TNSR uses the Unbound Domain Name System Resolver to handle DNS resolution and client queries.
Unbound is a recursive caching DNS resolver. Unbound can validate DNS data integrity with DNSSEC, and supports query privacy using DNS over TLS.
By default Unbound will act as a DNS resolver, directly contacting root DNS servers and other authoritative DNS servers in search of answers to queries. Unbound can also act as a DNS Forwarder, sending all DNS queries to specific upstream servers.
DNS Resolver Examples¶
Resolver Mode Example¶
For Resolver mode, the configuration requires only a few basic options:
tnsr# configure tnsr(config)# unbound server tnsr(config-unbound)# interface 127.0.0.1 tnsr(config-unbound)# interface 10.2.0.1 tnsr(config-unbound)# outgoing-interface 203.0.113.2 tnsr(config-unbound)# access-control 10.2.0.0/24 allow tnsr(config-unbound)# exit tnsr(config)# unbound enable
This example enables the Unbound DNS Resolver and configures it to listen on
localhost as well as
GigabitEthernet0/14/2, labeled LAN in the
example). It uses
203.0.113.2, which is the example WAN interface address,
for outgoing queries. The example also allows clients inside the local subnet,
10.2.0.0/24, to perform DNS queries and receive responses.
Forwarding Mode Example¶
For Forwarding mode, use the configuration above plus these additional commands:
tnsr# configure tnsr(config)# unbound server tnsr(config-unbound)# forward-zone . tnsr(config-unbound-fwd-zone)# nameserver address 188.8.131.52 tnsr(config-unbound-fwd-zone)# nameserver address 184.108.40.206 tnsr(config-unbound-fwd-zone)# exit tnsr(config-unbound)# exit
This example builds on the previous example but instead of working in
resolver mode, it will send all DNS queries to the upstream DNS servers