This howto shows the steps needed to configure unbound for DNS caching and forwarding from the 192.168.1.0/24 network. It assumes the server’s IP address is 192.168.1.22 and is running RHEL/CentOS 7.
Installation
[root@rhce-server ~]# yum install unbound
Configure Systemd
[root@rhce-server ~]# systemctl enable unbound
ln -s ‘/usr/lib/systemd/system/unbound.service’ ‘/etc/systemd/system/multi-user.target.wants/unbound.service’
[root@rhce-server ~]# ^enable^start
systemctl start unbound
Configure the Firewall
[root@rhce-server ~]# firewall-cmd –add-service=dns
success
[root@rhce-server ~]# firewall-cmd –add-service=dns –permanent
success
Configure Unbound
Unbound’s configuration is stored in /etc/unbound/unbound.conf.
By default unbound only listens on the loopback interface. Specify which interface you would like to use.
interface: 192.168.1.22
Allow queries from 192.168.1.0/24.
access-control: 192.168.1.0/24 allow
Disable DNSSEC.
domain-insecure: *
Forward uncached requests to OpenDNS.
forward-zone:
name: *
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220
Check Your Configuration
[root@rhce-server ~]# unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf
Restart the Unbound Service
[root@rhce-server ~]# systemctl restart unbound
Verify it is Working
Test from a different system on the network.
mooose:~ jglemza$ dig rmohan.com A @192.168.1.22
; <<>> DiG 9.8.3-P1 <<>> rmohan.com A @192.168.1.22
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60299
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;rmohan.com. IN A
;; ANSWER SECTION:
rmohan.com. 43200 IN A 64.191.171.200
;; Query time: 234 msec
;; SERVER: 192.168.1.22#53(192.168.1.22)
;; WHEN: Sat Mar 21 13:16:54 2015
;; MSG SIZE rcvd: 42
Verify the record is now in unbound’s cache.
[root@rhce-server ~]# unbound-control dump_cache|grep rmohan.com
ns2.rmohan.com. 43197 IN A 23.253.56.58
rmohan.com. 43197 IN A 64.191.171.200
ns1.rmohan.com. 43197 IN A 64.191.171.194
rmohan.com. 43197 IN NS ns1.rmohan.com.
rmohan.com. 43197 IN NS ns2.rmohan.com.
…
Recent Comments