Haack's Wiki

User Tools

Site Tools

Trace: piholeonblack smokeping zfsreminders preseed miscadmin nextcloud rsyncrsnapshot synapse rustdesk unbounddns
computing:unbounddns

This is an old revision of the document!

  • unbounddns
  • Jonathan Haack
  • Haack's Networking
  • netcmnd@jonathanhaack.com

unbounddns

This tutorial is for users of Debian GNU/Linux who want to run their own recursive DNS server using the Unbound project. In this scenario, I am using GL.iNet MT6000 router and a separate AP. The router handles all dhcp/dns for the LAN / private subnet. In the openWRT config on the router's dhcp server, I specify two custom DNS servers in Interfaces / LAN / DHCP Server / Advanced / 6,10.1.1.100,10.1.1.101. These DNS servers are Debian VMs on two different production servers in the home office space; each of them is running a pihole server. The pihole-FTL takes care of adblocking and DNS sinkhole duties. If left with default settings, it uses your specified third-party DNS servers for upstream requests (Level 3, Cloudflare, etc.). This tutorial is how to replace those third-party DNS servers with Unbound, running locally on each pihole and on port 5335 instead of port 53, which is already used by pihole-FTL. 

sudo apt install unbound
sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf

In that file, enter something like the following, adjusting as necessary for your use-case. 

(example)

In my case, I prefer traditional rotated logs with rsyslog, so I do the following: 

sudo apt install rsyslog
sudo nano /etc/rsyslog.d/unbound.conf
<if $programname == 'unbound' then /var/log/unbound/unbound.log>
<& stop>

Additionally, some Debian systems have resolvconf installed, so many install recipes recommend disabling that service so that it does not overwrite the DNS settings we are making here. 

systemctl disable --now unbound-resolvconf.service
sed -Ei 's/^unbound_conf=/#unbound_conf=/' /etc/resolvconf.conf
rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

To make sure logs are working properly: 

nano /etc/apparmor.d/local/usr.sbin.unbound
</var/log/unbound/unbound.log rw,>
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.unbound
sudo service apparmor restart
sudo mkdir -p /var/log/unbound
sudo touch /var/log/unbound/unbound.log
sudo chown unbound /var/log/unbound/unbound.log

Enforce edns settings specified in config: 

nano /etc/dnsmasq.d/99-edns.conf
<edns-packet-max=1232>

oemb1905 2024/11/01 03:59

computing/unbounddns.1730434094.txt.gz · Last modified: 2024/11/01 04:08 by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki