Skip to content

Instantly share code, notes, and snippets.

@insdavm

insdavm/unbound-setup.md

Last active November 15, 2023 07:35
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save insdavm/4c6d173dd8c0c848cf9c98f89c99f927 to your computer and use it in GitHub Desktop.
Save insdavm/4c6d173dd8c0c848cf9c98f89c99f927 to your computer and use it in GitHub Desktop.
Download ZIP
Setup unbound for DNS
Raw
unbound-setup.md

Unbound

Install
$ sudo apt install unbound unbound-host

Get latest list of root DNS servers
$ curl -o /var/lib/unbound/root.hints https://www.internic.net/domain/named.cache

Setup /etc/unbound/unbound.conf:

server:

  num-threads: 4
  verbosity: 1
  root-hints: "/var/lib/unbound/root.hints"
  auto-trust-anchor-file: "/var/lib/unbound/root.key"
  interface: 0.0.0.0
  max-udp-size: 3072
  access-control: 0.0.0.0/0                 refuse
  access-control: 127.0.0.1                 allow
  
  # VPN IP subnet in slash notation
  access-control: XX.XX.XX.XX/YY         allow
  private-address: XX.XX.XX.XX/YY

  hide-identity: yes
  hide-version: yes
  harden-glue: yes
  harden-dnssec-stripped: yes
  harden-referral-path: yes
  unwanted-reply-threshold: 10000000
  val-log-level: 1
  cache-min-ttl: 1800 
  cache-max-ttl: 14400
  prefetch: yes
  prefetch-key: yes

Make sure permission are good
$ sudo chown -R unbound:unbound /var/lib/unbound

Enable & start the service
$ sudo systemctl enable unbound

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment