Introduction to Unbound
Unbound is a validating,
recursive, and caching DNS resolver. It is designed as a set of
modular components that incorporate modern features, such as
enhanced security (DNSSEC) validation, Internet Protocol Version 6
(IPv6), and a client resolver library API as an integral part of
This package is known to build and work properly using an LFS-7.10
Python-2.7.12, SWIG-3.0.10 (for
Python bindings), Doxygen-1.8.12 (for html documentation),
Sphinx (for Python
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/unbound
Installation of Unbound
There should be a dedicated user and group to take control of the
unbound daemon after
it is started. Issue the following commands as the
groupadd -g 88 unbound &&
useradd -c "Unbound DNS resolver" -d /var/lib/unbound -u 88 \
-g unbound -s /bin/false unbound
Install Unbound by running the
./configure --prefix=/usr \
If you have Doxygen-1.8.12 package installed and want to
build html documentation, run the following command:
To test the results, issue make
Now, as the
make install &&
mv -v /usr/sbin/unbound-host /usr/bin/
If you built html documentation, install it by running the
following commands as the
install -v -m755 -d /usr/share/doc/unbound-1.5.9 &&
install -v -m644 doc/html/* /usr/share/doc/unbound-1.5.9
switch prevents installation of static versions of the libraries.
--with-libevent: This option enables
libevent support allowing use of large outgoing port ranges.
--with-pyunbound: This option enables
building of the Python bindings.
In the default configuration, unbound will bind to localhost
(127.0.0.1 IP address) and allow recursive queries only from
localhost clients. If you want to use unbound for local DNS
resolution, run the following command as the
echo "nameserver 127.0.0.1" > /etc/resolv.conf
If you are using a DHCP client for connecting to a network,
/etc/resolv.conf gets overwritten
with values provided by DHCP server. You can override this, for
example in DHCP-4.3.4, by running the following command as
sed -i '/request /i\supersede domain-name-servers 127.0.0.1;' \
For advanced configuration see
/etc/unbound/unbound.conf file and the
When Unbound is installed, some
package builds fail if the file
/etc/unbound/root.key is not found. This file
is created by running the boot script (install instructions
below). Alternatively, it can be created by running the following
command as the
If you want the Unbound server
to start automatically when the system is booted, install the
included in the blfs-systemd-units-20160602 package.
unbound-checkconf, unbound-control, unbound-control-setup, and
libunbound.so and (optional)
is a DNS resolver daemon.
performs setup or update of the root trust anchor for
checks unbound configuration
file for syntax and other errors.
performs remote administration on the unbound DNS resolver.
generates self-signed certificate and private keys for
the server and client.
is a DNS lookup utility similar to host from BIND Utilities-9.10.4-P2.
provides the Unbound API
functions to programs.
Last updated on 2016-09-04 16:02:14 -0500