How to Setup a DNS Zone on Unbound

A comprehensive guide to setting up and managing DNS zones using Unbound DNS resolver.

Table of Contents

Prerequisites

Before setting up a DNS zone on Unbound, ensure you have:

  • Unbound installed and running
  • Root or sudo access to the server
  • Basic understanding of DNS concepts
  • Domain name registered
Note: These instructions assume you're using a Linux-based system.

Basic Concepts

Understanding key Unbound concepts:

Unbound Terminology
  • Local Zone: DNS zone configured locally in Unbound
  • Local Data: DNS records for local zones
  • Stub Zone: Zone that forwards queries to authoritative servers
  • Forward Zone: Zone that forwards queries to other resolvers

Zone Configuration

Use our configuration generator to create your Unbound configuration:

1. Edit unbound.conf
server:
    interface: 0.0.0.0
    access-control: 192.0.2.0/24 allow
    verbosity: 1

    # Local zone configuration
    local-zone: "example.com." static
    local-data: "example.com. IN A 192.0.2.1"
    local-data: "www.example.com. IN A 192.0.2.1"
    local-data: "mail.example.com. IN A 192.0.2.1"
    local-data: "example.com. IN MX 10 mail.example.com."
    local-data: "example.com. IN NS ns1.example.com."
    local-data: "ns1.example.com. IN A 192.0.2.1"

Record Types

  • A Record: Maps hostname to IPv4 address
  • AAAA Record: Maps hostname to IPv6 address
  • CNAME: Creates an alias for another hostname
  • MX: Specifies mail servers
  • TXT: Text records for various purposes
  • PTR: Reverse DNS lookup

Testing

Verify your Unbound configuration:

  1. Check configuration syntax: 
    unbound-checkconf /etc/unbound/unbound.conf
  2. Restart Unbound: 
    sudo systemctl restart unbound
  3. Test DNS resolution: 
    dig @localhost example.com
nslookup example.com localhost

Troubleshooting

  • Resolution failures: Check local-zone and local-data syntax
  • Access denied: Verify access-control settings
  • Cache issues: Clear cache with unbound-control flush
  • Log analysis: Check syslog for Unbound messages

Best Practices

  • Security:
    • Configure DNSSEC validation
    • Use appropriate access controls
    • Regular security updates
  • Performance:
    • Optimize cache settings
    • Monitor resource usage
    • Configure appropriate number of threads

Advanced Configuration

Advanced Unbound features and configurations:

Advanced Topics
  • DNSSEC Configuration
  • Forward Zones
  • DNS over TLS (DoT)
  • Rate Limiting
  • Views and Access Control
Note: Advanced configurations should be implemented with caution and proper testing.

DNSCaptain is an independent service. We are not affiliated with any commercial DNS provider.

Privacy Policy
Terms of Service
Refund Policy
Contact Us