Unbound-1.22.0

Introduction to Unbound

Unbound is a validating, recursive, and caching DNS resolver. It is designed as a set of modular components that incorporate modern features, such as enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver library API as an integral part of the architecture.

[Note]

Note

Development versions of BLFS may not build or run some packages properly if LFS or dependencies have been updated since the most recent stable versions of the books.

Package Information

  • Download (HTTP): https://nlnetlabs.nl/downloads/unbound/unbound-1.22.0.tar.gz

  • Download MD5 sum: be0e5ae64c6619a638c116addd4da670

  • Download size: 6.4 MB

  • Estimated disk space required: 151 MB (with docs; add 11 MB for tests)

  • Estimated build time: 0.3 SBU (Using parallelism=4; with docs; add 0.3 SBU for tests)

Unbound Dependencies

Optional

libevent-2.1.12, Nettle-3.10.1, Protobuf-c-1.5.0 (for dnstap), sphinx-8.1.3 (for Python bindings documentation), SWIG-4.3.0 (for Python bindings), Doxygen-1.13.0 (for html documentation), dnstap, and Python2

Installation of Unbound

There should be a dedicated user and group to take control of the unbound daemon after it is started. Issue the following commands as the root user:

groupadd -g 88 unbound &&
useradd -c "Unbound DNS Resolver" -d /var/lib/unbound -u 88 \
        -g unbound -s /bin/false unbound

Install Unbound by running the following commands:

./configure --prefix=/usr     \
            --sysconfdir=/etc \
            --disable-static  \
            --with-pidfile=/run/unbound.pid &&
make

If you have Doxygen-1.13.0 package installed and want to build html documentation, run the following command:

make doc

To test the results, issue make check.

Now, as the root user:

make install &&
mv -v /usr/sbin/unbound-host /usr/bin/

If you built the documentation, install it by running the following commands as the root user:

install -v -m755 -d /usr/share/doc/unbound-1.22.0 &&
install -v -m644 doc/html/* /usr/share/doc/unbound-1.22.0

Command Explanations

--disable-static: This switch prevents installation of static versions of the libraries.

--with-libevent: This option enables libevent support, which allows for the use of large outgoing port ranges.

--with-pyunbound: This option enables building the Python bindings. If you want to build the bindings, you also need to pass the PYTHON_VERSION=3.13 environment variable to configure.

Configuring Unbound

Config Files

/etc/unbound/unbound.conf

Configuration Information

In the default configuration, unbound will bind to localhost (127.0.0.1 IP address) and allow recursive queries only from localhost clients. If you want to use unbound for local DNS resolution, run the following command as the root user:

echo "nameserver 127.0.0.1" > /etc/resolv.conf

For advanced configuration see /etc/unbound/unbound.conf file and the documentation.

When Unbound is installed, some package builds fail if the file /etc/unbound/root.key is not found. Create this file by running the following command as the root user:

unbound-anchor

Systemd Unit

If you want the Unbound server to start automatically when the system is booted, install the unbound.service unit included in the blfs-systemd-units-20241211 package:

make install-unbound

Contents

Installed Programs: unbound, unbound-anchor, unbound-checkconf, unbound-control, unbound-control-setup, and unbound-host
Installed Library: libunbound.so
Installed Directories: /etc/unbound and /usr/share/doc/unbound-1.22.0 (optional)

Short Descriptions

unbound

is a DNS resolver daemon

unbound-anchor

initializes or updates the root trust anchor for DNSSEC validation

unbound-checkconf

checks the unbound configuration file for syntax and other errors

unbound-control

performs remote administration on the unbound DNS resolver

unbound-control-setup

generates a self-signed certificate and private keys for the server and client

unbound-host

is a DNS lookup utility similar to host from BIND Utilities-9.20.4

libunbound.so

provides the Unbound API functions to programs