DNS Resolver ConfigurationΒΆ
Unbound can be configured with a wide array of optional parameters to fine-tune its behavior. Due to the large number of options, this documentation is split into several parts, with related options listed together.
These options are all found in config-unbound
mode, which is entered by the
command unbound server
from configuration mode (Configuration Mode).
- do-ip4:
Tells Unbound to use, or not use, IPv4 for answering or performing queries. Default is enabled. Unless TNSR has no IPv4 connectivity, this should be left enabled.
- do-ip6:
Tells Unbound to use, or not use, IPv6 for answering or performing queries. Default is enabled. Unless there is a situation where TNSR is configured with IPv6 addresses but lacks working connectivity to upstream networks via IPv6, this should remain enabled.
- do-udp:
Tells Unbound to use, or not use, UDP for answering or performing queries. Default is enabled. In nearly all cases, DNS requires UDP to function, except special cases such as a pure DNS over TLS environment. Thus, this should nearly always be left enabled.
- do-tcp:
Tells Unbound to use, or not use, TCP for answering or performing queries. Default is enabled. TCP is generally required for functional DNS, especially for queries with large answers. DNS over TLS also requires TCP. Unless a use case specifically calls for UDP DNS only, this should remain enabled.
- interface <x.x.x.x> [port <n>]:
Configures an interface IP address that Unbound will use for binding as a server, and an optional port specification. In most cases there should be an interface definition for a TNSR IP address in each local network, plus a definition for localhost (
127.0.0.1
as shown in Resolver Mode Example). The port number defaults to53
and should not be changed in most use cases.- outgoing-interface <ip-address>:
Configures an interface IP address that Unbound will use when making outbound DNS queries to upstream servers (roots or forwarders).
Note
If this is not configured, Unbound will make queries using the host OS default route, and not TNSR interfaces or routes.
- port <n>:
Sets the default port which Unbound will use to listen for client queries. Defaults to
53
.- verbosity <n>:
Sets the verbosity of the logs, from
0
(no logs) through5
(high). Default value is1
. Each level provides the information from the lower levels plus additional data.Level 1: Operational Information
Level 2: Additional details
Level 3: Per-query logs with query level information
Level 4: Algorithm level information
Level 5: Client identification for cache misses
- access-control:
Configures access control list entries for Unbound. See Access Control Lists.
- forward-zone:
Enters
config-unbound-fwd-zone
mode. See Forward Zones.