Now it’s turn to install Unbound DNS server in FreeBSD 9. Unbound is alternative DNS server software under a BSD license. It is clamed as secure and fast resolving/caching DNS Server. Unbound is developed and maintained by NLnet Labs, it based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net.
Unbound DNS server is a validating, recursive, and caching DNS resolver. It is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible.
Reasons to use Unbound DNS Server
Unbound is very easy to configure through a configuration file like YAML (Yet Another Markup Language). So, Unbound doesn’t need a great number of configuration directives to setup since the service has a relatively single and simple role. The Unbound has been ported to run on a wide range of hardware OS platforms, including Linux, BSD, Solaris SPARC and X86, MacOS/X, and Windows. Windows 32-bit pre-compiled binary packages are available directly from NLnet Labs, or you can download the source package and compile it yourself.
Beside the reasons above, Unbound also has some other features such as lightweight, high performance, supports DNSSEC validation, production ready, single-purpose, security, and manageability. With some those features, finally I decided to install Unbound DNS server in FreeBSD 9.
If you interested with Unbound, let’s continue to follow following command to install Unbound DNS in your server. For your information, this is a simple tutorial as the tutorial continuation from Install Lusca Head proxy Server and Squidstats installation. Please remember the local IP address of the server is 192.168.2.5. So, you must modify the unbound.conf to match with your current network.
Install Unbound DNS Server
Now let’s follow the tutorial how to install Unbound DNS server in FreeBSD 9 below, if you don’t mind, you can copy paste the commands to your terminal server.
proxy# pkg_add -rv unbound
proxy# cd /usr/local/etc/unbound
proxy# fetch ftp://FTP.INTERNIC.NET/domain/named.cache
proxy# unbound-control-setup
proxy# chown unbound:wheel unbound_*
proxy# chmod 440 unbound_*
proxy# mkdir /usr/local/etc/unbound/dev
proxy# echo "devfs /usr/local/etc/unbound/dev devfs rw 00" >> /etc/fstab
proxy# echo 'unbound_enable="YES"' >> /etc/rc.conf
proxy# echo 'devfs_set_rulesets="/usr/local/etc/unbound/dev=unbound_ruleset"' >> /etc/rc.conf
proxy# cd /usr/local/etc/unbound/
proxy# fetch http://simplyeko.com/newlusca/unbound.conf
proxy# service unbound start
Now set /etc/resolv.conf to 127.0.0.1 like below, ensure 127.0.0.1in the top of the line.
proxy# cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver 192.168.2.1
nameserver 192.168.1.1
Now you must set the DNS server on your client to your server. You can set the DNS server IP address on your DHCP server or you can push all DNS connection from your client to your Unbound DNS server through NAT rule.
If your Unbound installation success you can check by some commands and output of commands like below
proxy# service squid status
squid is running as pid 1653.
proxy# unbound-control stats
thread0.num.queries=8
thread0.num.cachehits=0
thread0.num.cachemiss=8
thread0.num.prefetch=0
thread0.num.recursivereplies=8
thread0.requestlist.avg=0
thread0.requestlist.max=0
thread0.requestlist.overwritten=0
thread0.requestlist.exceeded=0
thread0.requestlist.current.all=0
thread0.requestlist.current.user=0
thread0.recursion.time.avg=0.183290
thread0.recursion.time.median=0.032768
total.num.queries=8
total.num.cachehits=0
total.num.cachemiss=8
total.num.prefetch=0
total.num.recursivereplies=8
total.requestlist.avg=0
total.requestlist.max=0
total.requestlist.overwritten=0
total.requestlist.exceeded=0
total.requestlist.current.all=0
total.requestlist.current.user=0
total.recursion.time.avg=0.183290
total.recursion.time.median=0.032768
time.now=1333368494.388902
time.up=428.969351
time.elapsed=428.969351
proxy# unbound-control status
version: 1.4.13
verbosity: 1
threads: 1
modules: 1 [ iterator ]
uptime: 445 seconds
unbound (pid 21332) is running...
proxy# nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: google.com
Address: 173.194.38.168
Name: google.com
Address: 173.194.38.162
Name: google.com
Address: 173.194.38.164
Name: google.com
Address: 173.194.38.166
Name: google.com
Address: 173.194.38.165
Name: google.com
Address: 173.194.38.163
Name: google.com
Address: 173.194.38.169
Name: google.com
Address: 173.194.38.161
Name: google.com
Address: 173.194.38.167
Name: google.com
Address: 173.194.38.174
Name: google.com
Address: 173.194.38.160
That’s all. The tutorial series have been ended at the moment. If you have any comment just drop in comment box below. Hopefully the article is useful for you when you want to install Unbound DNS server in FreeBSD 9.
file does not exist = http://simplyeko.com/newlusca/unbound.conf