Maintained by: NLnet Labs

[Unbound-users] Using Unbound as a transparent, captive DNS resolver

Paul Wouters
Mon Dec 10 17:05:57 CET 2012


On Mon, 10 Dec 2012, Gerald McNulty wrote:

> Is it possible to use unbound as a captive DNS resolver? That is, all DNS traffic that is leaving the network will be
> redirected to unbound which will perform the resolution instead of any remote DNS server.
> 
> I'm already using the python module so adding code to that would be fine, but how would I retrieve the DNS server that was
> queried and set that in the response?

Why not just DNAT the traffic to your DNS server?

(from top of head, no guarantees)

iptables -I PREROUTING -t nat -j DNAT -s yourlan/mask -p udp --dport 53 --to-destination IP.UNBOUND.SERVER
iptables -I PREROUTING -t nat -j DNAT -s yourlan/mask -p tcp --dport 53 --to-destination IP.UNBOUND.SERVER

(-p all does not seem to work with --dport in my experience)

Paul