DNS Resolver ConfigurationΒΆ

Unbound can be configured with a wide array of optional parameters to fine-tune its behavior. Due to the large number of options, this documentation is split into several parts, with related options listed together.

These options are all found in config-unbound mode, which is entered by the command unbound server from configuration mode (Configuration Mode).

do-ip4:

Tells Unbound to use, or not use, IPv4 for answering or performing queries. Default is enabled. Unless TNSR has no IPv4 connectivity, this should be left enabled.

do-ip6:

Tells Unbound to use, or not use, IPv6 for answering or performing queries. Default is enabled. Unless there is a situation where TNSR is configured with IPv6 addresses but lacks working connectivity to upstream networks via IPv6, this should remain enabled.

do-udp:

Tells Unbound to use, or not use, UDP for answering or performing queries. Default is enabled. In nearly all cases, DNS requires UDP to function, except special cases such as a pure DNS over TLS environment. Thus, this should nearly always be left enabled.

do-tcp:

Tells Unbound to use, or not use, TCP for answering or performing queries. Default is enabled. TCP is generally required for functional DNS, especially for queries with large answers. DNS over TLS also requires TCP. Unless a use case specifically calls for UDP DNS only, this should remain enabled.

interface <x.x.x.x> [port <n>]:

Configures an interface IP address that Unbound will use for binding as a server, and an optional port specification. In most cases there should be an interface definition for a TNSR IP address in each local network, plus a definition for localhost (127.0.0.1 as shown in Resolver Mode Example). The port number defaults to 53 and should not be changed in most use cases.

outgoing-interface <ip-address>:

Configures an interface IP address that Unbound will use when making outbound DNS queries to upstream servers (roots or forwarders).

Note

If this is not configured, Unbound will make queries using the host OS default route, and not TNSR interfaces or routes.

port <n>:

Sets the default port which Unbound will use to listen for client queries. Defaults to 53.

verbosity <n>:

Sets the verbosity of the logs, from 0 (no logs) through 5 (high). Default value is 1. Each level provides the information from the lower levels plus additional data.

  • Level 1: Operational Information

  • Level 2: Additional details

  • Level 3: Per-query logs with query level information

  • Level 4: Algorithm level information

  • Level 5: Client identification for cache misses

access-control:

Configures access control list entries for Unbound. See Access Control Lists.

forward-zone:

Enters config-unbound-fwd-zone mode. See Forward Zones.