Installing and configuring Unbound DNS Server
yum install unbound bind-utils -y
Configuration
Do note that this is my configuration examples. My lab test is a DNS forward forwarding requests to
8.8.8.8 and 1.1.1.1
and also forwarding to other local DNS servers like designate in OpenStack.
unbound.conf
No real changes here to the default configuration.
Where the magic happens is in /etc/conf.d/
conf.d
Here is the file list in my configuration.
[root@dns unbound]# ll
total 72
drwxr-xr-x. 2 root unbound 101 Apr 11 21:27 conf.d
-rw-r--r--. 1 root root 1261 Aug 12 2022 icannbundle.pem
drwxr-xr-x. 2 root unbound 29 Dec 25 16:35 keys.d
drwxr-xr-x. 2 root unbound 36 Dec 25 16:35 local.d
-rw-r--r--. 1 root root 555 Aug 12 2022 root.key
-rw-r--r--. 1 root root 48576 Dec 25 17:00 unbound.conf
-rw-------. 1 root unbound 2455 Dec 25 16:39 unbound_control.key
-rw-r-----. 1 root unbound 1411 Dec 25 16:39 unbound_control.pem
-rw-------. 1 root unbound 2459 Dec 25 16:39 unbound_server.key
-rw-r-----. 1 root unbound 1549 Dec 25 16:39 unbound_server.pem
[root@dns conf.d]# ll
total 16
-rw-r--r--. 1 root unbound 601 Aug 12 2022 example.com.conf
-rw-r--r--. 1 root root 166 Apr 6 14:49 forwarder.conf
-rw-r--r--. 1 root root 277 Apr 11 21:27 forward-zone.conf
-rw-r--r--. 1 root root 750 Mar 17 08:23 local-zones.conf
To give a brief understanding on the files in the last code block
forwarder.conf
- Tells unbound to forward any unknown requests to these DNS servers.
forward-zone:
name: "."
forward-addr: 1.1.1.1
forward-addr: 8.8.8.8
forward-zone.conf
- Tells unbound to to forward any requests for
osp.cbnode.com.
to OpenStack designate Bind9 DNS server.
- Tells unbound to to forward any requests for
Take note of the period at the end of
com.
It is required.
forward-zone:
name: "osp.cbnode.com."
forward-addr: 172.22.60.246@53 #Openstack designate
forward-zone:
name: "osp.example.com."
forward-addr: 172.22.60.246@53 #Openstack designate
local-zones.conf
- Tells unbound to “act” as an Authoritative DNS server for these zones.
h.cbnode.com
is my Internal domain name.
server:
local-zone: "git.h.cbnode.com" redirect
local-data: "git.h.cbnode.com A 172.22.20.5"
local-zone: "api.ocp.ocplab.h.cbnode.com" redirect
local-data: "api.ocp.ocplab.h.cbnode.com A 172.22.60.182"
local-zone: "apps.ocp.ocplab.h.cbnode.com" redirect
local-data: "apps.ocp.ocplab.h.cbnode.com IN A 172.22.60.187"
local-zone: "gitlab.h.cbnode.com" redirect
local-data: "gitlab.h.cbnode.com IN A 172.22.30.5"
local-zone: "node1.h.cbnode.com" redirect
local-data: "node1.h.cbnode.com A 172.22.60.199"
local-zone: "node2.h.cbnode.com" redirect
local-data: "node2.h.cbnode.com A 172.22.60.199"
Service.
To enable the unbound service run this.
systemctl enable --now unbound
To reload any changes to the unbound configuration files in /etc/unbound
, restart the service.
systemctl restart unbound
That’s it!