Lighthouse      Zap's Digital Lighthouse
   


About
Zap's Digital Lighthouse is
a Blosxom weblog for our digital outpost on the Internet

For info
info@rax.org


Useful links:
Google
Cyberpresse
The Reg
Slashdot
FreeBSD
LinkedIn
Twitter
Boursorama
RAX
zap
Soekris
xkcd
AirFrance
Wiki soekris
Wikipedia
Wiktionary
ACME
blosxom

Categories:
/FreeBSD (24)
/admin (1)
/blosxom (6)
/games (3)
/hardware (17)
/inet (4)
/misc (37)
/notwork (2)
/software (11)
/tech (1)

Archives:
 2019 (1)   
 | July (1)
 2018 (6)   
 | December (1)
 | November (3)
 | January (2)
 2017 (4)   
 | December (2)
 | January (2)
 2016 (3)   
 | November (1)
 | October (1)
 | January (1)
 2015 (9)   
 | December (2)
 | November (1)
 | October (1)
 | June (1)
 | May (2)
 | February (1)
 | January (1)
 2014 (9)   
 | December (1)
 | October (1)
 | September (1)
 | August (3)
 | May (2)
 | April (1)
 2013 (20)   
 | October (3)
 | June (4)
 | May (2)
 | April (7)
 | March (1)
 | January (3)
 2012 (60)   
 | December (4)
 | October (1)
 | July (5)
 | June (7)
 | May (1)
 | April (6)
 | March (3)
 | February (14)
 | January (19)
 2011 (3)   
 | December (1)
 | November (2)
 2008 (1)   
 | October (1)


Blosxom

       

Sun, 01 Feb 2015

Setting up an Unbound DNS server for a local network

Since FreeBSD 10, BIND has been replaced as the default DNS server by Unbound. This is nice for all kinds of security reasons (many of the recent FreeBSD security advisories have been because of BIND issues), but it does mean changing some 20+ years old habits.

On my local network, I like to have a small server that acts as the DNS server for all of my home machines (of which I have too many indeed), not only for speed of resolution and resilience, but also to have authoritative reverse DNS resolution for machines in the private address space (192.168.1.*)... so I do not only need a local caching server, but I need to configure it to serve my local network, and to be authoritative for a small set of addresses under 1.168.192.in-addr.arpa. This means doing a bit of configuration beyond the out of the box Unbound config in FreeBSD 10.1...

I have found a few helpful sites in setting up my Unbound DNS server:

but Google will help you find a lot more.

The FreeBSD Handbook says "By default, Unbound will provide DNS resolution to the local machine only. While the base system package can be configured to provide resolution services beyond the local machine, it is recommended that such requirements be addressed by installing Unbound from the FreeBSD Ports Collection.", however I found that for my very simple case it was easy to configure the "local_unbound" that is part of FreeBSD 10.1 do serve as my local network's DNS server...

Went to /var/unbound/, gave a cursory look to the "forward.conf", "lan-zones.conf", and "unbound.conf" that are present to see if they made sense (esp. "forward.conf" which is built from the "/etc/resolv.conf" file at installation... if your resolv.conf was wrong, you probably need to adjust it).

I then simply added a file in /var/unbound/conf.d/ to make outbound do what I need, which I called "local-setup.conf". This file simply contains:

##
## Unbound config for our local network
##                              Denis, 2015-01-31
##
server:
        interface: 0.0.0.0
        interface: ::0
        access-control: 192.168.0.0/16 allow
        access-control: ::1 allow
        access-control: 127.0.0.0/8 allow
        verbosity: 1
        port: 53
        do-ip4: yes
        do-udp: yes
        do-tcp: yes
        num-threads: 4

## not sure if I need this?    root-hints: "/var/unbound/etc/root.hints"

        # locally served zones can be configured for the machines on the LAN.

        local-zone: "1.168.192.in-addr.arpa." static

        ## don't need those, as my DNS is at dyndns.org
        ##      local-data: "firewall.home.lan.  IN A 192.168.1.1"
        ##      local-data: "laptop.home.lan.    IN A 192.168.1.2"
        ##      local-data: "xboxone.home.lan.   IN A 192.168.1.3"
        ##      local-data: "ps4.home.lan.       IN A 192.168.1.4"

        ## reverse DNS
        local-data-ptr: "192.168.1.1    firewall.home.lan"
        local-data-ptr: "192.168.1.4    denis.home.lan"

It seems to work at this point. Later on, I can explore the statistics produced by Unbound, but this is sufficient to get our little home server up and running.

/FreeBSD | Posted at 06:27 | permanent link