Unbound package

From PFSenseDocs
Jump to: navigation, search

Overview

Unbound is a validating, recursive and caching DNS resolver. It provides various modules so that DNSSEC (secure DNS) validation and stub-resolvers are possible.

This page covers topics specific to Unbound as a package on pfSense 2.1.x. For Unbound in the base system on 2.2 and for items common to both uses, see Unbound DNS Resolver.

Configuration

Once the Unbound package has been installed, visit Services > Unbound DNS. By default the service is disabled as it requires the DNS Forwarder be disabled. They provide the same functionality, so one service has to be disabled for the other one to work.

Once the DNS Forwarder has been disabled configure Unbound by following the below steps:

The following options are present only in the package:

  • Unbound provides DNS Rebinding protection by stripping any answers that contain RFC1918 addresses. Additionally, the DNSSEC validator may mark the answers bogus. This can be disabled in case zones exist that return addresses that are private. With this option enabled, any Domain overrides configured will be exempt from this check.
  • Cache Restoration Support ensures that the current Unbound cache (which contains all the DNS records) is saved to disk. So if the service or server is restarted the cache is restored resulting in quicker responses in resolving DNS queries. Take note that any old or wrong data will also be restored.

Once the options are saved Unbound can be used for all DNS resolution on pfSense

Statistics

Unbound provides various statistics relating to the number of queries that Unbound handles. These statistics are printed to the Unbound log file (/var/log/unbound.log). This log file is viewable via Status: Package logs or via the command line using the command clog, for example clog /var/log/unbound.log.

There are a few configurable options found only which are defined as follows:

  • Enable the use of statistics. Checking this will cause Unbound to generate statistics which can be used to generate other information, for example graphing.
  • Select at intervals at which Unbound should log statistics generated to the Unbound log file.
  • The cumulative statistics option causes Unbound to statistics counters to go up over time instead of been reset to zero since the last statistics printout.
  • Extended statistics causes Unbound to log the type of queries that are been handled by the resolver, otherwise Unbound only logs the total number of queries collected.