unbound
quelle: https://calomel.org/unbound_dns.html
setup
anschalten:
# sysrc local_unbound_enable=YES
# local_unbound_enable: NO -> YES
starten:
# service local_unbound start
Performing initial setup.
Extracting forwarders from /etc/resolv.conf.
/var/unbound/forward.conf created
/var/unbound/lan-zones.conf created
/var/unbound/control.conf created
/var/unbound/unbound.conf created
original /etc/resolvconf.conf saved as /etc/resolvconf.conf.20180513.142650
original /etc/resolv.conf saved as /etc/resolv.conf.20180513.142650
Starting local_unbound.
erster Test
# drill google.com @::1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 58074
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com. IN A
;; ANSWER SECTION:
google.com. 264 IN A 172.217.23.174
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 14 msec
;; SERVER: ::1
;; WHEN: Sun May 13 14:36:19 2018
;; MSG SIZE rcvd: 44
root.hints laden
# curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
Adblock-liste laden
# curl -sS -L --compressed "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext" > /etc/unbound/conf.d/unbound_ad_servers
/etc/unbound/conf.d/unbound-local.conf
## Simple recursive caching DNS, UDP port 53
## unbound.conf -- https://calomel.org
#
server:
verbosity: 1
interface: 0.0.0.0
interface: ::0
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 192.168.0.0/16 allow
### alle zulassen
# access-control: 0.0.0.0/0 allow
# access-control: ::0/0 allow
root-hints: "/var/unbound/root.hints"
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes
cache-max-ttl: 86400
cache-min-ttl: 3600
prefetch: yes
num-threads: 1
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
rrset-cache-size: 256m
msg-cache-size: 128m
so-rcvbuf: 1m
unwanted-reply-threshold: 10000
val-clean-additional: yes
minimal-responses: yes
qname-minimisation: yes
rrset-roundrobin: yes
include: /etc/unbound/conf.d/unbound_ad_servers
include: /etc/unbound/conf.d/unbound_meine_haters
forward-zone:
name: "."
forward-addr: 84.200.69.80 # DNS Watch
forward-addr: 84.200.70.40 # DNS Watch
forward-addr: 77.109.148.136 # Xiala.net
forward-addr: 77.109.148.137 # Xiala.net
forward-addr: 91.239.100.100 # censurfridns.dk
forward-addr: 89.233.43.71 # censurfridns.dk