from the query log, i can only see that blocked domain is queried, that's it. I tired with server: local-zone: "00009483.com" always_refuse and increased…
James Arems
  • 81
  • 4
2
votes
0 answers

Bind9 vs Unbound. Which is better for VPN node and why?

I am currently in the process of developing a VPN service. One of the necessary things for a proper VPN node is a DNS server that will prevent DNS leaks, and whilst working on this project I stumbled upon two well-known DNS servers: Bind9 and…
hancack
  • 31
  • 2
2
votes
1 answer

Unbound can't seem to read certificate files for DNS-over-TLS, gets "Permission denied"

I'm trying to set up DNS-over-TLS (DoT) with unbound resolver. i.e. I'm trying to encrypt the connection between the client and unbound I'm NOT trying to encrypt the unbound resolver → upstream connection, which many guides on the internet are…
hayalci
  • 3,611
  • 3
  • 25
  • 37
1
vote
1 answer

unbound periodically stops working

I have been using unbound as a caching DNS server forwarding to dnscrypt-proxy and it was working relatively well for a while (years, although about a year or so with dnscrypt-proxy) requiring no restarts for upwards of 30 days (roughly the time…
Walter
  • 243
  • 2
  • 6
1
vote
0 answers

Dig +trace not working, while +notrace works

I am trying to troubleshoot some DNS issues and I am starting by trying to trace my DNS lookups using dig +trace. Im getting some weird results. If do a normal dig to my unbound resolver. dig @192.168.20.1 +notrace pfsense.org I get a normal…
Marc Henning
  • 11
  • 1
  • 2
1
vote
0 answers

Unbound config to forward unknow local subdomain name

I am currently on a local aera network where no loop-back is allowed meaning that I cannot reach my public IP address from the local network. Several services need to be migrated in my local area network whilst keeping the domain name because we…
Gazoline
  • 11
  • 2
1
vote
0 answers

Unbound forward-zones of subdomains overlap

I have a subdomain (imap) that is accessible from an external network and I have some subdomains (file-drive) that are only accessible form the internal network. I do not have access to the dns-server of the university. I tried to use different…
Charlie
  • 111
  • 3
1
vote
0 answers

unbound.conf server option "private-domain" - domain name ending in a dot nor not?

unbound.conf is used to configure Unbound, a caching DNS resolver. The documentation of version 1.6.8 says: Server Options private-domain: Allow this domain, and all its subdomains to contain private addresses. Give…
Fabian
  • 335
  • 3
  • 16
1
vote
0 answers

Unbound DNS: how to ask forwarders only after direct NS query is failed

By default, Unbound DNS server works by "classic" scheme: queries root servers for zone NS records, then queries NS'es for A/AAAA/... Sometime (rarely) connectivity between my DNS and target NS'es is failed, but target NS'es are still available from…
user2743554
  • 357
  • 3
  • 12
1
vote
2 answers

Are search domains from resolv.conf used only for A/AAAA queries?

Are the user provided search domains from resolv.conf used only for A/AAAA queries ? Are they used for any other purpose ?
Manohar
  • 229
  • 4
  • 10
1
vote
1 answer

unbound not forwarding query to another recursive DNS server

I'm trying to use unbound to forward DNS queries to other recursive DNS server. My unbound.conf looks like: forward-zone: name: "." forward-addr:x.x.x.x forward-addr:x.x.x.x forward-addr:x.x.x.x But when I use the command # unbound-control lookup…
FELDAP
  • 909
  • 2
  • 10
  • 22
1
vote
0 answers

Puppet odd issue - Error 400 on SERVER: Duplicate declaration: Unbound::Record[host.example.com] is already declared in file

Hope someone could help me with my issue ) So, I have several VHost which managed by puppet, including DNS (unbound). One vhost was deleted some time ago and and recreated recently with new IP address (I can't use old IP :( ). But, when puppet…
Serge
  • 11
  • 2
1
vote
3 answers

Resolving route53 private hosted zone cnames internally

We have a DNS server outside of AWS, inside we have route53 with some private hosted zones. I want cnames on the private hosted zones to be available internally (when you access them inside the office). Due to my limited experience with DNS, I'm not…
DorianT
  • 11
  • 1
  • 4
1
2
3 4 5