{"id":6474,"date":"2021-05-25T18:05:33","date_gmt":"2021-05-25T18:05:33","guid":{"rendered":"https:\/\/linuxways.net\/?p=6474"},"modified":"2021-05-25T18:05:33","modified_gmt":"2021-05-25T18:05:33","slug":"how-to-install-and-use-unbound-in-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/ubuntu\/how-to-install-and-use-unbound-in-ubuntu-20-04\/","title":{"rendered":"How to Install and Use Unbound in Ubuntu 20.04"},"content":{"rendered":"

Unbound is a recursive, validating, very secure, and DNS caching server which is distributed free of charge under the BSD license. Unbound supports DNS-over-TLS and DNS-over-HTTPS to increase online privacy by allowing clients to encrypt their connection. Depending on your network configuration, Unbound can support both IPV4 and IPV6. The installation and configuration of Unbound in Linux distributions is quite simple and straightforward. The Unbound package is available in most modern OS\u2019s including CentOS, Ubuntu, Fedora. Companies that use their own domain to serve applications or websites internally can utilize unbound as a DNS server. In this article, we will learn how to install and configure a Unbound <\/strong>server in Ubuntu 20.04.<\/p>\n

Installation<\/h2>\n

Installation of Unbound name resolution server in Ubuntu 20.04 is very simple and easy. Run the following command to install the package<\/p>\n

