Configuration for local server
Ernie Luzar
luzar722 at gmail.com
Mon Sep 25 13:47:08 UTC 2017
Ludo via Unbound-users wrote:
snip
This is what I use on my Freebsd system.
#
# FreeBSD 11.0 & newer, unbound quick start instructions.
#
# 1. In the /etc/rc.conf file
# Comment out this if it's there local_unbound_enable="YES"
# add unbound_enable="YES"
# Freebsd OS built-in local_unbound can not co-exist with port
# version.
#
# 2. unbound comes with a built-in "root zone" which negates the need
# for a "forward-zone: section" all together. This built-in
# "root zone" sends DNS requests to the up-stream public DSN
# servers. Verify that your host firewall doesn't have rules
# restricting port 53 to using only your ISP's DNS IP addresses.
#
# 3. Delete the contents of the /etc/resolv.conf and add this line
# nameserver 127.0.0.1
# Then make it immutable using "chflags -R schg /etc/resolv.conf"
# This makes it un-writable by anyone, Contents will never change.
# Use "ls -lo /etc/resolv.conf" to see its flags.
# Use "chflags -R noschg /etc/resolv.conf" to return to normal.
# This stops /etc/resolv.conf being refreshed at boot time with DNS
# information from your ISP over riding the nameserver 127.0.0.1
# statement needed to drive host dns requests to unbound.
#
# 4. If you have a LAN behind this host and want those LAN device's
# DNS requests to also go through the hosts unbound server.
# Change the hosts DHCP server config file DNS ip address to the
# LAN ip address assigned to the host network adapter the LAN is on.
#
# 5. Use service unbound restart command after making changes to the
# content of your unbound.conf file. Note: Any unbound.conf content
# errors causes the unbound server to not start. This means ALL DNS
# requests go un-serviced, basically your host system and LAN users
# are dead in the water until you fix things.
# The service unbound stop command results in the same thing.
#
# 6. Take note: The unbound man pages are not FreeBSD specific.
# Unbound is open source software that runs on many different
# platforms. Some statements and ideas expressed are incorrect based
# on the FreeBSD way of doing things.
#
# 7. The /usr/local/etc/unbound/unbound.conf.sample file shows all the
# possible options available in the unbound.conf file. The defaults
# are designed to create a running unbound server. In most all cases
# the following working unbound.conf file contains the default over
# rides necessary for a working unbound server. Copy this content or
# this file to /usr/local/etc/unbound/unbound.conf and your ready to
# go.
# Start of the working unbound.conf file.
# Server config section.
server:
# chroot: "/usr/local/etc/unbound"
chroot: "" # disable chroot
# Specify the interfaces to answer queries from by ip-address.
# The default is to listen to localhost (127.0.0.1 and ::1) only.
# Specify 0.0.0.0 and ::0 to bind to all available interfaces.
interface: ::0 # listen on all ipv6 interfaces
interface: 0.0.0.0 # listen on all ipv4 interfaces
# Control which clients are allowed to make (recursive) queries
# to this server. Specify classless netblocks with /size and action.
# By default everything is refused, except for localhost.
# Example 10.0.0.0/8 is the ip address block assigned to the LAN.
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
# Use this to include another text file content into this file.
# include: "/path/file-name"
include: /usr/local/etc/unbound/void-zones-all
# This is where the statements go to block un-wanted fqdn
# local-zone: ads.youtube.com always_nxdomain
# Remote control config section.
# Remote control must be enabled before the unbound-control(8)
# command can be used to send commands to the running unbound server.
# To enable security, execute the unbound-control-setup command
# to set up the keys and certificates.
# This remote-control: section enables remote-control with
# security disabled.
remote-control:
control-enable: yes
control-interface: /var/run/unbound.ctl
control-use-cert: no
More information about the Unbound-users
mailing list