Maintained by: NLnet Labs

[Unbound-users] Installed. Now what?

Jan-Piet Mens
Sun Apr 8 15:57:14 CEST 2012


Alan,

> What I want is from my resolver to use DNSSEC.
> 
> So it looks like I need to recompile everything with unbounds
> library and probably not use ISC's BIND resolver library.  Is that
> correct?

No, not at all. What you have to do is get your resolver to speak to
your newly setup Unbound, by adding it's address to /etc/resolv.conf on
the client machines that should use it.
> 
> So I have it installed and it seems to work - kind of:
> 
> $ dig .  +dnssec
> 
> ; <<>> DiG 9.6-ESV-R4-P3 <<>> . +dnssec
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10913
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

That looks ok, as long as dig is actually using your Unbound. Best to
force it to query that explicitly by specifying the IP of your Unbound

        dig @127.0.0.1 +dnssec .

(supposing Unbound is on 127.0.0.1)

> So is there any use for me for this utility or was it just a nice
> experiment?

As mentioned above, point your /etc/resolv.conf to Unbound.

        -JP