Agenda: dns-unbound-config.txt

File dns-unbound-config.txt, 3.1 KB (added by admin, 7 years ago)
Line 
1Configuring Unbound
2
31. Log in using SSH/Putty/... to your CACHE machine:
4
5        (i.e. for group 1, you would use cache.grp1.ws.nsrc.org)
6
7    $ ssh -l adm cache.grpXX.ws.nsrc.org
8
92. On CACHE:
10
11    # cd /usr/local/etc/unbound/
12    # cp unbound.conf.sample unbound.conf
13
14    Now edit the file unbound.conf, and make the following changes:
15
16    a) enable listening - find the lines with:
17
18        # interface: ...
19        # interface: ...
20
21    and just under, add this line:
22
23        interface: 0.0.0.0
24
25    b) access control - find the lines with:
26
27        # access-control: ...
28        # access-control: ...
29
30    and just under, add this line:
31
32        access-control: 10.10.0.0/16 allow
33
34    c) chroot security - find the line
35   
36        # chroot: "/usr/local/etc/unbound"
37
38    and just under, add this line:
39
40        chroot: ""
41
42    d) set the root-hints file - find the line with:
43
44        # root-hints: ""
45
46    and just under, add this line:
47
48        root-hints: "/usr/local/etc/unbound/named.root"
49
50                ... and download a copy like this:
51
52                # cd /usr/local/etc/unbound/
53        # fetch http://10.10.0.245/named.root
54
55    e) re-enable the 10.in-addr.arpa zone - find the line with:
56
57        # local-data-ptr: "192.0.2.3 www.example.com"
58
59    and just under, add this line:
60
61        local-zone: "10.in-addr.arpa." nodefault
62
63    f) enable remote control - find the line with:
64
65        # control-enable: no
66
67    and CHANGE it (by removing # in front) to:
68
69        control-enable: yes
70
71    - find the line with:
72
73        # control-interface: 127.0.0.1
74
75    and CHANGE it to:
76
77        control-interface: 0.0.0.0
78
79    - find the line with:
80
81        # control-port: 953
82
83    and CHANGE it to:
84
85        control-port: 953
86       
87    - finally, uncomment the following lines:
88
89        # server-key-file: "/usr/local/etc/unbound/unbound_server.key"
90    becomes
91        server-key-file: "/usr/local/etc/unbound/unbound_server.key"
92 
93        # server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
94    becomes
95        server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
96 
97        # control-key-file: "/usr/local/etc/unbound/unbound_control.key"
98    becomes
99        control-key-file: "/usr/local/etc/unbound/unbound_control.key"
100 
101        # control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
102    becomes
103        control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
104
105
106    Save the file, exit.
107
1083. Create the control keys:
109
110    # unbound-control-setup
111
1124.  Test the configuration:
113
114    # unbound-checkconf
115
1165. edit /etc/rc.conf and add:
117
118    unbound_enable="YES"
119
1206. start unbound!
121
122    # /usr/local/etc/rc.d/unbound start
123
1247. Change your /etc/resolv.conf to use your newly configured Unbound,
125   on this machine (CACHE), but on MASTER as well:
126
127    # vi /etc/resolv.conf
128
129    Change the nameserver line to:
130
131        nameserver 10.10.XX.2
132
133    ... where XX is the number of your group
134
1358. Test
136
137    # dig
138    # dig noc.ws.nsrc.org
139    # dig MYTLD. NS
140
141        Make sure you see SERVER: ...(10.10.XX.2) at the bottom of
142        dig's output.
143
144    # dig version.bind txt chaos
145
146    What does the output say ?