unbound RHCE

This howto shows the steps needed to configure unbound for DNS caching and forwarding from the 192.168.1.0/24 network. It assumes the server’s IP address is 192.168.1.22 and is running RHEL/CentOS 7.

Installation
[root@rhce-server ~]# yum install unbound

Configure Systemd
[root@rhce-server ~]# systemctl enable unbound
ln -s ‘/usr/lib/systemd/system/unbound.service’ ‘/etc/systemd/system/multi-user.target.wants/unbound.service’
[root@rhce-server ~]# ^enable^start
systemctl start unbound

Configure the Firewall
[root@rhce-server ~]# firewall-cmd –add-service=dns
success
[root@rhce-server ~]# firewall-cmd –add-service=dns –permanent
success

Configure Unbound

Unbound’s configuration is stored in /etc/unbound/unbound.conf.

By default unbound only listens on the loopback interface. Specify which interface you would like to use.
interface: 192.168.1.22

Allow queries from 192.168.1.0/24.
access-control: 192.168.1.0/24 allow

Disable DNSSEC.
domain-insecure: *

Forward uncached requests to OpenDNS.
forward-zone:
name: *
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220

Check Your Configuration
[root@rhce-server ~]# unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf

Restart the Unbound Service
[root@rhce-server ~]# systemctl restart unbound

Verify it is Working

Test from a different system on the network.
mooose:~ jglemza$ dig rmohan.com A @192.168.1.22

; <<>> DiG 9.8.3-P1 <<>> rmohan.com A @192.168.1.22
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60299
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;rmohan.com.          IN  A

;; ANSWER SECTION:
rmohan.com.       43200   IN  A   64.191.171.200

;; Query time: 234 msec
;; SERVER: 192.168.1.22#53(192.168.1.22)
;; WHEN: Sat Mar 21 13:16:54 2015
;; MSG SIZE  rcvd: 42

Verify the record is now in unbound’s cache.
[root@rhce-server ~]# unbound-control dump_cache|grep rmohan.com
ns2.rmohan.com.   43197   IN  A   23.253.56.58
rmohan.com.   43197   IN  A   64.191.171.200
ns1.rmohan.com.   43197   IN  A   64.191.171.194
rmohan.com.   43197   IN  NS  ns1.rmohan.com.
rmohan.com.   43197   IN  NS  ns2.rmohan.com.
…