Server Fault
Server Fault

Questions tagged [unbound]

Unbound is an open-source DNSSEC validating DNS resolver.

Unbound is an open-source BSD licensed caching DNS resolver developed by NLnet Labs, and is included in FreeBSD & OpenBSD's base installation.

In addition to validation, Unbound implements many enabled-by-default security features including hardening, cache poisoning prevention and zone overrides. Guides are available in the Documentation for configuration, and the underlying libunbound C library.

Documentation: https://www.unbound.net/documentation/index.html

Unbound(8) https://www.unbound.net/documentation/unbound.html

Unbound.conf(5) https://www.unbound.net/documentation/unbound.conf.html

75 questions
13
votes
3 answers

unbound/nsd returning SERVFAIL resolving local LAN DNS. nsd alone works fine

I've been using unbound as a local recursive DNS server. Just added nsd to set up local LAN DNS. nsd is listening on port 53530 and that works fine: $ dig @127.0.0.1 data2.datanet.home -p 53530 ; <<>> DiG 9.9.2-P2 <<>> @127.0.0.1 data2.datanet.home…
Micah Yoder
  • 340
7
votes
1 answer

Reverse DNS Lookup for 10.* Failing

I am trying to configure NSD and Unbound to handle Internal DNS. I have everything working for forward look ups but reverse looks ups are failing. I am not sure what to do next, but looking at the dig (reverse) response, it has something to do with…
Adz
  • 71
6
votes
2 answers

How does unbound handle multiple forwarders (forward-addr)?

According to https://nlnetlabs.nl/documentation/unbound/unbound.conf/ multiple forwarders can be configured with forward-addr For the forward zone this list of nameservers is used to forward the queries to. The servers listed as forward-host: …
Hannes
  • 337
4
votes
1 answer

Configure LXC to use specific DNS server instead of DNSMASQ

Out of the box, my LXC containers connect to a running instance of dnsmasq, which is started with the lxc-net service. In my case, I am running a local unbound DNS server that connects to a thing called ncdns which lets me browse .bit domains that…
jcarpenter2
  • 263
4
votes
2 answers

Unbound - domains cached only for short time

I recently set up Unbound for DNS caching, along with DNScrypt on Linux Mint 18.1. It works, but I noticed the pages are cached only for short time: First query to google.com - 48ms (domain not cached) Second query to google.com (immediately after…
Liberul
  • 143
4
votes
1 answer

Unbound refuses requests from localhost even though `access-control: 127.0.0.1 allow_snoop`

This is my unbound.conf server: interface: 0.0.0.0 access-control: 10.0.0.0/8 allow_snoop access-control: 127.0.0.1 allow_snoop access-control: 192.168.0.0/16 allow_snoop ... Reading the documentation, it should be enough. And then in…
Cray
  • 210
  • 1
  • 3
  • 9
4
votes
1 answer

Alternative ways to get past 32 rpz zone limit in BIND? ...without running BIND a thousand times

Using BIND RPZs gives me exactly what I'm looking for to alter queries. However, my recursive DNS server is in use by hundreds of clients and I am looking for a way to allow each client some level of customization. There's possibly a couple hundred…
user74078
4
votes
1 answer

Unbound stub-host option not resolving using /etc/hosts

I have unbound running as an validating, caching, recursive dns server and nsd3 running as an authoritative nameserver. It seems like every aspect of both work correctly until I attempt to resolve an address that should be forwarded to nsd3. I've…
Lindenk
  • 152
4
votes
4 answers

How to do views in Unbound DNS Server

How would I use the BIND "views" feature in Unbound? I don't seem to be able to find anything online regarding this.
Richard Hum
  • 185
4
votes
1 answer

Understanding how Unbound listen on Port 53

I have installed unbound on Debian Buster. Now I wonder why unbound listens 2 times on each Protocol. netstat -tulpn tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1150/unbound tcp 0 0 0.0.0.0:53…
Gill-Bates
  • 773
  • 3
  • 14
  • 27
3
votes
1 answer

unbound.conf server option "private-domain" - domain name ending in a dot nor not?

unbound.conf is used to configure Unbound, a caching DNS resolver. The documentation of version 1.6.8 says: Server Options private-domain: Allow this domain, and all its subdomains to contain private addresses. Give…
Fabian
  • 457
3
votes
2 answers

unbound forward zone syntax

I want to configure unbound to lookup certain domain names with an alternative dns server, with forward-zone. The documentation I find have two syntaxes: forward-zone: name: "mynetwork.com." forward-addr: 10.0.0.1 e.g. here or forward-zone: name:…
egwene sedai
  • 133
3
votes
1 answer

How to make Unbound block private IPs in resolved domains (DNS rebinding)

I set up Unbound in my local network as a local DNS resolver. I noticed that it will not filter any private IP addresses in the resolved domains and forward any IP address that a domain resolves to. In order to protect against DNS rebinding, I would…
comfreak
  • 1,570
3
votes
1 answer

Unbound Syntax Error

I am trying to use unbound to forward requests to a pair of dns servers, while answering a small hand full of queries locally. In testing this out, I have built the following configuration at /etc/unbound/conf.d/my.zone.com.conf forward-zone: …
TheWellington
  • 199
3
votes
1 answer

How to do parallel queries to the upstream DNS using Unbound?

Can I configure Unbound as forwarder but that it alway send a query to ALL upstream DNS servers that I configure and take as valid reply the first in arrive? Such feature exist in nsmasq pfSense: In pfSense 1.2.3 and later this behavior has been…
user120858
1
2 3 4 5