TNSR uses the Unbound Domain Name System Resolver to handle DNS resolution and client queries.
Unbound is a recursive caching DNS resolver. Unbound can validate DNS data integrity with DNSSEC, and supports query privacy using DNS over TLS.
By default Unbound will act as a DNS resolver, directly contacting root DNS servers and other authoritative DNS servers in search of answers to queries. Unbound can also act as a DNS Forwarder, sending all DNS queries to specific upstream servers.
DNS Resolver Examples¶
Configure the DNS Resolver Service from configuration mode (Configuration Mode). These examples use the interface and subnet from Example Configuration.
Resolver Mode Example¶
For Resolver mode, the configuration requires only a few basic options:
tnsr# configure tnsr(config)# unbound server tnsr(config-unbound)# interface 127.0.0.1 tnsr(config-unbound)# interface 10.2.0.1 tnsr(config-unbound)# outgoing-interface 203.0.113.2 tnsr(config-unbound)# access-control 10.2.0.0/24 allow tnsr(config-unbound)# exit tnsr(config)# unbound enable
This example enables the Unbound DNS Resolver and configures it to listen on
localhost as well as
GigabitEthernet0/14/2, labeled LAN in the
example). It uses
203.0.113.2, which is the example WAN interface address,
for outgoing queries. The example also allows clients inside the local subnet,
10.2.0.0/24, to perform DNS queries and receive responses.
Forwarding Mode Example¶
For Forwarding mode, use the configuration above plus these additional commands:
tnsr# configure tnsr(config)# unbound server tnsr(config-unbound)# forward-zone . tnsr(config-unbound-fwd-zone)# nameserver address 22.214.171.124 tnsr(config-unbound-fwd-zone)# nameserver address 126.96.36.199 tnsr(config-unbound-fwd-zone)# exit tnsr(config-unbound)# exit
This example builds on the previous example but instead of working in
resolver mode, it will send all DNS queries to the upstream DNS servers