Introduction to Unbound
Unbound is a validating,
recursive, and caching DNS resolver. It is designed as a set of
modular components that incorporate modern features, such as
enhanced security (DNSSEC) validation, Internet Protocol Version 6
(IPv6), and a client resolver library API as an integral part of
This package is known to build and work properly using an LFS-7.5
Download (HTTP): http://www.unbound.net/downloads/unbound-1.4.22.tar.gz
Download MD5 sum: 59728c74fef8783f8bad1d7451eba97f
Download size: 4.6 MB
Estimated disk space required: 42 MB (additional 70 MB for
docs and 5 MB for tests)
Estimated build time: 0.6 SBU (additional less than 0.1 SBU
for docs and 0.2 SBU for tests)
ldns-1.6.17 and OpenSSL-1.0.1i
SWIG-3.0.2 (for Python bindings), and Doxygen-1.8.8 (for html documentation)
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/unbound
Installation of Unbound
There should be a dedicated user and group to take control of the
unbound daemon after
it is started. Issue the following commands as the
groupadd -g 88 unbound &&
useradd -c "Unbound DNS resolver" -d /var/lib/unbound -u 88 \
-g unbound -s /bin/false unbound
Install Unbound by running the
./configure --prefix=/usr \
If you have Doxygen-1.8.8 package installed and want to
build html documentation, run the following command:
To test the results, issue make
Now, as the
make install &&
mv -v /usr/sbin/unbound-host /usr/bin/
If you built html documentation, install it by running the
following commands as the
install -v -m755 -d /usr/share/doc/unbound-1.4.22 &&
install -v -m644 doc/html/* /usr/share/doc/unbound-1.4.22
switch prevents installation of static versions of the libraries.
--with-libevent: This option enables
libevent support allowing use of large outgoing port ranges.
--with-pyunbound: This option enables
building of the Python bindings.
In the default configuration, unbound will bind to localhost
(127.0.0.1 IP address) and allow recursive queries only from
localhost clients. If you want to use unbound for local DNS
resolution, run the following command as the
echo "nameserver 127.0.0.1" > /etc/resolv.conf
If you are using a DHCP client for connecting to a network,
/etc/resolv.conf gets overwritten
with values provided by DHCP server. You can override this, for
example in DHCP-4.3.1, by running the following command:
sed -i '/request /i\supersede domain-name-servers 127.0.0.1;' \
For advanced configuration see
/etc/unbound/unbound.conf file and the
If you want the Unbound server
to start automatically when the system is booted, install the
script included in the blfs-bootscripts-20140911 package.
unbound-checkconf, unbound-control, unbound-control-setup, and
is a DNS resolver daemon.
performs setup or update of the root trust anchor for
checks unbound configuration
file for syntax and other errors.
performs remote administration on the unbound DNS resolver.
generates self-signed certificate and private keys for
the server and client.
is a DNS lookup utility similar to host from BIND Utilities-9.10.0-P2.
provides the Unbound API
functions to programs.
Last updated on 2013-07-21 21:06:50 +0200