Haack's Wiki

User Tools

Site Tools

Trace: zfsreminders mailserver rsyncrsnapshot virtmanagerhell nextcloud
computing:unbounddns

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:unbounddns [2024/11/01 04:21] oemb1905computing:unbounddns [2025/04/04 03:23] (current) oemb1905
Line 78: Line 78:
   <if $programname == 'unbound' then /var/log/unbound/unbound.log>   <if $programname == 'unbound' then /var/log/unbound/unbound.log>
   <& stop>   <& stop>
 +  nano /etc/logrotate.d/unbound
 +  
 +In the log rotate file, enter the following:
 +
 +  /var/log/unbound/unbound.log {
 +  daily
 +  rotate 7
 +  missingok
 +  create 0640 root adm
 +  postrotate
 +  /usr/lib/rsyslog/rsyslog-rotate
 +  endscript
 +  }
  
 Additionally, some Debian systems have resolvconf installed, so many install recipes recommend disabling that service so that it does not overwrite the DNS settings we are making here. Additionally, some Debian systems have resolvconf installed, so many install recipes recommend disabling that service so that it does not overwrite the DNS settings we are making here.
Line 100: Line 113:
   <edns-packet-max=1232>   <edns-packet-max=1232>
  
 +The last step is configuring the unbound server in the pihole GUI. Alternately, you can do this without a pihole by simply specifying this address as your WAN's upstream DNS server in openWRT. Alright, and in case you don't need LAN-based DNS, but just want a public facing virtual appliance to use its own DNS, just install unbound and enter the following in ''/etc/unbound/unbound.conf'':
 +
 +  server:
 +      interface: 127.0.0.1
 +      cache-max-ttl: 14400
 +      cache-min-ttl: 1200
 +      num-threads: 4
 +      msg-cache-slabs: 8
 +      rrset-cache-slabs: 8
 +      infra-cache-slabs: 8
 +      key-cache-slabs: 8
 +      rrset-cache-size: 256m
 +      msg-cache-size: 128m
 +      #prefetch: yes
 +      harden-dnssec-stripped: yes
 +      use-syslog: yes
 +      aggressive-nsec: yes
 +      hide-identity: yes
 +      hide-version: yes
 +      use-caps-for-id: yes
 +      do-tcp: yes
 +      do-udp: yes
  
 +Then, just add ''nameserver 127.0.0.1'' to /etc/resolv.conf. This latter step only works on classic/minimal Debian. Use netplan properly and/or resolvconf package and the correct ''.d'' directory if not using proper DNS management.
  
- --- //[[webmaster@haacksnetworking.org|oemb1905]] 2024/11/01 03:59//+ --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/04/04 03:20//
computing/unbounddns.1730434872.txt.gz · Last modified: 2024/11/01 04:21 by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki