Of course. Note this is a minimal configuration.
1. Download root servers :
- Code: Select all
root@NAS:/usr/local/etc/unbound # wget ftp://ftp.internic.net/domain/named.cache
2. Create the log file
- Code: Select all
root@NAS:/usr/local/etc/unbound # touch unbound.log
3. To bypass any right problem I did a
- Code: Select all
chmod 777 unbound.log
. I think this step may be replaced with a
- Code: Select all
chown unbound:unbound unbouch.log
4. Configuration file :
- Code: Select all
server:
# verbosity number, 0 is least verbose. 1 is default.
verbosity: 1
# specify the interfaces to answer queries from by ip-address.
# The default is to listen to localhost (127.0.0.1 and ::1).
# specify 0.0.0.0 and ::0 to bind to all available interfaces.
# specify every interface[@port] on a new 'interface:' labelled line.
# The listen interfaces are not changed on reload, only on restart.
interface: 0.0.0.0
# port to answer queries from
port: 53
# Enable IPv4, "yes" or "no".
do-ip4: yes
# Enable UDP, "yes" or "no".
do-udp: yes
# Enable TCP, "yes" or "no".
do-tcp: yes
# Detach from the terminal, run in background, "yes" or "no".
do-daemonize: yes
# control which clients are allowed to make (recursive) queries
# to this server. Specify classless netblocks with /size and action.
# By default everything is refused, except for localhost.
# Choose deny (drop message), refuse (polite error reply),
# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
# deny_non_local (drop queries unless can be answered from local-data)
# refuse_non_local (like deny_non_local but polite error reply).
access-control: 0.0.0.0/0 allow
# If you give "" no chroot is performed. The path must not end in a /.
chroot: "/usr/local/etc/unbound"
# if given, user privileges are dropped (after binding port),
# and the given username is assumed. Default is user "unbound".
# If you give "" no privileges are dropped.
username: "unbound"
# the working directory. The relative files in this config are
# relative to this directory. If you give "" the working directory
# is not changed.
directory: "/usr/local/etc/unbound"
# the log file, "" means log to stderr.
# Use of this option sets use-syslog to "no".
logfile: "unbound.log"
# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
# log to, with identity "unbound". If yes, it overrides the logfile.
use-syslog: no
# file to read root hints from.
# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
root-hints: "named.cache"
6. Start unbound at boot
Note sure about the best way but I added a script into cron-boot directory
- Code: Select all
root@NAS:/share/1000/fvdw/cron-boot # cat unbound-start
#!/bin/sh
/bin/adduser -h /usr/local/etc/unbound/ -s /usr/bin/false -D unbound unbound
/usr/local/sbin/unbound
7. Just run this script to immediately start Unbound :)
And have fun with your own dns server ^^
- Code: Select all
iMac-de-Kevin:Kevin Kevin$ host plugout.net 192.168.1.3
Using domain server:
Name: 192.168.1.3
Address: 192.168.1.3#53
Aliases:
plugout.net has address 213.186.33.82
plugout.net mail is handled by 100 mxb.ovh.net.
plugout.net mail is handled by 1 mx1.ovh.net.
plugout.net mail is handled by 5 mx2.ovh.net.
iMac-de-Kevin:Kevin Kevin$ host google.fr 192.168.1.3
Using domain server:
Name: 192.168.1.3
Address: 192.168.1.3#53
Aliases:
google.fr has address 216.58.208.195
google.fr has IPv6 address 2a00:1450:4007:80d::2003
google.fr mail is handled by 30 alt2.aspmx.l.google.com.
google.fr mail is handled by 10 aspmx.l.google.com.
google.fr mail is handled by 40 alt3.aspmx.l.google.com.
google.fr mail is handled by 50 alt4.aspmx.l.google.com.
google.fr mail is handled by 20 alt1.aspmx.l.google.com.
iMac-de-Kevin:Kevin Kevin$
Posted: Fri May 01, 2015 2:11 pm