{"id":5626,"date":"2016-04-06T11:01:24","date_gmt":"2016-04-06T03:01:24","guid":{"rendered":"http:\/\/rmohan.com\/?p=5626"},"modified":"2016-04-06T11:01:24","modified_gmt":"2016-04-06T03:01:24","slug":"unbound-rhce","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=5626","title":{"rendered":"unbound RHCE"},"content":{"rendered":"<p>This howto shows the steps needed to configure unbound for DNS caching and forwarding from the 192.168.1.0\/24 network. It assumes the server\u2019s IP address is 192.168.1.22 and is running RHEL\/CentOS 7.<\/p>\n<p>Installation<br \/>\n[root@rhce-server ~]# yum install unbound<\/p>\n<p>Configure Systemd<br \/>\n[root@rhce-server ~]# systemctl enable unbound<br \/>\nln -s &#8216;\/usr\/lib\/systemd\/system\/unbound.service&#8217; &#8216;\/etc\/systemd\/system\/multi-user.target.wants\/unbound.service&#8217;<br \/>\n[root@rhce-server ~]# ^enable^start<br \/>\nsystemctl start unbound<\/p>\n<p>Configure the Firewall<br \/>\n[root@rhce-server ~]# firewall-cmd &#8211;add-service=dns<br \/>\nsuccess<br \/>\n[root@rhce-server ~]# firewall-cmd &#8211;add-service=dns &#8211;permanent<br \/>\nsuccess<\/p>\n<p>Configure Unbound<\/p>\n<p>Unbound\u2019s configuration is stored in \/etc\/unbound\/unbound.conf.<\/p>\n<p>By default unbound only listens on the loopback interface. Specify which interface you would like to use.<br \/>\ninterface: 192.168.1.22<\/p>\n<p>Allow queries from 192.168.1.0\/24.<br \/>\naccess-control: 192.168.1.0\/24 allow<\/p>\n<p>Disable DNSSEC.<br \/>\ndomain-insecure: *<\/p>\n<p>Forward uncached requests to OpenDNS.<br \/>\nforward-zone:<br \/>\nname: *<br \/>\nforward-addr: 208.67.222.222<br \/>\nforward-addr: 208.67.220.220<\/p>\n<p>Check Your Configuration<br \/>\n[root@rhce-server ~]# unbound-checkconf<br \/>\nunbound-checkconf: no errors in \/etc\/unbound\/unbound.conf<\/p>\n<p>Restart the Unbound Service<br \/>\n[root@rhce-server ~]# systemctl restart unbound<\/p>\n<p>Verify it is Working<\/p>\n<p>Test from a different system on the network.<br \/>\nmooose:~ jglemza$ dig rmohan.com A @192.168.1.22<\/p>\n<p>; &lt;&lt;&gt;&gt; DiG 9.8.3-P1 &lt;&lt;&gt;&gt; rmohan.com A @192.168.1.22<br \/>\n;; global options: +cmd<br \/>\n;; Got answer:<br \/>\n;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 60299<br \/>\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<\/p>\n<p>;; QUESTION SECTION:<br \/>\n;rmohan.com.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0 A<\/p>\n<p>;; ANSWER SECTION:<br \/>\nrmohan.com.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 43200\u00a0\u00a0 IN\u00a0 A\u00a0\u00a0 64.191.171.200<\/p>\n<p>;; Query time: 234 msec<br \/>\n;; SERVER: 192.168.1.22#53(192.168.1.22)<br \/>\n;; WHEN: Sat Mar 21 13:16:54 2015<br \/>\n;; MSG SIZE\u00a0 rcvd: 42<\/p>\n<p>Verify the record is now in unbound\u2019s cache.<br \/>\n[root@rhce-server ~]# unbound-control dump_cache|grep rmohan.com<br \/>\nns2.rmohan.com.\u00a0\u00a0 43197\u00a0\u00a0 IN\u00a0 A\u00a0\u00a0 23.253.56.58<br \/>\nrmohan.com.\u00a0\u00a0 43197\u00a0\u00a0 IN\u00a0 A\u00a0\u00a0 64.191.171.200<br \/>\nns1.rmohan.com.\u00a0\u00a0 43197\u00a0\u00a0 IN\u00a0 A\u00a0\u00a0 64.191.171.194<br \/>\nrmohan.com.\u00a0\u00a0 43197\u00a0\u00a0 IN\u00a0 NS\u00a0 ns1.rmohan.com.<br \/>\nrmohan.com.\u00a0\u00a0 43197\u00a0\u00a0 IN\u00a0 NS\u00a0 ns2.rmohan.com.<br \/>\n&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This howto shows the steps needed to configure unbound for DNS caching and forwarding from the 192.168.1.0\/24 network. It assumes the server\u2019s IP address is 192.168.1.22 and is running RHEL\/CentOS 7.<\/p>\n<p>Installation [root@rhce-server ~]# yum install unbound<\/p>\n<p>Configure Systemd [root@rhce-server ~]# systemctl enable unbound ln -s &#8216;\/usr\/lib\/systemd\/system\/unbound.service&#8217; &#8216;\/etc\/systemd\/system\/multi-user.target.wants\/unbound.service&#8217; [root@rhce-server ~]# ^enable^start systemctl start unbound<\/p>\n<p>Configure [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5626"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5626"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5626\/revisions"}],"predecessor-version":[{"id":5627,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5626\/revisions\/5627"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}