Unbound DNS Server Installation

update and upgrade
# apt-get update
# apt-get upgrade -y

-disable firewall
# ufw disable
-set correct date and timezone
# rm /etc/localtime
# ln -s /usr/share/zoneinfo/Asia/Jakarta /etc/localtime

-disable dnsmasq
# cat /etc/NetworkManager/NetworkManager.conf

-install unbound dns
# apt-get install unbound
-set cronjob to download named.root automatically
# wget https://www.internic.net/domain/named.root -o /etc/unbound/root.hints
# cat /etc/cron.d/named-root
0 * * * * root wget -c http wget -c http://www.internic.net/domain/named.root -O /etc/unbound/root.hints
# crontab /etc/cron.d/named-root

# cat unbound.conf
    interface: ::0
    access-control: allow
#    access-control: allow
#    access-control: 2001:db8:dead:beef::/48 allow
    # unbound optimisation
    num-threads: 4
    msg-cache-slabs: 16
    rrset-cache-slabs: 16
    infra-cache-slabs: 16
    key-cache-slabs: 16
    outgoing-range: 206
    so-rcvbuf: 4m
    so-sndbuf: 4m
    so-reuseport: yes
    rrset-cache-size: 100m
    msg-cache-size: 50m
    # unbound security
    do-ip4: yes
    do-ip6: yes
    do-udp: yes
    do-tcp: yes
    cache-max-ttl: 86400
    cache-min-ttl: 3600
    hide-identity: yes
    hide-version: yes
    minimal-responses: yes
    prefetch: yes
    use-caps-for-id: yes
    verbosity: 1
    harden-glue: yes
    harden-dnssec-stripped: yes
    root-hints: “/etc/unbound/root.hints”
    private-domain: “ngtrain.com
#  private-address: 2001:db8:dead:beef::/48
    local-data: “vc.ngtrain.com.  IN A″
    local-data-ptr: “  vc.ngtrain.com
    name: “.”
include: “/etc/unbound/unbound.conf.d/*.conf”

# reboot

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s