Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [unbound]

Unbound is an open-source DNSSEC validating DNS resolver.

Unbound is an open-source BSD licensed caching DNS resolver developed by NLnet Labs, and is included in FreeBSD & OpenBSD's base installation.

In addition to validation, Unbound implements many enabled-by-default security features including hardening, cache poisoning prevention and zone overrides. Guides are available in the Documentation for configuration, and the underlying libunbound C library.

Documentation: https://www.unbound.net/documentation/index.html

Unbound(8) https://www.unbound.net/documentation/unbound.html

Unbound.conf(5) https://www.unbound.net/documentation/unbound.conf.html

63 questions
0
votes
1 answer

Postfix + Unbound for a Single IP Address Only

I'm running in to an issue using zen.spamhaus.org in Postfix. It appears too many people are using the same nameservers I am using .. and I'm getting blocked. What I'd like to do is setup Postfix to use Unbound (in recursive mode). I believe that's…
Dave
  • 35
  • 4
0
votes
0 answers

Unbound DNS - Local-data redirection

I'm running unbound DNS version 1.13.1 (docker image in Ubuntu 20.04) and block ad-sites domain in unbound config. Sample config below. local-zone: "sitename.com" redirect local-data: "sitename.com A 127.0.0.1" As of now, after adding the new…
Akshay
  • 9
  • 1
0
votes
1 answer

Investigate huge recursion delay with Unbound

I am running a recursive DNS resolver with unbound 1.9.0 on Debian Stretch. It periodically logs statistics about the recursion procession times. The latest is: [2195:0] info: server stats for thread 0: 157732 queries, 87671 answers from cache,…
user2233709
  • 1,364
  • 1
  • 9
  • 15
0
votes
0 answers

When does unbound fully drop expired cache

How long it will hold expired cache before dropping it? Is there any way to prefetch expired cached instead of dropping it?
zer09
  • 113
  • 4
0
votes
1 answer

How to whitelist domain in Unbound

I know that sometimes false positive can happen when using public blocklists, that way I want to import/create whitelist to make sure not to block them. I've already checked manual from Unbound and searched but unfortunately didn't found the right…
user134969
  • 389
  • 2
  • 5
  • 17
0
votes
1 answer

Putting a caching nameserver in front of ad

I would like to set up a caching nameserver to meet some requirements in the datacenter. Some of these requirements make me to put this caching nameserver between my servers and AD (e.g. collecting some statistics, managing whole dns things at one…
Çiçek Adam
  • 33
  • 4
0
votes
0 answers

Unbound DNS (Redirection of LAN)

I'm trying to redirect my LAN queries to local DNS server (installed in LAN) instead of default DNS ie 8.8.8.8. I'm using unbound 1.13.1 and tried the following: tried localzone local-zone: "10.in-addr.arpa." transparent domain-insecure:…
Akshay
  • 9
  • 1
0
votes
0 answers

Centos - Unbboud and URIBL_BLOCKED blacklist

I am facing the following problem: My websites have contact forms. People reach out to me via contact form. I receive 1 email after every contact form sent. Since about 1 week Ms Outlook is marking my own emails (sent from my websites) as spam. The…
Pikk
  • 329
  • 1
  • 4
  • 17
0
votes
0 answers

how to implement edns client tagoption code

I've been searching for edns and found these documents. They mention something called client tag and server tag. Is there any way I can implent those tags? Here is my use case: Our product teams have some services that want to query mydomain.com…
Çiçek Adam
  • 33
  • 4
0
votes
0 answers

unbound query logging stops after a period of time

I have configured unbound to log queries. I can see queries in the log for a period of several hours, but ultimately, logging of queries stops, until I reload the service, at which point logging starts again. My limited understanding is that only…
Garreth McDaid
  • 3,399
  • 26
  • 41
0
votes
1 answer

Can't Receive Email - Postfix iRedMail Server Using Spamhaus & Unbound / BIND9 DNS Servers

iRedMail server configured using ISP's DNS servers. Running several years without issue. Moving from current ISP to Starlink. It appears Starlink uses Cloudflare's public DNS. Currently have both ISPs running in parallel until cutover complete.…
BigPines
  • 1
  • 3
0
votes
0 answers

Illumos - configure Unbound to start automatically

I am running Illumos on a production system that is getting the DNS-settings from DHCP, and I would like to use Unbound as a local resolver to resolve hosts over DNS-over-TLS. However, I am not sure about how to automatically start Unbound at boot,…
Orphans
  • 1,404
  • 17
  • 26
0
votes
0 answers

Unbound recursive server not setting AD flag

I am running Unbound 1.9.0 as a recursive caching DNS server for a small branch office. It recurses over TLS towards cloudflare only and it has a typetransparent local-zone (example.com) overriding some of the public records from the public…
ppparadox
  • 131
  • 1
  • 1
  • 5
0
votes
1 answer

Unbound error - unbound.service: Start request repeated too quickly

I am new using unbound. I have a network 192.168.50.1 to 192.168.50.240. And I'd like to use DoH for non cache data. my conf file: # Unbound configuration file for Debian. # # See the unbound.conf(5) man page. # # See…
RGS
  • 101
  • 2
0
votes
0 answers

Unbound not returning A records over IPv6

I recently replaced my pfSense installation with OPNsense and have been struggling a bit with the Unbound installation. In short, it's IPv6 enabled and everything works well (both IPv6 and IPv4) in general. However, it seems to struggle with DNS…
vpetersson
  • 721
  • 9
  • 21
1 2 3
4
5