Jump to content

Unbound: Difference between revisions

From Official NixOS Wiki
← Older edit
J7 (talk | contribs)
10 edits
VisualWikitext
J7 (talk | contribs)
10 edits
m Removed options equal to default values to clean the code
J7 (talk | contribs)
10 edits
m forward-tls-upstream = true; # Protected DNS
 
Line 23: Line 23:
         {
         {
           name = ".";
           name = ".";
          forward-tls-upstream = true;  # Protected DNS
           forward-addr = [
           forward-addr = [
             "9.9.9.9#dns.quad9.net"
             "9.9.9.9#dns.quad9.net"
             "149.112.112.112#dns.quad9.net"
             "149.112.112.112#dns.quad9.net"
           ];
           ];
          forward-tls-upstream = true;  # Protected DNS
         }
         }
       ];
       ];

Latest revision as of 21:32, 2 March 2026

Unbound is a DNS server. Quoting the official project page:

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.

Example configuration

services.unbound = {
    enable = true;
    settings = {
      server = {
        # When only using Unbound as DNS, make sure to replace 127.0.0.1 with your ip address
        # When using Unbound in combination with pi-hole or Adguard, leave 127.0.0.1, and point Adguard to 127.0.0.1:PORT
        interface = [ "127.0.0.1" ];
        port = 5335;
        access-control = [ "127.0.0.1 allow" ];
        # See `man unbound.conf`
        prefetch = true;
        hide-identity = true;
        hide-version = true;
      };
      forward-zone = [
        # Example config with quad9
        {
          name = ".";
          forward-tls-upstream = true;  # Protected DNS
          forward-addr = [
            "9.9.9.9#dns.quad9.net"
            "149.112.112.112#dns.quad9.net"
          ];
        }
      ];
    };
  };

Further reading

Retrieved from "https://wiki.nixos.org/w/index.php?title=Unbound&oldid=30182"