Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 3. Setting up an unbound DNS server

To validate, resolve, and cache DNS queries, configure the unbound DNS service. Additionally, unbound enhances security and has Domain Name System Security Extensions (DNSSEC) enabled by default.

3.1. Configuring Unbound as a caching DNS server
Link kopieren

To resolve and cache successful and failed lookup, and answer requests to the same records from its cache, configure the unbound DNS service.

Prerequisites

  • You have administrative privileges.

Procedure

  1. Install the unbound package: 

    # dnf install unbound
    Copy to Clipboard Toggle word wrap

  2. Edit the /etc/unbound/unbound.conf file, and make the following changes in the server clause:

    1. Add interface parameters to configure on which IP addresses the unbound service listens for queries, for example: 

      interface: 127.0.0.1
interface: 192.0.2.1
interface: 2001:db8:1::1
      Copy to Clipboard Toggle word wrap

      With these settings, unbound only listens on the specified IPv4 and IPv6 addresses.

      Limiting the interfaces to the required ones prevents clients from unauthorized networks, such as the internet, from sending queries to this DNS server.

    2. Add access-control parameters to configure from which subnets clients can query the DNS service, for example: 

      access-control: 127.0.0.0/8 allow
access-control: 192.0.2.0/24 allow
access-control: 2001:db8:1::/64 allow
      Copy to Clipboard Toggle word wrap

  3. Create private keys and certificates for remotely managing the unbound service: 

    # systemctl restart unbound-keygen
    Copy to Clipboard Toggle word wrap
    Note

    If you skip this step, verifying the configuration in the next step will report the missing files. However, the unbound service automatically creates the files if they are missing.

  4. Verify the configuration file: 

    # unbound-checkconf
    Copy to Clipboard Toggle word wrap 
    unbound-checkconf: no errors in /etc/unbound/unbound.conf
    Copy to Clipboard Toggle word wrap

  5. Update the firewalld rules to allow incoming DNS traffic: 

    # firewall-cmd --permanent --add-service=dns
# firewall-cmd --reload
    Copy to Clipboard Toggle word wrap

  6. Enable and start the unbound service: 

    # systemctl enable --now unbound
    Copy to Clipboard Toggle word wrap

Verification

  1. Query the unbound DNS server listening on the localhost interface to resolve a domain: 

    # dig @localhost www.example.com
    Copy to Clipboard Toggle word wrap 
    ...
__www.example.com.__    __86400__    IN    A    __198.51.100.34__

;; Query time: __330 msec__
...
    Copy to Clipboard Toggle word wrap

    After querying a record for the first time, unbound adds the entry to its cache.

  2. Repeat the last query: 

    # dig @localhost www.example.com
    Copy to Clipboard Toggle word wrap 
    ...
__www.example.com.__    __85332__    IN    A    __198.51.100.34__

;; Query time: __1 msec__
...
    Copy to Clipboard Toggle word wrap

    Because of the cached entry, further requests for the same record are significantly faster until the entry expires.

    For details, see unbound.conf(5) man page on your system.

Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2026 Red HatNach oben