FreeBSD 11 Unbound DNS server

Posted by on

In FreeBSD, there is a built-in DNS server called Unbound.

So why would run a local DNS server? I am in a region where internet traffic is still a bit expensive, that also implies slow, and high response times. To speed that a up a little, you can use own DNS server. It will speed up because for every homepage you visit, there will be several hooks to other domains: commercials, site components, and links to other sites. These, will now all be cached locally on your new DNS server. In my case I use an old PC-Engine Alix board for my home DNS server, but you can use almost everything, Raspberry Pi, old laptop/desktop and others. As long as it runs FreeBSD.

All commands run as root, or a user with sudo/admin rights.
My network router/dns/gateway: 192.168.1.1
My new DNS server: 192.168.1.250
My NIC on new DNS server: vr0

sysrc ifconfig_vr0="inet 192.168.1.250 netmask 255.255.255.0"  
sysrc ifconfig_vr0="defaultrouter 192.168.1.1"                
echo "nameserver 192.168.1.1" > /etc/resolv.conf               
echo "nameserver 8.8.8.8" >> /etc/resolv.conf                  
service netif restart                                         
/etc/rc.d/routing restart

Now lets install the unbound server. There is a built-in in FreeBSD callen local_unbound, but it is build for local only. While you can tweak it to work as LAN DNS, it is adviced to use the package unbound instead.

pkg install unbound

sysrc unbound_enable="YES"

service unbound start

Default setting unbound only works for localhost, we need to change that setting:

cat <<EOF> /usr/local/etc/unbound/unbound.conf

server:
      username: unbound
      directory: /usr/local/etc/unbound
      chroot: /usr/local/etc/unbound
      auto-trust-anchor-file: /usr/local/etc/unbound/root.key
      interface: 0.0.0.0
      access-control: 192.168.1.0/24 allow
forward-zone:
      name: .
      forward-addr: 192.168.1.1
      forward-addr: 8.8.8.8
EOF

Now lets set where our DNS server actually gets its DNS quires from:

service unbound restart

Now go point you device to your new DNS server!