Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update unbound.md #270

Merged
merged 3 commits into from Apr 19, 2020
Merged

Update unbound.md #270

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
eb92fe1
Update unbound.md
dermoth Feb 28, 2020
aa2c183
Merge branch 'master' into master
XhmikosR Apr 15, 2020
f5e8b7d
Merge branch 'master' into master
dschaper Apr 19, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
17 changes: 11 additions & 6 deletions docs/guides/unbound.md
View file
Open in desktop
Expand Up @@ -68,7 +68,7 @@ sudo mv root.hints /var/lib/unbound/

Highlights:

- Listen only for queries from the local Pi-hole installation (on port 5353)
- Listen only for queries from the local Pi-hole installation (on port 5335)
- Listen for both UDP and TCP requests
- Verify DNSSEC signatures, discarding BOGUS domains
- Apply a few security and privacy tricks
Expand All @@ -81,14 +81,19 @@ server:
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0

port: 5353
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes

# May be set to yes if you have IPv6 connectivity
do-ip6: no

# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no

# Use this only when you downloaded the list of primary root servers!
root-hints: "/var/lib/unbound/root.hints"

Expand Down Expand Up @@ -129,7 +134,7 @@ Start your local recursive server and test that it's operational:

```bash
sudo service unbound start
dig pi-hole.net @127.0.0.1 -p 5353
dig pi-hole.net @127.0.0.1 -p 5335
```

The first query may be quite slow, but subsequent queries, also to other domains under the same TLD, should be fairly quick.
Expand All @@ -139,8 +144,8 @@ The first query may be quite slow, but subsequent queries, also to other domains
You can test DNSSEC validation using

```bash
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5353
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5353
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335
```

The first command should give a status report of `SERVFAIL` and no IP address. The second should give `NOERROR` plus an IP address.
Expand All @@ -149,6 +154,6 @@ The first command should give a status report of `SERVFAIL` and no IP address. T

Finally, configure Pi-hole to use your recursive DNS server by specifying `127.0.0.1#5353` as the Custom DNS (IPv4):

![screenshot at 2018-04-18](../images/RecursiveResolver.png)
![Upstream DNS Servers Configuration](../images/RecursiveResolver.png)

(don't forget to hit Return or click on `Save`)
Binary file modified docs/images/RecursiveResolver.png
View file
Open in desktop
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.