Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [unbound]

Unbound is an open-source DNSSEC validating DNS resolver.

Unbound is an open-source BSD licensed caching DNS resolver developed by NLnet Labs, and is included in FreeBSD & OpenBSD's base installation.

In addition to validation, Unbound implements many enabled-by-default security features including hardening, cache poisoning prevention and zone overrides. Guides are available in the Documentation for configuration, and the underlying libunbound C library.

Documentation: https://www.unbound.net/documentation/index.html

Unbound(8) https://www.unbound.net/documentation/unbound.html

Unbound.conf(5) https://www.unbound.net/documentation/unbound.conf.html

71 questions
1
vote
1 answer

unbound not forwarding query to another recursive DNS server

I'm trying to use unbound to forward DNS queries to other recursive DNS server. My unbound.conf looks like: forward-zone: name: "." forward-addr:x.x.x.x forward-addr:x.x.x.x forward-addr:x.x.x.x But when I use the command # unbound-control lookup…
FELDAP
  • 939
  • 2
  • 10
  • 22
1
vote
0 answers

Puppet odd issue - Error 400 on SERVER: Duplicate declaration: Unbound::Record[host.example.com] is already declared in file

Hope someone could help me with my issue ) So, I have several VHost which managed by puppet, including DNS (unbound). One vhost was deleted some time ago and and recreated recently with new IP address (I can't use old IP :( ). But, when puppet…
Serge
  • 11
  • 2
1
vote
1 answer

Best Practice for Unbound Caching DNS server

We have an Unbound caching server that was setup by another internal team. However, there is no logging enabled. I not only want this enabled for troubleshooting internal name resolution issues, but also to feed into a SIEM, and do other traffic…
user2386996
  • 11
  • 2
1
vote
1 answer

disable access-control for unbound DNS server

I have a public DNS server that obviously needs to respond to everyone and anyone. Setting up the access-control directive allowing access from every IP results in a "netblock too large" error. Does anyone know how I can disable access control for…
Balthasar
  • 113
  • 5
1
vote
1 answer

Unbound DNS resolver for a network

I'm actually trying to create a DNS resolver for my local network, to do so, I choosed to use unbound, so I installed it on an Arch Linux server, and it's working, but only for the local machine (127.0.0.1), not for the network (I want to open it to…
user342194
1
vote
1 answer

Which upstream servers is unbound using?

In order to have local DNSSEC validation, I set up a Raspberry Pi (having a static IP) with Raspian Jessie and unbound to offer a DNS server to my LAN. After I looked up some tutorials and howtos, I came up with this configuration that seems to…
comfreak
  • 1,501
  • 1
  • 21
  • 33
1
vote
1 answer

How to do parallel queries to the upstream DNS using Unbound?

Can I configure Unbound as forwarder but that it alway send a query to ALL upstream DNS servers that I configure and take as valid reply the first in arrive? Such feature exist in nsmasq pfSense: In pfSense 1.2.3 and later this behavior has been…
user120858
1
vote
1 answer

What could this extra 50ms latency be on my unbound DNS resolving server (Fedora)?

I have a discrepancy in query latency. It's not a problem, it's just strange enough to worry me. Client machine (Fedora 18) runs unbound-1.4.19-1.fc18.x86_64. Server machine (Debian 7 testing) runs unbound 1.4.17-2. Both are connected to the same…
sourcejedi
  • 1,100
  • 10
  • 20
1
vote
1 answer

unbound DNS without recursive

I want to configure the unbound DNS for the domain e.g. domain.com in a way that it only answers for *.domain.com and rest of any query like gmail.com or hotmail.com are refused. I have following configuration but it doesn't work as…
AAB
  • 13
  • 4
1
vote
1 answer

Unbound as a caching intermediate server is slow, and doing more than what I need

What I need A forwarding DNS server as an intermediry to another DNS server that serves expired records and renews its cache later. Problem I tried to use unbound as the only software that I've found to have this serve-expired feature. However the…
Masood Lapeh
  • 48
  • 1
  • 5
1
vote
1 answer

redirect outgoing dns queries to localhost using iptables

Problem There are some outgoing TCP DNS requests in my Ubuntu server that I couldn't control them to be resolved by Unbound on 127.0.0.1:53 which uses 208.67.222.222 to resolve everything, and I see those TCP DNS packets finally going from my public…
Masood Lapeh
  • 48
  • 1
  • 5
1
vote
1 answer

Can't Receive Email - Postfix iRedMail Server Using Spamhaus & Unbound / BIND9 DNS Servers

iRedMail server configured using ISP's DNS servers. Running several years without issue. Moving from current ISP to Starlink. It appears Starlink uses Cloudflare's public DNS. Currently have both ISPs running in parallel until cutover complete.…
BigPines
  • 11
  • 4
1
vote
0 answers

how to make unbound hold many queries for non cached address to cache it first

I am looking for a way to make unbound hold queries for the same address lookup when it is not cached. It should let only one query to be processed, after that answer cached it can reply other queries from that cache. Is there such an option?
Çiçek Adam
  • 33
  • 4
1
vote
2 answers

Unbound sends recursive queries from default gateway

I am looking for an option that will make unbound to send recursive queries from a specific interface. Listening interface is easy, but I can't find asking interface option. I have 3 interfaces on my VM and I don't want unbound to ask from default…
Çiçek Adam
  • 33
  • 4
1
vote
1 answer

Runing unbound doh behind nginx

I'm trying to run unbound DoH behind nginx but I'm getting a 502 Bad Gateway error. In nginx log I have the following message: 2021/03/25 08:54:49 [error] 10052#10052: *1 upstream prematurely closed connection while reading response header from…
kuroneko
  • 121
  • 3
1 2
3
4 5