Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [unbound]

Unbound is an open-source DNSSEC validating DNS resolver.

Unbound is an open-source BSD licensed caching DNS resolver developed by NLnet Labs, and is included in FreeBSD & OpenBSD's base installation.

In addition to validation, Unbound implements many enabled-by-default security features including hardening, cache poisoning prevention and zone overrides. Guides are available in the Documentation for configuration, and the underlying libunbound C library.

Documentation: https://www.unbound.net/documentation/index.html

Unbound(8) https://www.unbound.net/documentation/unbound.html

Unbound.conf(5) https://www.unbound.net/documentation/unbound.conf.html

71 questions
1
vote
1 answer

Unbound doesn't accept answer from non-DNSSEC forward rule

Unbound gets the right answer (see below) from a forward-zone, but proceeds to ignore it and try to query other DNS servers. I'm running unbound (1.10.0) on a docker image when behind a public hotspot. I've added forward-rules to allow communication…
shil88
  • 121
  • 6
0
votes
1 answer

Measuring/monitoring Unbound Resolver Performance

I am running Unbound resolver on FreeBSD, and i am looking for a solution to measure its performance.sometimes there are some delays in regard of resolving domain names,and my customers are complaining. Also using Zabbix monitoring system to…
Zareh Kasparian
  • 753
  • 5
  • 20
0
votes
2 answers

unbound.service service unit slow start/restart on 1 VM and fast on another

I am debugging an issue with Unbound (DNS Resolver software) on CentOS Linux release 7.5.1804 (Core). I have 2 VMs in different environments that are supposedly running the same Unbound software. [root@vm1 ~]# rpm -qa | grep…
Subzero123
  • 49
  • 1
  • 6
0
votes
1 answer

Setup Unbound DNS for both caching/local usage and website ns

I want to use Unbound as caching and as my ns1.domain.com nameserver with DNSSEC. I came across Unbind which looks quite easy to setup and use. unbound-control local_data "mywebsite.com A 11.22.3.44" I created a NS entry at my registry for my domain…
Jeremy Dicaire
  • 165
  • 1
  • 5
  • 15
0
votes
0 answers

Restrict DNS usage to some clients

I firstly asked the question here: https://networkengineering.stackexchange.com/questions/33948/restrict-dns-usage-to-some-clients I would like to create a unbound DNS server. I don't have the IP addresses of the users. What are some other easy…
4m1nh4j1
  • 167
  • 1
  • 2
  • 8
0
votes
2 answers

Public pfSense don't resolve external DNS lookups

I have pfSense with external IP with Unbound DNS Resolver running on it. When I send inquiry from internal network, it replies, but when I send inquiry from external machine it doesn't reply. Internal: nslookup mydomain.com…
Vladimir
  • 123
  • 1
  • 1
  • 5
0
votes
1 answer

DNS lookup to localhost gives network error

I am running a recursive DNS server on Unbound in a jail on FreeBSD with pf as a firewall. Running drill @xxx.xxx.xxx.xxx example.com (where xxx.xxx.xxx.xxx is the servers IP) on my local machine yields me with a successful lookup. However, if I try…
Draon con Color
  • 29
  • 1
  • 4
0
votes
1 answer

Postfix + Unbound for a Single IP Address Only

I'm running in to an issue using zen.spamhaus.org in Postfix. It appears too many people are using the same nameservers I am using .. and I'm getting blocked. What I'd like to do is setup Postfix to use Unbound (in recursive mode). I believe that's…
Dave
  • 135
  • 4
0
votes
0 answers

Unbound configuration for DNSBL service

We have a few SpamAssassin servers that are connected to a local DNS server that runs Unbound. The purpose of this is to cache some queries that we makes toward services such as SpamHaus, URIBL and the likes from SpamAssassin because we often…
Cyril N.
  • 624
  • 1
  • 10
  • 36
0
votes
0 answers

Have unbound forwarding requests for all clients, except for a single one where it should recurse itself

I use unbound as caching and forwarding name server for my local network. That means that all requests which cannot be answered out of the cache are forwarded to an "upstream name server" – which is not exclusively mine. Some services have per-IP…
Izzy
  • 349
  • 1
  • 5
  • 19
0
votes
0 answers

pi-hole/unbound as internal DNS server

Last week I set up Pi-hole mainly for blocking ads and handling a few internal DNS requests. This works fine, when OCD kicked in. I thought it would be nice to add Unbound to the mix to not have to use external DNS server and this hiding my traffic…
vespino
  • 111
  • 5
0
votes
1 answer

RCVD_IN_DNSWL_BLOCKED in SpamAssassin as it doesn't use local DNS

I'm not sure what I have wrong here. It used to work on Ubuntu 18.04, but doesn't on 20.04 it seems. I have unbound DNS server setup: unbound-control status version: 1.9.4 verbosity: 1 threads: 1 modules: 3 [ subnet validator iterator ] uptime: 314…
Andrew Newby
  • 1,102
  • 2
  • 25
  • 58
0
votes
0 answers

Unbound query high response time for some domains

I'm running unbound version 1.17.0 on FreeBSD 12.2, For unknow reason I have high query response time for some domains. For example when I run the query for "OKR.com" it takes around 4 Seconds to get the answer back.Knowing that there is no network…
Zareh Kasparian
  • 753
  • 5
  • 20
0
votes
0 answers

powerdns-recursor responds with SERVFAIL while others respond with NOERROR

while debugging some weird Cisco telephony server issue we discovered the following behaviour: pdns-recursor on current debian-stable: dig smartreceiver.cisco.com AAAA ; <<>> DiG 9.16.33-Debian <<>> smartreceiver.cisco.com AAAA ;; global options:…
foax
  • 23
  • 1
  • 8
0
votes
0 answers

Unbound wildcard with exclusion that goes up stream

I have a use case where I need to map an entire domain (dev.example.com as an example) to a specific computer on the network that unbound is looking for. Except for let's encrypt txt records which I need to go up to a public dns that is the…
James Hancock
  • 113
  • 5
1 2 3
4
5