$ sudo apt install unbound -y<\/pre>\n
Output:<\/p>\n
<\/p>\n
Also, run the following command to install additional packages which we will use to check the DNS server configurations<\/p>\n
$ sudo apt install bind-utils net-tools -y<\/pre>\n
After the installation is completed, the contents of the configuration file can be found by using the command:<\/p>\n
$ cat \/etc\/unbound\/unbound.conf<\/pre>\n
Output :<\/p>\n
<\/p>\n
The output shows that from the unbound.conf.d directory all the .conf files will be loaded.<\/p>\n
Lets create a new configuration file under the directory \/etc\/unbound\/unbound.conf.d<\/strong> directory. In this example I have created an unbound_test.conf<\/strong> file. You can have your own assumption.<\/p>\n
Open the file using the text editor and add the following sample configuration. You can modify the parameters accordingly.<\/p>\n
$ sudo nano \/etc\/unbound\/unbound.conf.d\/unbound_test.conf<\/pre>\n
server:\r\n\r\nport: 53\r\n\r\nverbosity: 0\r\n\r\nnum-threads: 2\r\n\r\noutgoing-range: 512\r\n\r\nnum-queries-per-thread: 1024\r\n\r\nmsg-cache-size: 32m\r\n\r\ninterface: 127.0.0.1\r\n\r\ninterface: 192.168.5.5\r\n\r\nrrset-cache-size: 64m\r\n\r\ncache-max-ttl: 86400\r\n\r\ninfra-host-ttl: 60\r\n\r\ninfra-lame-ttl: 120\r\n\r\noutgoing-interface: 192.168.0.2\r\n\r\naccess-control: 127.0.0.0\/8 allow\r\n\r\naccess-control: 192.168.5.0\/24 allow\r\n\r\nusername: unbound\r\n\r\ndirectory: \"\/etc\/unbound\"\r\n\r\nlogfile: \"\/var\/log\/unbound.log\"\r\n\r\nuse-syslog: no\r\n\r\nhide-version: yes\r\n\r\nso-rcvbuf: 4m\r\n\r\nso-sndbuf: 4m\r\n\r\ndo-ip4: yes\r\n\r\ndo-ip6: no\r\n\r\ndo-udp: yes\r\n\r\ndo-tcp: yes<\/pre>\n
Now create a log file and assign permission to write logs\r\n\r\n$ sudo touch \/var\/log\/unbound.log<\/pre>\n
$ sudo chown unbound:unbound \/var\/log\/unbound.log<\/pre>\n
Restart the Unbound service the load the configuration<\/p>\n
$ sudo service unbound restart<\/pre>\n
Use the following command to enable to service<\/p>\n
$ sudo service unbound enable<\/pre>\n
Check if the unbound service is running or not using the command:<\/p>\n
$ sudo service unbound status<\/pre>\n
output :<\/p>\n
<\/p>\n
Run the following command to check in which port unbound is listening to<\/p>\n
$ sudo netstat -anlpt | grep LIST<\/pre>\n
Output:<\/p>\n
<\/p>\n
The output shows that the Unbound service is listening on port 53 to accept the requests.<\/p>\n
Configuration file explained:<\/strong><\/p>\n
port<\/strong> : Listening port for Unbound<\/p>\n
hide-version<\/strong> : Do not display the version of unbound<\/p>\n
use-syslog<\/strong> : specify if you want to write logs in syslog<\/p>\n
username<\/strong> : User, under which unbound runs<\/p>\n
verbosity<\/strong> : Log level which ranges from 0 to 4 and 4 is debug log level<\/p>\n
interface<\/strong>: Interfaces in which unbound requests will be listened to<\/p>\n
outgoing interface<\/strong> : Interface through which internet comes<\/p>\n
num-threads<\/strong> : Number of threads , recommended to specify equal number of processor core<\/p>\n
Open the DNS port in the firewall.<\/h3>\n
Once the configuration file is created, you need to open a DNS port to allow your local LAN clients to connect to your Unbound cache-only DNS server.<\/p>\n
$ sudo ufw allow from any to any port 53 proto tcp<\/pre>\n
$ sudo ufw allow from any to any port 53 proto udp<\/pre>\n
To check the firewall rule run the following command<\/p>\n
$ sudo ufw status<\/pre>\n
Output :<\/p>\n
<\/p>\n
Now we have come to the final point to test our new Unbound DNS server. For testing we can use the dig<\/strong> command which comes with the previously installed package bind-utils<\/strong>. Perform some DNS queries in the actual DNS server. For this example, I have queried kernel.org for testing. You can have your own assumption.<\/p>\n
$ dig kernel.org @localhost<\/pre>\n
Output:<\/p>\n
<\/p>\n
The response time is 4 msec in the first query. Since we have configured the Unbound DNS server, the query is now cached . To verify the dns cache, run the following query with the same domain name.<\/p>\n
$ dig kernel.org @localhost<\/pre>\n
<\/p>\n
Now you can find that the query time is 0 msec.<\/p>\n
If you want to test the Unbound DNS server\u2019s configuration from LAN clients, query the DNS response pointing to the Unbound DNS server\u2019s IP. (In my case my Unbound DNS server IP is 192.168.178.130)<\/p>\n
$ dig kernel.org @192.168.178.130<\/pre>\n
<\/p>\n
Optimization<\/h2>\n
The default configuration of Unbound works fine for limited users but in case there is a large number of users to be provided service then certain optimization needs to be made. Here are some optimization options which you can implement to get high performance.<\/p>\n
num-threads: <\/strong>Put the equal number of CPU cores on the system, for example, put the value 4 for 2 CPUs with 2 cores each.<\/p>\n
so-reuseport: yes <\/strong>In linux, this helps to improve UDP performance<\/p>\n
outgoing-range<\/strong>: You can set the value large as possible depending on the number of cores.<\/p>\n
so-sndbuf: <\/strong>This value can be set to a larger value 4m or 8m for a busy server.<\/p>\n
For more details you can take reference from<\/p>\n
https:\/\/nlnetlabs.nl\/documentation\/unbound\/howto-optimise\/<\/p>\n
Conclusion<\/h2>\n
In the article, we have covered how to install and configure the Unbound name resolution server in Ubuntu with basic configuration. Certain tests have been performed using the dig command to check the configuration of the Unbound server. Also, we have learned about how to query DNS responses from the local LAN client using the Unbound server\u2019s IP. Any feedback and suggestions will be highly appreciated.<\/p>","protected":false},"excerpt":{"rendered":"
Unbound is a recursive, validating, very secure, and DNS caching server which is distributed free of charge under the BSD license. Unbound supports DNS-over-TLS and DNS-over-HTTPS to increase…<\/p>","protected":false},"author":1,"featured_media":6541,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[100,336],"class_list":["post-6474","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu","tag-ubuntu-20-04","tag-unbound"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/6474","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=6474"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/6474\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/6541"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=6474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=6474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=6474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}