Introduction to Unbound
Unbound is a validating,
recursive, and caching DNS resolver. It is designed as a set of
modular components that incorporate modern features, such as
enhanced security (DNSSEC) validation, Internet Protocol Version 6
(IPv6), and a client resolver library API as an integral part of
the architecture.
This package is known to build and work properly using an LFS 12.2
platform.
Package Information
-
Download (HTTP):
https://nlnetlabs.nl/downloads/unbound/unbound-1.21.0.tar.gz
-
Download MD5 sum: fb7cc7922064bf122941b9f135052d00
-
Download size: 6.3 MB
-
Estimated disk space required: 148 MB (with docs; add 11 MB
for tests)
-
Estimated build time: 0.3 SBU (Using parallelism=4; with
docs; add 0.3 SBU for tests)
Unbound Dependencies
Optional
libevent-2.1.12, Nettle-3.10,
Protobuf-c-1.5.0 (for dnstap), Python2,
sphinx-8.0.2 (for Python bindings
documentation), SWIG-4.2.1 (for Python bindings), Doxygen-1.12.0 (for html documentation), and
dnstap
Installation of Unbound
There should be a dedicated user and group to take control of the
unbound daemon after
it is started. Issue the following commands as the root user:
groupadd -g 88 unbound &&
useradd -c "Unbound DNS Resolver" -d /var/lib/unbound -u 88 \
-g unbound -s /bin/false unbound
Install Unbound by running the
following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--disable-static \
--with-pidfile=/run/unbound.pid &&
make
If you have Doxygen-1.12.0 package installed and want to
build html documentation, run the following command:
make doc
To test the results, issue make
check.
Now, as the root user:
make install &&
mv -v /usr/sbin/unbound-host /usr/bin/
If you built the documentation, install it by running the following
commands as the root user:
install -v -m755 -d /usr/share/doc/unbound-1.21.0 &&
install -v -m644 doc/html/* /usr/share/doc/unbound-1.21.0
Command Explanations
--disable-static: This
switch prevents installation of static versions of the libraries.
--with-libevent: This option enables
libevent support allowing use of large outgoing port ranges.
--with-pyunbound: This option enables
building of the Python bindings.
Configuring Unbound
Config Files
/etc/unbound/unbound.conf
Configuration Information
In the default configuration, unbound will bind to localhost
(127.0.0.1 IP address) and allow recursive queries only from
localhost clients. If you want to use unbound for local DNS
resolution, run the following command as the root user:
echo "nameserver 127.0.0.1" > /etc/resolv.conf
For advanced configuration see /etc/unbound/unbound.conf file and the
documentation.
When Unbound is installed, some
package builds fail if the file /etc/unbound/root.key is not found. Create this
file by running the following command as the root user:
unbound-anchor
Systemd Unit
If you want the Unbound server
to start automatically when the system is booted, install the
unbound.service unit included in the
blfs-systemd-units-20240801 package:
make install-unbound
Contents
Installed Programs:
unbound, unbound-anchor,
unbound-checkconf, unbound-control, unbound-control-setup, and
unbound-host
Installed Library:
libunbound.so
Installed Directories:
/etc/unbound and
/usr/share/doc/unbound-1.21.0 (optional)
Short Descriptions
|
unbound
|
is a DNS resolver daemon
|
|
unbound-anchor
|
performs setup or update of the root trust anchor for
DNSSEC validation
|
|
unbound-checkconf
|
checks the unbound configuration
file for syntax and other errors
|
|
unbound-control
|
performs remote administration on the unbound DNS resolver
|
|
unbound-control-setup
|
generates a self-signed certificate and private keys for
the server and client
|
|
unbound-host
|
is a DNS lookup utility similar to host from BIND Utilities-9.20.0
|
|
libunbound.so
|
provides the Unbound API
functions to programs
|