DNS Resolver Configuration¶
Unbound can be configured with a wide array of optional parameters to fine-tune its behavior. Due to the large number of options, this documentation is split into several parts, with related options listed together.
These options are all found in
config-unbound mode, which is entered by the
unbound server from configuration mode (Configuration Mode).
These commands enable or disable options that do not require additional parameters, they can only be turned on or off. The specific options are discussed in other areas of this chapter such as Security Tuning and Cache & Performance Tuning.
- verbosity <n>
Sets the verbosity of the logs, from
0(no logs) through
5(high). Default value is
1. Each level provides the information from the lower levels plus additional data.
Level 1: Operational Information
Level 2: Additional details
Level 3: Per-query logs with query level information
Level 4: Algorithm level information
Level 5: Client identification for cache misses
- interface <x.x.x.x> [port <n>]
Configures an interface IP address that Unbound will use for binding as a server, and an optional port specification. In most cases there should be an interface definition for a TNSR IP address in each local network, plus a definition for localhost (
127.0.0.1as shown in Resolver Mode Example). The port number defaults to
53and should not be changed in most use cases.
- outgoing-interface <ip-address>
Configures an interface IP address that Unbound will use when making outbound DNS queries to upstream servers (roots or forwarders).
If this is not configured, Unbound will make queries using the host OS default route, and not TNSR interfaces or routes.
- port <n>
Sets the default port which Unbound will use to listen for client queries. Defaults to
- enable/disable ip4
Tells Unbound to use, or not use, IPv4 for answering or performing queries. Default is enabled. Unless TNSR has no IPv4 connectivity, this should be left enabled.
- enable/disable ip6
Tells Unbound to use, or not use, IPv6 for answering or performing queries. Default is enabled. Unless there is a situation where TNSR is configured with IPv6 addresses but lacks working connectivity to upstream networks via IPv6, this should remain enabled.
- enable/disable udp
Tells Unbound to use, or not use, UDP for answering or performing queries. Default is enabled. In nearly all cases, DNS requires UDP to function, except special cases such as a pure DNS over TLS environment. Thus, this should nearly always be left enabled.
- enable/disable tcp
Tells Unbound to use, or not use, TCP for answering or performing queries. Default is enabled. TCP is generally required for functional DNS, especially for queries with large answers. DNS over TLS also requires TCP. Unless a use case specifically calls for UDP DNS only, this should remain enabled.
Configures access control list entries for Unbound. See Access Control Lists.
config-unbound-fwd-zonemode. See Forward Zones.