Install
$ sudo apt install unbound unbound-host
Get latest list of root DNS servers
$ curl -o /var/lib/unbound/root.hints https://www.internic.net/domain/named.cache
Setup /etc/unbound/unbound.conf
:
server:
num-threads: 4
verbosity: 1
root-hints: "/var/lib/unbound/root.hints"
auto-trust-anchor-file: "/var/lib/unbound/root.key"
interface: 0.0.0.0
max-udp-size: 3072
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1 allow
# VPN IP subnet in slash notation
access-control: XX.XX.XX.XX/YY allow
private-address: XX.XX.XX.XX/YY
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-referral-path: yes
unwanted-reply-threshold: 10000000
val-log-level: 1
cache-min-ttl: 1800
cache-max-ttl: 14400
prefetch: yes
prefetch-key: yes
Make sure permission are good
$ sudo chown -R unbound:unbound /var/lib/unbound
Enable & start the service
$ sudo systemctl enable unbound