Introduction to Unbound
Unbound is a validating, recursive, and caching DNS resolver. It is designed as a set of modular components that incorporate modern features, such as enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver library API as an integral part of the architecture.
Note
Development versions of BLFS may not build or run some packages properly if LFS or dependencies have been updated since the most recent stable versions of the books.
Package Information
-
Download (HTTP): https://nlnetlabs.nl/downloads/unbound/unbound-1.19.0.tar.gz
-
Download MD5 sum: 1a8c4a4bca75eadc03e21d43089ef1ee
-
Download size: 6.0 MB
-
Estimated disk space required: 143 MB (with docs; add 11 MB for tests)
-
Estimated build time: 0.3 SBU (Using parallelism=4; with docs; add 0.4 SBU for tests)
Unbound Dependencies
Optional
libevent-2.1.12, Nettle-3.9.1, Python-2.7.18, sphinx-7.2.6 (for Python bindings documentation), SWIG-4.2.0 (for Python bindings), Doxygen-1.10.0 (for html documentation), and dnstap
Installation of Unbound
There should be a dedicated user and group to take control of the unbound daemon after it is started. Issue the following commands as the root
user:
groupadd -g 88 unbound &&
useradd -c "Unbound DNS Resolver" -d /var/lib/unbound -u 88 \
-g unbound -s /bin/false unbound
Install Unbound by running the following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--disable-static \
--with-pidfile=/run/unbound.pid &&
make
If you have Doxygen-1.10.0 package installed and want to build html documentation, run the following command:
make doc
To test the results, issue make check.
Now, as the root
user:
make install &&
mv -v /usr/sbin/unbound-host /usr/bin/
If you built the documentation, install it by running the following commands as the root
user:
install -v -m755 -d /usr/share/doc/unbound-1.19.0 &&
install -v -m644 doc/html/* /usr/share/doc/unbound-1.19.0
Command Explanations
--disable-static
: This switch prevents installation of static versions of the libraries.
--with-libevent
: This option enables libevent support allowing use of large outgoing port ranges.
--with-pyunbound
: This option enables building of the Python bindings.
Configuring Unbound
Config Files
/etc/unbound/unbound.conf
Configuration Information
In the default configuration, unbound will bind to localhost (127.0.0.1 IP address) and allow recursive queries only from localhost clients. If you want to use unbound for local DNS resolution, run the following command as the root
user:
echo "nameserver 127.0.0.1" > /etc/resolv.conf
For advanced configuration see /etc/unbound/unbound.conf
file and the documentation.
When Unbound is installed, some package builds fail if the file /etc/unbound/root.key
is not found. This file is created by running the boot script (install instructions below). Alternatively, it can be created by running the following command as the root
user:
unbound-anchor
Boot Script
If you want the Unbound server to start automatically when the system is booted, install the /etc/rc.d/init.d/unbound
init script included in the blfs-bootscripts-20231119 package:
make install-unbound