DNS Resolver

TNSR uses the Unbound Domain Name System Resolver to handle DNS resolution and client queries.

Unbound is a recursive caching DNS resolver. Unbound can validate DNS data integrity with DNSSEC, and supports query privacy using DNS over TLS.

By default Unbound will act as a DNS resolver, directly contacting root DNS servers and other authoritative DNS servers in search of answers to queries. Unbound can also act as a DNS Forwarder, sending all DNS queries to specific upstream servers.

DNS Resolver Examples

Configure the DNS Resolver Service from configuration mode (Configuration Mode). These examples use the interface and subnet from Example Configuration.

Resolver Mode Example

For Resolver mode, the configuration requires only a few basic options:

tnsr# configure
tnsr(config)# unbound server
tnsr(config-unbound)# interface 127.0.0.1
tnsr(config-unbound)# interface 10.2.0.1
tnsr(config-unbound)# outgoing-interface 203.0.113.2
tnsr(config-unbound)# access-control 10.2.0.0/24 allow
tnsr(config-unbound)# exit
tnsr(config)# unbound enable

This example enables the Unbound DNS Resolver and configures it to listen on localhost as well as 10.2.0.1 (GigabitEthernet0/14/2, labeled LAN in the example). It uses 203.0.113.2, which is the example WAN interface address, for outgoing queries. The example also allows clients inside the local subnet, 10.2.0.0/24, to perform DNS queries and receive responses.

Forwarding Mode Example

For Forwarding mode, use the configuration above plus these additional commands:

tnsr# configure
tnsr(config)# unbound server
tnsr(config-unbound)# forward-zone .
tnsr(config-unbound-fwd-zone)# nameserver address 8.8.8.8
tnsr(config-unbound-fwd-zone)# nameserver address 8.8.4.4
tnsr(config-unbound-fwd-zone)# exit
tnsr(config-unbound)# exit

This example builds on the previous example but instead of working in resolver mode, it will send all DNS queries to the upstream DNS servers 8.8.8.8 and 8.8.4.4.