Introduction to Unbound
Unbound is a validating,
recursive, and caching DNS resolver. It is designed as a set of
modular components that incorporate modern features, such as
enhanced security (DNSSEC) validation, Internet Protocol Version 6
(IPv6), and a client resolver library API as an integral part of
the architecture.
Note
Development versions of BLFS may not build or run some packages
properly if LFS or dependencies have been updated since the most
recent stable versions of the books.
Package Information
-
Download (HTTP):
https://nlnetlabs.nl/downloads/unbound/unbound-1.22.0.tar.gz
-
Download MD5 sum: be0e5ae64c6619a638c116addd4da670
-
Download size: 6.4 MB
-
Estimated disk space required: 151 MB (with docs; add 11 MB
for tests)
-
Estimated build time: 0.3 SBU (Using parallelism=4; with
docs; add 0.3 SBU for tests)
Unbound Dependencies
Optional
libevent-2.1.12, Nettle-3.10.1,
Protobuf-c-1.5.0 (for dnstap), sphinx-8.1.3 (for Python bindings
documentation), SWIG-4.3.0 (for Python bindings), Doxygen-1.13.2 (for html documentation),
dnstap, and
Python2
Installation of Unbound
There should be a dedicated user and group to take control of the
unbound daemon after
it is started. Issue the following commands as the root
user:
groupadd -g 88 unbound &&
useradd -c "Unbound DNS Resolver" -d /var/lib/unbound -u 88 \
-g unbound -s /bin/false unbound
Install Unbound by running the
following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--disable-static \
--with-pidfile=/run/unbound.pid &&
make
If you have Doxygen-1.13.2 package installed and want to
build html documentation, run the following command:
make doc
To test the results, issue make
check.
Now, as the root
user:
make install &&
mv -v /usr/sbin/unbound-host /usr/bin/
If you built the documentation, install it by running the following
commands as the root
user:
install -v -m755 -d /usr/share/doc/unbound-1.22.0 &&
install -v -m644 doc/html/* /usr/share/doc/unbound-1.22.0
Command Explanations
--disable-static
: This
switch prevents installation of static versions of the libraries.
--with-libevent
: This option enables
libevent support, which allows for the use of large outgoing port
ranges.
--with-pyunbound
: This option enables
building the Python bindings. If you want to build the bindings,
you also need to pass the PYTHON_VERSION=3.13
environment variable to
configure.
Configuring Unbound
Config Files
/etc/unbound/unbound.conf
Configuration Information
In the default configuration, unbound will bind to localhost
(127.0.0.1 IP address) and allow recursive queries only from
localhost clients. If you want to use unbound for local DNS
resolution, run the following command as the root
user:
echo "nameserver 127.0.0.1" > /etc/resolv.conf
For advanced configuration see /etc/unbound/unbound.conf
file and the
documentation.
When Unbound is installed, some
package builds fail if the file /etc/unbound/root.key
is not found. Create this
file by running the following command as the root
user:
unbound-anchor
Systemd Unit
If you want the Unbound server
to start automatically when the system is booted, install the
unbound.service
unit included in the
blfs-systemd-units-20241211 package:
make install-unbound
Contents
Installed Programs:
unbound, unbound-anchor,
unbound-checkconf, unbound-control, unbound-control-setup, and
unbound-host
Installed Library:
libunbound.so
Installed Directories:
/etc/unbound and
/usr/share/doc/unbound-1.22.0 (optional)
Short Descriptions
unbound
|
is a DNS resolver daemon
|
unbound-anchor
|
initializes or updates the root trust anchor for DNSSEC
validation
|
unbound-checkconf
|
checks the unbound configuration
file for syntax and other errors
|
unbound-control
|
performs remote administration on the unbound DNS resolver
|
unbound-control-setup
|
generates a self-signed certificate and private keys for
the server and client
|
unbound-host
|
is a DNS lookup utility similar to host from BIND Utilities-9.20.4
|
libunbound.so
|
provides the Unbound API
functions to programs
|