> apt install unbound
> systemctl enable unbound
> systemctl start unbound
> systemctl status unbound
- /etc/unbound/unbound.conf.d/default.conf
server:
verbosity: 1
port: 53
#tls-port: 853
interface-automatic: yes
#interface-automatic-ports: "53 853"
interface-automatic-ports: "53"
do-ip4: yes
do-ip6: yes
prefer-ip4: no
prefer-ip6: yes
do-udp: yes
do-tcp: yes
use-syslog: yes
log-time-ascii: yes
log-queries: no
log-replies: no
log-tag-queryreply: yes
log-local-actions: yes
log-servfail: yes
# apt install dns-root-data
root-hints: /usr/share/dns/root.hints
# curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
#root-hints: root.hints
hide-identity: yes
hide-version: yes
harden-short-bufsize: yes
harden-large-queries: no
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: no
harden-algo-downgrade: yes
qname-minimisation: yes
qname-minimisation-strict: no
prefetch: yes
prefetch-key: yes
minimal-responses: no
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10
private-address: 127.0.0.0/8
private-address: ::ffff:0:0/96
private-domain: fritz.box
domain-insecure: fritz.box
forward-zone:
name: fritz.box.
forward-addr: fd00::de15:c8ff:feb6:1e26
forward-addr: 192.168.1.254
forward-no-cache: yes