TNSR uses the Unbound Domain Name System Resolver to handle DNS resolution and client queries.
Unbound is a recursive caching DNS resolver. Unbound can validate DNS data integrity with DNSSEC, and supports query privacy using DNS over TLS.
By default Unbound will act as a DNS resolver, directly contacting root DNS servers and other authoritative DNS servers in search of answers to queries. Unbound can also act as a DNS Forwarder, sending all DNS queries to specific upstream servers.
DNS Resolver Examples¶
Resolver Mode Example¶
For Resolver mode, the configuration requires only a few basic options:
tnsr# configure tnsr(config)# unbound server tnsr(config-unbound)# interface 127.0.0.1 tnsr(config-unbound)# interface 10.2.0.1 tnsr(config-unbound)# access-control 10.2.0.0/24 allow tnsr(config-unbound)# exit tnsr(config)# unbound enable
This example enables the Unbound DNS Resolver and configures it to listen on
localhost as well as
GigabitEthernet0/14/2, labeled LAN in the
example). The example also allows clients inside that subnet,
to perform DNS queries and receive responses.
Forwarding Mode Example¶
For Forwarding mode, use the configuration above plus these additional commands:
tnsr# configure tnsr(config)# unbound server tnsr(config-unbound)# forward-zone . tnsr(config-unbound-fwd-zone)# nameserver address 184.108.40.206 tnsr(config-unbound-fwd-zone)# nameserver address 220.127.116.11 tnsr(config-unbound-fwd-zone)# exit tnsr(config-unbound)# exit
This example builds on the previous example but instead of working in
resolver mode, it will send all DNS queries to the upstream DNS servers