If the minimum # kicks in, the data is cached for longer than the domain owner intended, # and thus less queries are made to look up the data. # private-address: 192.168.0.0/16 rrset-roundrobin: yes # Time to live minimum for RRsets and messages in the cache. edns-buffer-size: 1232 # Rotates RRSet order in response (the pseudo-random # number is taken from Ensure privacy of local IP # ranges the query ID, for speed and thread safety). The actual buffer size is determined by msg-buffer-size # (both for TCP and UDP). This is the value put into datagrams over UDP towards # peers. harden-large-queries: yes # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS # If you want to disable DNSSEC, set harden-dnssec stripped: no harden-dnssec-stripped: yes # Number of bytes size to advertise as the EDNS reassembly buffer # size. root-hints: "/var/lib/unbound/root.hints " # Trust glue only if it is within the servers authority harden-glue: yes # Ignore very large queries. Make sure to # update root.hints evry 5-6 months. With 6to4 and # Terredo tunnels your web browser should favor IPv4 for the same reasons prefer-ip6: no # Use this only when you downloaded the list of primary root servers! # Read the root hints from this file. verbosity: 0 interface: 127.0.0.1 port: 5335 do-ip4: yes do-udp: yes do-tcp: yes # May be set to yes if you have IPv6 connectivity do-ip6: no # You want to leave this to no unless you have *native* IPv6. # Level 5 logs client identification for cache misses. Level 4 gives algorithm level information. Level 3 gives query level information, # output per query. Level 2 gives detailed # operational information. Unbound-checkconf: no errors in /etc/unbound/unbound.# The verbosity number, level 0 means no verbosity, only errors. However, the unbound service automatically creates the files if they are missing. If you skip this step, verifying the configuration in the next step will report the missing files. Limiting the interfaces to the required ones prevents clients from unauthorized networks, such as the internet, from sending queries to this DNS server.Īdd access-control parameters to configure from which subnets clients can query the DNS service, for example:Īccess-control: 127.0.0.0/8 allow access-control: 192.0.2.0/24 allow access-control: 2001:db8:1::/64 allowĬreate private keys and certificates for remotely managing the unbound service: With these settings, unbound only listens on the specified IPv4 and IPv6 addresses. Using a group declaration to apply parameters to multiple hosts, subnets, and shared networks at the same timeĪdd interface parameters to configure on which IP addresses the unbound service listens for queries, for example: Assigning a static address to a host using DHCPģ.11. Setting up the DHCP service for subnets that are not directly connected to the DHCP serverģ.10. Setting up the DHCP service for subnets directly connected to the DHCP serverģ.9. Setting network interfaces for the DHCP serversģ.8. Configuring the radvd service for IPv6 routersģ.7. The lease database of the dhcpd serviceģ.6. The differences when using dhcpd for DHCPv4 and DHCPv6ģ.4. The difference between static and dynamic IP addressingģ.3. ![]() Providing DHCP services"Ĭollapse section "3. Configuring Unbound as a caching DNS serverĮxpand section "3. Setting up an unbound DNS server"Ĭollapse section "2. Configuring response policy zones in BIND to override DNS recordsĮxpand section "2. Configuring zone transfers among BIND DNS serversġ.8. DNSSEC zone signing using the automated key generation and zone maintenance featuresġ.7. Setting up a reverse zone on a BIND primary serverġ.6.5. Setting up a forward zone on a BIND primary serverġ.6.3. Configuring zones on a BIND DNS server"ġ.6.2. Configuring zones on a BIND DNS server"Ĭollapse section "1.6. Configuring zones on a BIND DNS serverĮxpand section "1.6. Configuring logging on a BIND DNS serverġ.6. Configuring BIND as a caching DNS serverġ.4. The BIND Administrator Reference Manualġ.3. Considerations about protecting BIND with SELinux or running it in a change-root environmentġ.2. Setting up and configuring a BIND DNS server"ġ.1. Setting up and configuring a BIND DNS server"Ĭollapse section "1. ![]() Setting up and configuring a BIND DNS serverĮxpand section "1. ![]() Providing feedback on Red Hat documentationġ. Managing networking infrastructure services
0 Comments
Leave a Reply. |