DNS Set-up: Unbound for local DNS resolution on Ubuntu 10.4
* 1) Do I even require Unbound for local DNS resolution given my DNS set-up?
2) How do I install and configure Unbound?</list>
In a separate post I am seeking guidance on how to configure my DNS set-up, Ubuntu 10.4, NSD, GoDaddy, twisted4life.com. If you have any knowledge of or interest in this configuration, please visit the above link.
Given my desired DNS set-up, do I require Unbound for local DNS resolution?
NSD only offers authoritative DNS with no recursion, while Unbound provides recursive DNS resolution and caching services. It is supposedly ideal for deployments that require only a simple resolving service, which is what I think is all I require.
Unfortunately I have not found Unbound's promise of easy installation and configuration to be true. Here is the Linode tutorial for Unbound:
After installing Unbound, I restarted Unbound.
/etc/init.d/unbound restart
The following appeared on the screen:
* Restarting recursive DNS server unbound
[1282644471] unbound[1951:0] error: bind: address already in use
[1282644471] unbound[1951:0] fatal error: could not open ports
...fail!
At this point I am not sure if this is something related to the Unbound configuration, or something more fundamental. Have you any ideas?
I proceeded forward.
(1) Configure the Unbound interfaces link. Here follows my current state of unbound.conf.
File excerpt: /etc/unbound/unbound.conf
server:
interface: [Linode IP address]
Possible interfaces include the public interface or the private networking interface. I believe the Linode IP address represents the public interface. I am not sure I even have a private network address in my basic configuration. Do I? Is this configuration for unbound acceptable?
(2) Control access to your Unbound instance link.
Unbound must be configured to listen for requests on a given interface, and be configured to allow requests from a given IP address before it can successfully provide DNS services.
Insert lines into the unbound.conf file, following the server: directive. Referring to my first link to my other post, note the following: 202.157.182.142 is my secondary nameserver, ns1.twisted4life.com, and 74.207.241.5 is my primary nameserver, ns1.linode.com.
Here is the current state of my file.
File excerpt: /etc/unbound/unbound.conf
server:
access-control: 202.157.182.142/32 allow
access-control: 74.207.241.5/32 allow
Unfortunately restarting Unbound produced the same two errors as before.
The following appeared on the screen:
* Restarting recursive DNS server unbound
[1282644471] unbound[1951:0] error: bind: address already in use
[1282644471] unbound[1951:0] fatal error: could not open ports
...fail!
(3) Finally configure your system to resolve DNS using your Unbound instance link.
Before you can begin using your Unbound instance to resolve DNS queries, you need to configure your /etc/resolv.conf file to point to the new resolver.
To do this you can remove all existing lines from this file or comment them by prepending hash marks (e.g. #) to every line. Because the above does not seem to be working, I have left my file as is.
While it is inconsistent with my use of the twisted4life secondary nameserver, it currently looks like this:
nameserver 74.207.241.5
nameserver 74.207.242.5
domain members.linode.com
search members.linode.com
Assuming I will be accessing the Unbound instance over the local interface, I should edit /etc/resolv.conf to resembles the following:
File: /etc/resolv.conf
nameserver 127.0.0.1
Any feedback or guidance would be greatly appreciated.
Thanks.
2 Replies
@feldmand:
Any feedback or guidance would be greatly appreciated.
Thanks.
Unless you really have a compelling reason to run your own resolver, I would just use your Linode's resolvers, typically in /etc/resolv.conf and on the "Network" tab of your "Linode Manager" and forget unbound.
–
Travis
@Travis:
Unless you really have a compelling reason to run your own resolver, I would just use your Linode's resolvers, typically in /etc/resolv.conf and on the "Network" tab of your "Linode Manager" and forget unbound.
Thanks for the good advice. This more or less confirms my current direction -