Categories:

Ubuntu 18.04 compile unbound dns

First step download and make install

apt update && apt install unbound libevent-dev openssl

wget http://www.unbound.net/downloads/unbound-latest.tar.gz
tar -xvf unbound*
cd unbound-1.*/

./configure --with-libevent --enable-dnscrypt --prefix=/usr --sysconfdir=/etc --disable-static --with-pidfile=/run/unbound.pid

make && make install

mv -v /usr/sbin/unbound-host /usr/bin/

unbound-anchor
unbound-control-setup

Make it auto start

// Recommend
// https://github.com/x13machine/ubuntu-demon-creator

curl https://raw.githubusercontent.com/x13machine/ubuntu-demon-creator/master/create-demon.sh | sudo name="unbound" username="root" command="/usr/sbin/unbound -c /etc/unbound/unbound.conf" bash

// Backup plan
wget http://anduin.linuxfromscratch.org/BLFS/blfs-bootscripts/blfs-bootscripts-20180105.tar.xz
tar -xf blfs-bootscripts-20180105.tar.xz
make install-unbound

Edit unbound.conf file

include: "/etc/unbound/unbound.conf.d/*.conf"

server:
	directory: "/etc/unbound"
	username: unbound
        chroot: "/etc/unbound"
        pidfile: "/etc/unbound/unbound.pid"
        interface: [email protected]
	interface: ::[email protected]
        access-control: 0.0.0.0/0 allow
        access-control: ::/64 allow
	logfile: "unbound.log" 
	statistics-interval: 0
        extended-statistics: no
        # set to yes if graphing tool needs it

	do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes

        prefetch: yes
        qname-minimisation: yes
        rrset-roundrobin: yes
        use-caps-for-id: yes
        verbosity: 0
	
        auto-trust-anchor-file: "root.key"

	hide-identity: yes
        hide-version: yes

	minimal-responses: yes

	harden-short-bufsize: yes
	harden-large-queries: yes
	harden-glue: yes
	harden-dnssec-stripped: yes
	harden-below-nxdomain: yes
	harden-referral-path: no

	do-not-query-localhost: no
	root-hints: "opennic.hints"
	#root-hints: "root.hints"

forward-zone:
	name: "."
        forward-addr: [email protected]
	forward-ssl-upstream: yes

Refences

  1. http://www.linuxfromscratch.org/blfs/view/svn/introduction/bootscripts.html
  2. http://www.linuxfromscratch.org/blfs/view/svn/server/unbound.html
  3. https://github.com/ibksturm/dnscrypt-switzerland/tree/master/Unbound
  4. https://packages.debian.org/sid/amd64/unbound/download