Introduction to Unbound
Unbound is a validating, recursive, and caching
DNS resolver. It is designed as a set of modular components that
incorporate modern features, such as enhanced security (DNSSEC)
validation, Internet Protocol Version 6 (IPv6), and a client resolver
library API as an integral part of the architecture.
![[Note]](../images/note.png)
Note
Development versions of BLFS may not build or run
some packages properly if LFS or dependencies have been updated
since the most recent stable versions of the books.
Package Information
Download (HTTP): https://nlnetlabs.nl/downloads/unbound/unbound-1.19.0.tar.gz
Download MD5 sum: 1a8c4a4bca75eadc03e21d43089ef1ee
Download size: 6.0 MB
Estimated disk space required: 143 MB (with docs; add 11 MB for tests)
Estimated build time: 0.3 SBU (Using parallelism=4; with docs; add 0.4 SBU for tests)
Unbound Dependencies
Optional
libevent-2.1.12,
Nettle-3.9.1,
Python-2.7.18,
sphinx-7.2.6 (for Python bindings documentation),
SWIG-4.1.1 (for Python bindings),
Doxygen-1.9.8 (for html documentation), and
dnstap
Installation of Unbound
There should be a dedicated user and group to take control of the
unbound daemon after it is started. Issue the following
commands as the root user:
groupadd -g 88 unbound &&
useradd -c "Unbound DNS Resolver" -d /var/lib/unbound -u 88 \
-g unbound -s /bin/false unbound
Install Unbound by running the following
commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--disable-static \
--with-pidfile=/run/unbound.pid &&
make
If you have Doxygen-1.9.8 package installed and want to build
html documentation, run the following command:
make doc
To test the results, issue make check.
Now, as the root user:
make install &&
mv -v /usr/sbin/unbound-host /usr/bin/
If you built the documentation, install it by running the following
commands as the root user:
install -v -m755 -d /usr/share/doc/unbound-1.19.0 &&
install -v -m644 doc/html/* /usr/share/doc/unbound-1.19.0
Command Explanations
--disable-static: This switch prevents
installation of static versions of the libraries.
--with-libevent: This option enables libevent support
allowing use of large outgoing port ranges.
--with-pyunbound: This option enables building of the Python
bindings.
Configuring Unbound
Config Files
/etc/unbound/unbound.conf
Configuration Information
In the default configuration, unbound will bind to
localhost (127.0.0.1 IP address) and allow recursive queries only from
localhost clients. If you want to use unbound for
local DNS resolution, run the following command as the
root user:
echo "nameserver 127.0.0.1" > /etc/resolv.conf
For advanced configuration see
/etc/unbound/unbound.conf file and the
documentation.
When Unbound is installed, some package
builds fail if the file /etc/unbound/root.key is
not found. Create this file by running the following command as the
root user:
unbound-anchor
Systemd Unit
If you want the Unbound server to
start automatically when the system is booted, install the
unbound.service
unit included
in the
blfs-systemd-units-20230816 package:
make install-unbound