Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [unbound]

Unbound is an open-source DNSSEC validating DNS resolver.

Unbound is an open-source BSD licensed caching DNS resolver developed by NLnet Labs, and is included in FreeBSD & OpenBSD's base installation.

In addition to validation, Unbound implements many enabled-by-default security features including hardening, cache poisoning prevention and zone overrides. Guides are available in the Documentation for configuration, and the underlying libunbound C library.

Documentation: https://www.unbound.net/documentation/index.html

Unbound(8) https://www.unbound.net/documentation/unbound.html

Unbound.conf(5) https://www.unbound.net/documentation/unbound.conf.html

71 questions
2
votes
1 answer

Unbound doesnt start

after installing Unbound apt-get -y install unbound dnsutils su -c "unbound-anchor -a /var/lib/unbound/root.key" - unbound systemctl reload unbound apt-get -y install resolvconf echo "nameserver 127.0.0.1" >>…
Aeris
  • 123
  • 1
  • 1
  • 6
2
votes
1 answer

How can I prevent unbound from restarting?

I'm running unbound version 1.4.22 Every time I run pon or poff (PPPoE connections) unbound restarts, as seen in the unbound logfile. I easily confirm this is the case by repeating a DNS query that was cached just before I ran poff Every time it…
Josh
  • 61
  • 6
2
votes
3 answers

Resolving route53 private hosted zone cnames internally

We have a DNS server outside of AWS, inside we have route53 with some private hosted zones. I want cnames on the private hosted zones to be available internally (when you access them inside the office). Due to my limited experience with DNS, I'm not…
DorianT
  • 31
  • 1
  • 5
2
votes
1 answer

Automate renewal of let's encrypt ACME-DNS challenge with unbound

I changed from a certificate with multiple explicitly defined subdomains to a wildcard certificate. For this to work, the DNS-01 challenge needs to be solved. I have a very basic unbound DNS server running (authoritative). The unbound server is on…
Amon Bune
  • 63
  • 1
  • 6
2
votes
0 answers

When does unbound fully drop expired cache

How long it will hold expired cache before dropping it? Is there any way to prefetch expired cached instead of dropping it?
zer09
  • 133
  • 4
2
votes
1 answer

DNS - Unbound - How to provide different IP for a server based on client network

We have an intranet DNS server using Unbound in FreeBSD. We have another file server with multiple network IP, First one is 10.10.10.10 and Second one in 192.168.10.10. Is there any way that DNS server provide different IP for this file server…
iamsumesh
  • 145
  • 1
  • 7
2
votes
1 answer

Unbound block list , How to know from query log that if domain blocked or not?

I have configured an Unbound server with domain block list, blocking works perfectly fine. But from the query log, i can only see that blocked domain is queried, that's it. I tired with server: local-zone: "00009483.com" always_refuse and increased…
James Arems
  • 81
  • 6
2
votes
0 answers

Bind9 vs Unbound. Which is better for VPN node and why?

I am currently in the process of developing a VPN service. One of the necessary things for a proper VPN node is a DNS server that will prevent DNS leaks, and whilst working on this project I stumbled upon two well-known DNS servers: Bind9 and…
hancack
  • 21
  • 1
  • 3
2
votes
1 answer

Unbound can't seem to read certificate files for DNS-over-TLS, gets "Permission denied"

I'm trying to set up DNS-over-TLS (DoT) with unbound resolver. i.e. I'm trying to encrypt the connection between the client and unbound I'm NOT trying to encrypt the unbound resolver → upstream connection, which many guides on the internet are…
hayalci
  • 3,631
  • 3
  • 27
  • 37
1
vote
1 answer

unbound periodically stops working

I have been using unbound as a caching DNS server forwarding to dnscrypt-proxy and it was working relatively well for a while (years, although about a year or so with dnscrypt-proxy) requiring no restarts for upwards of 30 days (roughly the time…
Walter
  • 243
  • 2
  • 6
1
vote
0 answers

Dig +trace not working, while +notrace works

I am trying to troubleshoot some DNS issues and I am starting by trying to trace my DNS lookups using dig +trace. Im getting some weird results. If do a normal dig to my unbound resolver. dig @192.168.20.1 +notrace pfsense.org I get a normal…
Marc Henning
  • 11
  • 1
  • 2
1
vote
0 answers

Unbound config to forward unknow local subdomain name

I am currently on a local aera network where no loop-back is allowed meaning that I cannot reach my public IP address from the local network. Several services need to be migrated in my local area network whilst keeping the domain name because we…
Gazoline
  • 11
  • 2
1
vote
0 answers

Unbound forward-zones of subdomains overlap

I have a subdomain (imap) that is accessible from an external network and I have some subdomains (file-drive) that are only accessible form the internal network. I do not have access to the dns-server of the university. I tried to use different…
Charlie
  • 111
  • 3
1
vote
0 answers

Unbound DNS: how to ask forwarders only after direct NS query is failed

By default, Unbound DNS server works by "classic" scheme: queries root servers for zone NS records, then queries NS'es for A/AAAA/... Sometime (rarely) connectivity between my DNS and target NS'es is failed, but target NS'es are still available from…
user2743554
  • 397
  • 3
  • 13
1
vote
2 answers

Are search domains from resolv.conf used only for A/AAAA queries?

Are the user provided search domains from resolv.conf used only for A/AAAA queries ? Are they used for any other purpose ?
Manohar
  • 229
  • 5
  • 10
1
2
3 4 5