xv4_de

unbound

quelle: https://calomel.org/unbound_dns.html

setup

anschalten:

# sysrc local_unbound_enable=YES
# local_unbound_enable: NO -> YES

starten:

# service local_unbound start
Performing initial setup.
Extracting forwarders from /etc/resolv.conf.
/var/unbound/forward.conf created
/var/unbound/lan-zones.conf created
/var/unbound/control.conf created
/var/unbound/unbound.conf created
original /etc/resolvconf.conf saved as /etc/resolvconf.conf.20180513.142650
original /etc/resolv.conf saved as /etc/resolv.conf.20180513.142650
Starting local_unbound.

erster Test

# drill google.com @::1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 58074
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; google.com.  IN  A

;; ANSWER SECTION:
google.com. 264 IN  A   172.217.23.174

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 14 msec
;; SERVER: ::1
;; WHEN: Sun May 13 14:36:19 2018
;; MSG SIZE  rcvd: 44

root.hints laden

# curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache

Adblock-liste laden

# curl -sS -L --compressed "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext" > /etc/unbound/conf.d/unbound_ad_servers

/etc/unbound/conf.d/unbound-local.conf

## Simple recursive caching DNS, UDP port 53
## unbound.conf -- https://calomel.org
#
server:
   verbosity: 1
   interface: 0.0.0.0
   interface: ::0
   port: 53
   do-ip4: yes
   do-ip6: no
   do-udp: yes
   do-tcp: yes

   access-control: 10.0.0.0/8 allow
   access-control: 127.0.0.0/8 allow
   access-control: 192.168.0.0/16 allow
   ### alle zulassen
   # access-control: 0.0.0.0/0 allow
   # access-control: ::0/0 allow

   root-hints: "/var/unbound/root.hints"

   hide-identity: yes
   hide-version: yes
   harden-glue: yes
   harden-dnssec-stripped: yes
   use-caps-for-id: yes
   cache-max-ttl: 86400
   cache-min-ttl: 3600
   prefetch: yes
   num-threads: 1
   msg-cache-slabs: 8
   rrset-cache-slabs: 8
   infra-cache-slabs: 8
   key-cache-slabs: 8
   rrset-cache-size: 256m
   msg-cache-size: 128m
   so-rcvbuf: 1m

   unwanted-reply-threshold: 10000
   val-clean-additional: yes

   minimal-responses: yes

   qname-minimisation: yes
   rrset-roundrobin: yes



include: /etc/unbound/conf.d/unbound_ad_servers
include: /etc/unbound/conf.d/unbound_meine_haters

forward-zone:
    name: "."
    forward-addr: 84.200.69.80   # DNS Watch
    forward-addr: 84.200.70.40   # DNS Watch
    forward-addr: 77.109.148.136 # Xiala.net
    forward-addr: 77.109.148.137 # Xiala.net
    forward-addr: 91.239.100.100 # censurfridns.dk
    forward-addr: 89.233.43.71   # censurfridns.dk
letsencrypt vnstat