Jump to content

Unbound: Difference between revisions

From NixOS Wiki
← Older edit
Visual
Klinger (talk | contribs)
trusted
871 edits
m Category:DNS added, Applications removed
Klinger (talk | contribs)
trusted
871 edits
m Moved link from references to top
 
Line 1: Line 1:
{{Expansion}}
[https://www.nlnetlabs.nl/projects/unbound/about/ Unbound] is a DNS server. Quoting the official project page:
Unbound is a DNS server. Quoting the official project page:


Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.<ref>https://www.nlnetlabs.nl/projects/unbound/about/</ref>
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.


== Example configuration ==
== Example configuration ==
Line 46: Line 45:
* https://unbound.docs.nlnetlabs.nl/en/latest/
* https://unbound.docs.nlnetlabs.nl/en/latest/
* [https://wiki.archlinux.org/title/Unbound ArchWiki page]
* [https://wiki.archlinux.org/title/Unbound ArchWiki page]
== References ==
[[Category:Networking]]
[[Category:Networking]]
[[Category:Server]]
[[Category:Server]]
[[Category:DNS]]
[[Category:DNS]]

Latest revision as of 16:35, 20 March 2025

Unbound is a DNS server. Quoting the official project page:

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.

Example configuration

services.unbound = {
    enable = true;
    settings = {
      server = {
        # When only using Unbound as DNS, make sure to replace 127.0.0.1 with your ip address
        # When using Unbound in combination with pi-hole or Adguard, leave 127.0.0.1, and point Adguard to 127.0.0.1:PORT
        interface = [ "127.0.0.1" ];
        port = 5335;
        access-control = [ "127.0.0.1 allow" ];
        # Based on recommended settings in https://docs.pi-hole.net/guides/dns/unbound/#configure-unbound
        harden-glue = true;
        harden-dnssec-stripped = true;
        use-caps-for-id = false;
        prefetch = true;
        edns-buffer-size = 1232;

        # Custom settings
        hide-identity = true;
        hide-version = true;
      };
      forward-zone = [
        # Example config with quad9
        {
          name = ".";
          forward-addr = [
            "9.9.9.9#dns.quad9.net"
            "149.112.112.112#dns.quad9.net"
          ];
          forward-tls-upstream = true;  # Protected DNS
        }
      ];
    };
  };

Further reading

Retrieved from "https://wiki.nixos.org/w/index.php?title=Unbound&oldid=21007"