AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : notes_serveur_dns_unbound
tech:notes_serveur_dns_unbound

Table des matières

, , ,

Notes serveur DNS Unbound

Voir :

Voir aussi :

Exemple sur RedHat

Fix Unbound is very slow to start

/etc/sysconfig/unbound 

DISABLE_UNBOUND_ANCHOR=yes

Conf Unbound en resolveur avec Cache DNS

/etc/unbound/unbound.conf 

server:
        #verbosity: 1
        #use-syslog: no
        #module-config: "subnetcache validator iterator"

        interface: 127.0.0.53
        #interface: ::0
 
        #prefer-ip4: yes
        #prefer-ip6: no
        do-ip4: yes
        do-ip6: no
        #do-tcp: yes

        access-control: 127.0.0.0/8 allow
        #cache-min-ttl: 3600
        #cache-max-ttl: 86400
        cache-max-negative-ttl: 1
        #prefetch: yes
        #serve-expired: yes
        #serve-expired-ttl: 14400
        #qname-minimisation: yes # Default yes
        #minimal-responses: yes  # Default yes
        #rrset-roundrobin: yes   # Default yes

forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4
unbound-checkconf
systemctl enable --now unbound.service

Conf autres

no-aaaa

Voir : https://github.com/berstend/unbound-no-aaaa/tree/master/etc/unbound

Administration

Source : https://gist.github.com/f9n/3c4453489820f150c81bdf2f1ccd9516

Verify configuration 

unbound-checkconf

Unbound Status 

unbound-control status

List Forwards 

unbound-control list_forwards

Lookup on Cache 

unbound-control lookup youtube.com

Dump Cache 

unbound-control dump_cache > dns-cache.txt

Restore Cache 

unbound-control load_cache < dns-cache.txt

Flush Cache 

# Flush Specific Host
unbound-control flush www.youtube.com
 
# Flush everything
unbound-control flush_zone .

Diag

Increase logged verbosity only runtime 

unbound-control verbosity 3

Print operational statistics numbers. 

unbound-control stats

Print used root server hints 

unbound-control list_stubs

Print contacted servers details. Useful to read how fast they respond and what features they support. 

unbound-control dump_infra

Test DNSSEC status of host 

unbound-host -rv example.net -D

Autres

Essaie de surcharger la conf /etc/unbound/unbound.conf (RedHat)

/etc/unbound/cond.d/common.conf 

server:
        #trust-anchor-file: ""
        #auto-trust-anchor-file: ""
        #trust-anchor: ""
        #trusted-keys-file: ""
        #val-permissive-mode: yes
        #prefetch: no
        #disable-dnssec-lame-check: no
        #harden-dnssec-stripped: no
        #harden-glue: no
        #harden-below-nxdomain: no
        #harden-referral-path: no
tech/notes_serveur_dns_unbound.txt · Dernière modification : de Jean-Baptiste
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki