Introduction to Unbound

Unbound is a validating, recursive, and caching DNS resolver. It is designed as a set of modular components that incorporate modern features, such as enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver library API as an integral part of the architecture.

This package is known to build and work properly using an LFS-7.8 platform.

Package Information

Unbound Dependencies




libevent-2.0.22, Python-2.7.10, SWIG-3.0.7 (for Python bindings), Doxygen-1.8.10 (for html documentation), and dnstap

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/unbound

Installation of Unbound

There should be a dedicated user and group to take control of the unbound daemon after it is started. Issue the following commands as the root user:

groupadd -g 88 unbound &&
useradd -c "Unbound DNS resolver" -d /var/lib/unbound -u 88 \
        -g unbound -s /bin/false unbound

Install Unbound by running the following commands:

./configure --prefix=/usr     \
            --sysconfdir=/etc \
            --disable-static  \
            --with-pidfile=/run/unbound.pid &&

If you have Doxygen-1.8.10 package installed and want to build html documentation, run the following command:

make doc

To test the results, issue make check.

Now, as the root user:

make install &&
mv -v /usr/sbin/unbound-host /usr/bin/

If you built html documentation, install it by running the following commands as the root user:

install -v -m755 -d /usr/share/doc/unbound-1.5.4 &&
install -v -m644 doc/html/* /usr/share/doc/unbound-1.5.4

Command Explanations

--disable-static: This switch prevents installation of static versions of the libraries.

--with-libevent: This option enables libevent support allowing use of large outgoing port ranges.

--with-pyunbound: This option enables building of the Python bindings.

Configuring Unbound

Config Files


Configuration Information

In the default configuration, unbound will bind to localhost ( IP address) and allow recursive queries only from localhost clients. If you want to use unbound for local DNS resolution, run the following command as the root user:

echo "nameserver" > /etc/resolv.conf

If you are using a DHCP client for connecting to a network, /etc/resolv.conf gets overwritten with values provided by DHCP server. You can override this, for example in DHCP-4.3.3, by running the following command as the root user:

sed -i '/request /i\supersede domain-name-servers;' \

For advanced configuration see /etc/unbound/unbound.conf file and the documentation.

When Unbound is installed, some package builds fail if the file /etc/unbound/root.key is not found. This file is created by running the boot script (install instructions below). Alternatively, it can be created by running the following command as the root user:


Boot Script

If you want the Unbound server to start automatically when the system is booted, install the /etc/rc.d/init.d/unbound init script included in the blfs-bootscripts-20150924 package.

make install-unbound


Installed Programs: unbound, unbound-anchor, unbound-checkconf, unbound-control, unbound-control-setup, and unbound-host
Installed Library: libunbound.so and (optional) /usr/lib/python2.7/site-packages/_unbound.so
Installed Directories: /etc/unbound and /usr/share/doc/unbound-1.5.4

Short Descriptions


is a DNS resolver daemon.


performs setup or update of the root trust anchor for DNSSEC validation.


checks unbound configuration file for syntax and other errors.


performs remote administration on the unbound DNS resolver.


generates self-signed certificate and private keys for the server and client.


is a DNS lookup utility similar to host from BIND Utilities-9.10.3.


provides the Unbound API functions to programs.

Last updated on 2015-09-25 16:41:53 -0500