Configuring unbound

Unbound is default dns server in FreeBSD10.

Configuration sample file you’ll find in

/usr/local/etc/unbound/unbound.conf.sample

Obviously config file shouldn’t have “.sample” config name postfix

My “eyasy mode” for unbound (forwarding only dns) have really short conf :

server:
interface: 10.214.0.1
access-control: 10.214.0.0/16 allow
verbosity: 1

forward-zone:
name: “.”
forward-addr: 8.8.8.8 # Google Public DNS
forward-addr: 74.82.42.42 # Hurricane Electric
forward-addr: 4.2.2.4 # Level3 Verizon

and restart service by

[root@gw-ds14 ~]# service unbound restart
Stopping unbound.
Waiting for PIDS: 823.
Obtaining a trust anchor:Starting unbound.

Looks fine for now 🙂

Last thing you should do is check how your dns is responding (i checked from win7 machine):

C:\Users\User>nslookup o2.pl 10.214.0.1
Server: UnKnown
Address: 10.214.0.1

Non-authoritative answer:
Name: o2.pl
Addresses: 2001:67c:25c4::103
193.17.41.103

C:\Users\User>

Seams ok.

Ps1. Don’t forget to unlock 53 udp port on your firewall.
Ps2. If you are planning to test dns from localmachine you should install nslookup (which is not installed by default)

[root@gw-ds14 ~]# pkg install bind-tools
Updating FreeBSD repository catalogue…
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 2 packages will be affected (of 0 checked):

New packages to be INSTALLED:
bind-tools: 9.10.1_3
idnkit: 1.0_5

The process will require 26 MB more space.
3 MB to be downloaded.

Proceed with this action? [y/N]: y
Fetching bind-tools-9.10.1_3.txz: 100% 2 MB 2.5M/s 00:01
Fetching idnkit-1.0_5.txz: 100% 189 KB 193.2k/s 00:01
Checking integrity… done (0 conflicting)
[1/2] Installing idnkit-1.0_5: 100%
[2/2] Installing bind-tools-9.10.1_3: 100%
[root@gw-ds14 ~]#

success again 🙂