DNS Resolver ConfigurationΒΆ

Unbound can be configured with a wide array of optional parameters to fine-tune its behavior. Due to the large number of options, this documentation is split into several parts, with related options listed together.

These options are all found in config-unbound mode, which is entered by the command unbound server from configuration mode (Configuration Mode).

enable/disable:

These commands enable or disable options that do not require additional parameters, they can only be turned on or off. The specific options are discussed in other areas of this chapter such as Security Tuning and Cache & Performance Tuning.

verbosity <n>:

Sets the verbosity of the logs, from 0 (no logs) through 5 (high). Default value is 1. Each level provides the information from the lower levels plus additional data.

  • Level 1: Operational Information
  • Level 2: Additional details
  • Level 3: Per-query logs with query level information
  • Level 4: Algorithm level information
  • Level 5: Client identification for cache misses
interface <x.x.x.x> [port <n>]:
 

Configures an interface that Unbound will use for binding, and an optional port specification. In most cases there should be an interface definition for a TNSR IP address in each local network, plus a definition for localhost (127.0.0.1 as shown in Resolver Mode Example). The port number defaults to 53 and should not be changed in most use cases.

port <n>:

Sets the default port which Unbound will use to listen for client queries. Defaults to 53.

enable/disable ip4:
 

Tells Unbound to use, or not use, IPv4 for answering or performing queries. Default is enabled. Unless TNSR has no IPv4 connectivity, this should be left enabled.

enable/disable ip6:
 

Tells Unbound to use, or not use, IPv6 for answering or performing queries. Default is enabled. Unless there is a situation where TNSR is configured with IPv6 addresses but lacks working connectivity to upstream networks via IPv6, this should remain enabled.

enable/disable udp:
 

Tells Unbound to use, or not use, UDP for answering or performing queries. Default is enabled. In nearly all cases, DNS requires UDP to function, except special cases such as a pure DNS over TLS environment. Thus, this should nearly always be left enabled.

enable/disable tcp:
 

Tells Unbound to use, or not use, TCP for answering or performing queries. Default is enabled. TCP is generally required for functional DNS, especially for queries with large answers. DNS over TLS also requires TCP. Unless a use case specifically calls for UDP DNS only, this should remain enabled.

access-control:

Configures access control list entries for Unbound. See Access Control Lists.

forward-zone:

Enters config-unbound-fwd-zone mode. See Forward Zones.