{{tag>Brouillon DNS Resolveur CA}} = Notes serveur DNS Unbound Voir : * https://nlnetlabs.nl/documentation/unbound/unbound.conf/ * https://github.com/iusrepo/unbound1/blob/main/unbound.conf Voir aussi : * * [[https://coredns.io/|CoreDNS]] (cncf.io) Exemple sur RedHat Fix Unbound is very slow to start ''/etc/sysconfig/unbound''


DISABLE_UNBOUND_ANCHOR=yes

== Conf Unbound en resolveur avec Cache DNS ''/etc/unbound/unbound.conf''


server:
        #verbosity: 1
        #use-syslog: no
        #module-config: "subnetcache validator iterator"

        interface: 127.0.0.53
        #interface: ::0

        #prefer-ip4: yes
        #prefer-ip6: no
        do-ip4: yes
        do-ip6: no
        #do-tcp: yes

        access-control: 127.0.0.0/8 allow
        #cache-min-ttl: 3600
        #cache-max-ttl: 86400
        cache-max-negative-ttl: 1
        #prefetch: yes
        #serve-expired: yes
        #serve-expired-ttl: 14400
        #qname-minimisation: yes # Default yes
        #minimal-responses: yes  # Default yes
        #rrset-roundrobin: yes   # Default yes

forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4


unbound-checkconf
systemctl enable --now unbound.service

== Conf autres no-aaaa Voir : https://github.com/berstend/unbound-no-aaaa/tree/master/etc/unbound == Administration Source : https://gist.github.com/f9n/3c4453489820f150c81bdf2f1ccd9516 Verify configuration


unbound-checkconf

Unbound Status


unbound-control status

List Forwards


unbound-control list_forwards

Lookup on Cache


unbound-control lookup youtube.com

Dump Cache


unbound-control dump_cache > dns-cache.txt

Restore Cache


unbound-control load_cache < dns-cache.txt

Flush Cache


# Flush Specific Host
unbound-control flush www.youtube.com

# Flush everything
unbound-control flush_zone .

=== Diag Increase logged verbosity only runtime


unbound-control verbosity 3

Print operational statistics numbers.


unbound-control stats

Print used root server hints


unbound-control list_stubs

Print contacted servers details. Useful to read how fast they respond and what features they support.


unbound-control dump_infra

Test DNSSEC status of host


unbound-host -rv example.net -D

== Autres Essaie de surcharger la conf /etc/unbound/unbound.conf (RedHat) ''/etc/unbound/cond.d/common.conf''


server:
        #trust-anchor-file: ""
        #auto-trust-anchor-file: ""
        #trust-anchor: ""
        #trusted-keys-file: ""
        #val-permissive-mode: yes
        #prefetch: no
        #disable-dnssec-lame-check: no
        #harden-dnssec-stripped: no
        #harden-glue: no
        #harden-below-nxdomain: no
        #harden-referral-path: no