Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 2. Setting up an unbound DNS server

The unbound DNS server is a validating, recursive, and caching DNS resolver. Additionally, unbound focuses on security and has, for example, Domain Name System Security Extensions (DNSSEC) enabled by default.

2.1. Configuring Unbound as a caching DNS server
Copia collegamento

By default, the unbound DNS service resolves and caches successful and failed lookups. The service then answers requests to the same records from its cache.

Procedure

  1. Install the unbound package: 

    # dnf install unbound
    Copy to Clipboard Toggle word wrap

  2. Edit the /etc/unbound/unbound.conf file, and make the following changes in the server clause:

    1. Add interface parameters to configure on which IP addresses the unbound service listens for queries, for example: 

      interface: 127.0.0.1
interface: 192.0.2.1
interface: 2001:db8:1::1
      Copy to Clipboard Toggle word wrap

      With these settings, unbound only listens on the specified IPv4 and IPv6 addresses.

      Limiting the interfaces to the required ones prevents clients from unauthorized networks, such as the internet, from sending queries to this DNS server.

    2. Add access-control parameters to configure from which subnets clients can query the DNS service, for example: 

      access-control: 127.0.0.0/8 allow
access-control: 192.0.2.0/24 allow
access-control: 2001:db8:1::/64 allow
      Copy to Clipboard Toggle word wrap

  3. Create private keys and certificates for remotely managing the unbound service: 

    # systemctl restart unbound-keygen
    Copy to Clipboard Toggle word wrap

    If you skip this step, verifying the configuration in the next step will report the missing files. However, the unbound service automatically creates the files if they are missing.

  4. Verify the configuration file: 

    # unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf
    Copy to Clipboard Toggle word wrap

  5. Update the firewalld rules to allow incoming DNS traffic: 

    # firewall-cmd --permanent --add-service=dns
# firewall-cmd --reload
    Copy to Clipboard Toggle word wrap

  6. Enable and start the unbound service: 

    # systemctl enable --now unbound
    Copy to Clipboard Toggle word wrap

Verification

  1. Query the unbound DNS server listening on the localhost interface to resolve a domain: 

    # dig @localhost www.example.com
...
www.example.com.    86400    IN    A    198.51.100.34

;; Query time: 330 msec
...
    Copy to Clipboard Toggle word wrap

    After querying a record for the first time, unbound adds the entry to its cache.

  2. Repeat the previous query: 

    # dig @localhost www.example.com
...
www.example.com.    85332    IN    A    198.51.100.34

;; Query time: 1 msec
...
    Copy to Clipboard Toggle word wrap

    Because of the cached entry, further requests for the same record are significantly faster until the entry expires.

Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat