Unbound: Difference between revisions
m forward-tls-upstream = true; # Protected DNS |
m add minimal configuration |
||
| Line 2: | Line 2: | ||
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. | Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. | ||
== Minimal configuration == | |||
<syntaxhighlight lang="nixos"> | |||
services.unbound = { | |||
enable = true; | |||
settings.server.qname-minimisation = true; # optional | |||
}; | |||
</syntaxhighlight> | |||
Test if it's working | |||
<syntaxhighlight> | |||
$ systemctl status unbound.service | |||
$ nslookup nixos.org localhost | |||
</syntaxhighlight> | |||
== Example configuration == | == Example configuration == | ||
Revision as of 21:11, 23 March 2026
Unbound is a DNS server. Quoting the official project page:
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.
Minimal configuration
services.unbound = {
enable = true;
settings.server.qname-minimisation = true; # optional
};
Test if it's working
$ systemctl status unbound.service
$ nslookup nixos.org localhostExample configuration
services.unbound = {
enable = true;
settings = {
server = {
# When only using Unbound as DNS, make sure to replace 127.0.0.1 with your ip address
# When using Unbound in combination with pi-hole or Adguard, leave 127.0.0.1, and point Adguard to 127.0.0.1:PORT
interface = [ "127.0.0.1" ];
port = 5335;
access-control = [ "127.0.0.1 allow" ];
# See `man unbound.conf`
prefetch = true;
hide-identity = true;
hide-version = true;
};
forward-zone = [
# Example config with quad9
{
name = ".";
forward-tls-upstream = true; # Protected DNS
forward-addr = [
"9.9.9.9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
];
}
];
};
};