Agenda: dns-unbound-config.txt

File dns-unbound-config.txt, 2.9 KB (added by regnauld, 8 years ago)
Line 
1Configuring Unbound
2
31. Log in using SSH/Putty/... to your CACHE machine:
4
5    $ ssh -l adm cache.grpXX.ws.nsrc.org
6
72. On CACHE:
8
9    # cd /usr/local/etc/unbound/
10    # cp unbound.conf.sample unbound.conf
11
12    Now edit the file unbound.conf, and make the following changes:
13
14    a) enable listening - find the lines with:
15
16        # interface: ...
17        # interface: ...
18
19    and just under, add this line:
20
21        interface: 0.0.0.0
22
23    b) access control - find the lines with:
24
25        # access-control: ...
26        # access-control: ...
27
28    and just under, add this line:
29
30        access-control: 10.10.0.0/16 allow
31
32    c) chroot security - find the line
33   
34        # chroot: "/usr/local/etc/unbound"
35
36    and just under, add this line:
37
38        chroot: ""
39
40    d) set the root-hints file - find the line with:
41
42        # root-hints: ""
43
44    and just under, add this line:
45
46        root-hints: "/usr/local/etc/unbound/named.root"
47
48                ... and download a copy like this:
49
50                fetch http://10.10.0.245/resources/named.root
51
52    e) re-enable the 10.in-addr.arpa zone - find the line with:
53
54        # local-data-ptr: "192.0.2.3 www.example.com"
55
56    and just under, add this line:
57
58        local-zone: "10.in-addr.arpa." nodefault
59
60    f) enable remote control - find the line with:
61
62        # control-enable: no
63
64    and CHANGE it (by removing # in front) to:
65
66        control-enable: yes
67
68    - find the line with:
69
70        # control-interface: 127.0.0.1
71
72    and CHANGE it to:
73
74        control-interface: 0.0.0.0
75
76    - find the line with:
77
78        # control-port: 953
79
80    and CHANGE it to:
81
82        control-port: 953
83       
84    - finally, uncomment the following lines:
85
86        # server-key-file: "/usr/local/etc/unbound/unbound_server.key"
87    becomes
88        server-key-file: "/usr/local/etc/unbound/unbound_server.key"
89 
90        # server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
91    becomes
92        server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
93 
94        # control-key-file: "/usr/local/etc/unbound/unbound_control.key"
95    becomes
96        control-key-file: "/usr/local/etc/unbound/unbound_control.key"
97 
98        # control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
99    becomes
100        control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
101
102
103    Save the file, exit.
104
1053. Create the control keys:
106
107    # unbound-control-setup
108
1094.  Test the configuration:
110
111    # unbound-checkconf
112
1135. edit /etc/rc.conf and add:
114
115    unbound_enable="YES"
116
1176. start unbound!
118
119    # /usr/local/etc/rc.d/unbound start
120
1217. Change your /etc/resolv.conf to use your newly configured Unbound,
122   on this machine (CACHE), but on MASTER as well:
123
124    # vi /etc/resolv.conf
125
126    Change the nameserver line to:
127
128        nameserver 10.10.XX.2
129
130    ... where XX is the number of your group
131
1328. Test
133
134        # dig
135    # dig noc.ws.nsrc.org
136        # dig MYTLD. NS
137
138        Make sure you see SERVER: ...(10.10.XX.2) at the bottom of
139        dig's output.
140