Welcome To Tutorial Linux / Unix Blog's

Monday, March 5, 2012

unbound compile on Ubuntu / Debian (Linux)

unbound is a recursive caching DNS resolver. It is in the Linux area, "state-of-the-art" to either a public DNS resolver to operate, or to use it as an internal DNS resolver to resolve their own servers to independent providers of domain names.
It was written in C and is particularly stable, fast and easy to use. It supports inter alia following features:
  • Plugin for Munin
  • Manage their own local areas
  • Supports "prefetching" (similar to Google's DNS, that will expire before the TTL of a record is requested by the daemon in the background of this so the client does not wait more)
Since unbound at very early stage of development, and in the DNA area (perhaps because of DNSSEC or other security features) is currently doing a lot, it is highly recommended unbound prefer to compile itself, rather than relying on the Debian / Ubuntu repositories.

1)  install the required packages

# apt-get install make gcc libssl-dev libevent-dev libexpat1-dev libldns-dev

2) Compile

# cd /usr/src
# wget http://www.unbound.net/downloads/unbound-1.4.16.tar.gz
# tar xvfz unbound-1.4.16.tar.gz
# cd unbound-1.4.16
# ./configure \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--with-conf-file=/etc/unbound/unbound.conf \
--with-libevent \
--with-ldns \
--with-ssl
(optional, wenn OpenSSL Version
# make && make install

3) Konfiguration

# nano /etc/unbound/unbound.conf

server:
 verbosity: 0

 # don't thread
 num-threads: 1

 interface: 127.0.0.1
 interface: 192.168.2.1

 do-ip4: yes
 do-ip6: yes
 do-udp: yes
 do-tcp: yes
 do-daemonize: yes

 access-control: 192.168.2.0/24 allow

 pidfile: "/var/run/unbound.pid"
 username: nobody

 # file to read root hints from.
 # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
 root-hints: "/etc/unbound/named.cache"

 hide-identity: yes
 hide-version: yes

 # optimisations for high traffic (ist für 1GB RAM Auslegung optimiert, entsprechend anpassen)
 rrset-cache-size: 512m
 msg-cache-size: 256m
 outgoing-range: 8192
 num-queries-per-thread: 4096
 so-rcvbuf: 4m
 so-sndbuf: 4m

 # optimisations for client speed (google-dns wannabe)
 prefetch: yes
 prefetch-key: yes

 # Harden against very small EDNS buffer sizes.
 harden-short-bufsize: yes
 # Harden against unseemly large queries.
 harden-large-queries: yes
 # Harden against out of zone rrsets, to avoid spoofing attempts.
 harden-glue: yes

 # A suggested value is 10000000, the default is 0 (turned off).
 unwanted-reply-threshold: 10000000

4) Start

# unbound



Posted by Admin at 4:36 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)