Unbound: Difference between revisions

Latest revision as of 16:35, 20 March 2025

Unbound is a DNS server. Quoting the official project page:

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.

Example configuration

services.unbound = {
    enable = true;
    settings = {
      server = {
        # When only using Unbound as DNS, make sure to replace 127.0.0.1 with your ip address
        # When using Unbound in combination with pi-hole or Adguard, leave 127.0.0.1, and point Adguard to 127.0.0.1:PORT
        interface = [ "127.0.0.1" ];
        port = 5335;
        access-control = [ "127.0.0.1 allow" ];
        # Based on recommended settings in https://docs.pi-hole.net/guides/dns/unbound/#configure-unbound
        harden-glue = true;
        harden-dnssec-stripped = true;
        use-caps-for-id = false;
        prefetch = true;
        edns-buffer-size = 1232;

        # Custom settings
        hide-identity = true;
        hide-version = true;
      };
      forward-zone = [
        # Example config with quad9
        {
          name = ".";
          forward-addr = [
            "9.9.9.9#dns.quad9.net"
            "149.112.112.112#dns.quad9.net"
          ];
          forward-tls-upstream = true;  # Protected DNS
        }
      ];
    };
  };

@@ Line 1: / Line 1: @@
+[https://www.nlnetlabs.nl/projects/unbound/about/ Unbound] is a DNS server. Quoting the official project page:
+Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.
 == Example configuration ==
 <syntaxhighlight lang="nixos">
@@ Line 35: / Line 39: @@
    };
 </syntaxhighlight>
+== Further reading ==
+* [https://www.nlnetlabs.nl/projects/unbound/about/ Official project page]
+* https://unbound.docs.nlnetlabs.nl/en/latest/
+* [https://wiki.archlinux.org/title/Unbound ArchWiki page]
+[[Category:Networking]]
+[[Category:Server]]
+[[Category:DNS]]