Taxonomy: dns

DNS Caching and Forwarding with Unbound

This howto shows the steps needed to configure unbound for DNS caching and forwarding from the network. It assumes the server’s IP address is and is running RHEL/CentOS 7.


[root@rhce-server ~]# yum install unbound

Configure Systemd

[root@rhce-server ~]# systemctl enable unbound
ln -s '/usr/lib/systemd/system/unbound.service' '/etc/systemd/system/'
[root@rhce-server ~]# ^enable^start
systemctl start unbound

Configure the Firewall

[root@rhce-server ~]# firewall-cmd --add-service=dns
[root@rhce-server ~]# firewall-cmd --add-service=dns --permanent

Configure Unbound

Unbound’s configuration is stored in /etc/unbound/unbound.conf.

By default unbound only listens on the loopback interface. Specify which interface you would like to use.


Allow queries from

access-control: allow

Disable DNSSEC.

domain-insecure: *

Forward uncached requests to OpenDNS.

    name: *

Check Your Configuration

[root@rhce-server ~]# unbound-checkconf 
unbound-checkconf: no errors in /etc/unbound/unbound.conf

Restart the Unbound Service

[root@rhce-server ~]# systemctl restart unbound

Verify it is Working

Test from a different system on the network.

mooose:~ jglemza$ dig A @

; <<>> DiG 9.8.3-P1 <<>> A @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60299
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;          IN  A

;; ANSWER SECTION:       43200   IN  A

;; Query time: 234 msec
;; WHEN: Sat Mar 21 13:16:54 2015
;; MSG SIZE  rcvd: 42

Verify the record is now in unbound’s cache.

[root@rhce-server ~]# unbound-control dump_cache|grep   43197   IN  A   43197   IN  A   43197   IN  A   43197   IN  NS   43197   IN  NS
Read More

© 2018 Joshua Glemza