Linux

Installing and Configuring an Unbound Caching Name Server

February 24, 2018

Unbound Caching Name Server

This video demonstrates how to install and configure a unbound caching name server.  You will also see how to configure the DNS server to forward the DNS requests to other DNS servers on the network.

The steps to install and configure an unbound caching name server are straightforward.  Unbound is a great option as it is one of the more secure options out there, and easier to configure than others such as BIND.

Run the following commands to install and start unbound.

yum install -y unbound
systemctl start unbound
systemctl enable unbound
vim /etc/unbound/unbound.conf

Within the unbound.conf file you want to uncomment out, and or edit the following lines:

interface: 0.0.0.0

access-control: 192.168.1.0/24 allow

forward-zone:
      name: "."
      forward-addr: 192.168.1.40

domain-insecure: den.therootuser.com

Explanation of settings

The interface allows it to accept incoming connections from any interface, the default is the local loopback address.  Access-control is the network it will accept incoming client connections from, in our case the 192.168.1.0 network.  The forward zone gives us the ability to forward DNS requests to another DNS server, and in our case it is the DNS server on my IDM server.  The 192.168.1.40 is the IP address of my DNS server on my main network.

Finally, we run the following commands:

unbound-checkconf
systemctl restart unbound
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload

We can then test out our configuration by going to another server on the network, in this example, I ssh to server1 and edit the /etc/resolv.conf file and add nameserver=192.168.1.41 and save the file.

I can then run the dig command and see the results:

[root@server1 ~]# dig den.therootuser.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> den.therootuser.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17279
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;den.therootuser.com. IN A

;; AUTHORITY SECTION:
den.therootuser.com. 3600 IN SOA rhellab.den.therootuser.com. hostmaster.den.therootuser.com. 1519442236 3600 900 1209600 3600

;; Query time: 4 msec
;; SERVER: 192.168.1.41#53(192.168.1.41)
;; WHEN: Sat Feb 24 15:25:39 MST 2018
;; MSG SIZE rcvd: 103

[root@server1 ~]#

Tags:

Share

Ivan Windon

Ivan Windon is a Site Reliability Engineer at IBM. Ivan is actively engaged in Cloud Technologies with AWS, Google, and Azure. Ivan has extensive experience with Linux and Windows administration, DNS, Networking, IDM, and Security. In his free time, he enjoys being with his wife and two children. The family enjoys hiking, and traveling when able. His favorite locations are Yosemite NPS, and San Francisco, California.

You may also like...

1 Response

  1. RHCA Journey - Day 4 - DNS and unbound | The Root User
    April 11, 2019

    […] Day 4 of the RHCA Journey, studying for the RHCE portion, was about DNS. Specifically how it works, how to diagnose DNS issues, as well as how to build an unbound DNS Cache server. […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Privacy Policy