Last active
September 20, 2021 09:13
-
-
Save Blackdixxa/05493402eac10fdbed9ffe3a082ce0e9 to your computer and use it in GitHub Desktop.
How to install unbound on EdgeRouter 3/4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo apt-get update | |
sudo apt-get install wget nano unbound | |
configure | |
set system name-server 127.0.0.1 | |
set service dhcp-server shared-network-name LAN1 subnet 10.0.0.0/24 dns-server 10.0.0.1 | |
set service dhcp-server use-dnsmasq disable | |
set service dns | |
commit;save | |
exit | |
sudo mkdir -p /etc/unbound | |
copier le fichier unbound.conf dans le dossier /etc/unbound et l'éditer | |
copier le fichier unbound_ad_servers dans le dossier /etc/unbound/ | |
cd /etc/unbound | |
sudo chown -R unbound:root /etc/unbound | |
sudo chmod -R 440 /etc/unbound | |
#Désactiver Dnsmasq | |
/etc/init.d/dnsmasq stop | |
#Editer le fichier de conf par défaut pour pas qu'il ne le relance au démarrage | |
nano /etc/default/dnsmasq | |
Changer la variable ENABLE=1 en ENABLED=0 | |
wget ftp://FTP.INTERNIC.NET/domain/named.cache -O /var/lib/unbound/root.hints | |
/etc/init.d/unbound restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# See the unbound.conf(5) man page. | |
# | |
# See /usr/share/doc/unbound/examples/unbound.conf for a commented | |
# reference config file. | |
server: | |
auto-trust-anchor-file: "/var/lib/unbound/root.key" | |
verbosity: 1 | |
interface: 0.0.0.0 | |
interface: ::0 | |
port: 53 | |
do-ip4: yes | |
do-ip6: no | |
do-udp: yes | |
do-tcp: yes | |
access-control: 192.168.0.0/16 allow | |
access-control: 127.0.0.0/8 allow | |
access-control: 10.0.0.0/8 allow | |
root-hints: "/var/lib/unbound/root.hints" | |
include: "/etc/unbound/unbound_ad_servers" | |
hide-identity: yes | |
hide-version: yes | |
harden-glue: yes | |
harden-dnssec-stripped: yes | |
cache-min-ttl: 3600 | |
cache-max-ttl: 86400 | |
prefetch: yes | |
# Buffer size for UDP port 53 | |
so-rcvbuf: 1m | |
## Unbound Optimization and Speed Tweaks | |
msg-cache-slabs: 8 | |
rrset-cache-slabs: 8 | |
infra-cache-slabs: 8 | |
key-cache-slabs: 8 | |
# Increase Memory of the cache | |
rrset-cache-size: 128m | |
msg-cache-size: 64m | |
# Private Network | |
private-address: 192.168.0.0/16 | |
private-address: 172.16.0.0/12 | |
private-address: 10.0.0.0/8 | |
## Logging | |
logfile: "/var/lib/unbound/unbound.log" | |
verbosity: 0 | |
val-log-level: 3 | |
#Ces options ne sont pas activées par défaut pour profiter à 100% de unbound. | |
#forward-zone: | |
# name: "." | |
# ssl-upstream: yes | |
# forward-addr: 1.1.1.1@853 # Cloudflare primary | |
# forward-addr: 1.0.0.1@853 # Cloudflare secondary |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment