Hi, I was wondering if anyone has any experience using Unbound DNS. I would like to configure it from my core windows machine for use on my whole network. I am unsure of how to do this and the guides I have reviewed haven't really been that informative. If anyone would be willing to help me I would appreciate it. I would like to move away from Public DNS (especially in light of Cisco buying OpenDNS). Thank you in advance. J P.S This would be running off a windows box. Thanks!
I actually think I got it to work - could someone look at my config and make sure that I am not setup to let the entire internet use my DNS for bad things? # Unbound configuration file on windows. # See example.conf for more settings and syntax server: # verbosity level 0-4 of logging verbosity: 4 # if you want to log to a file use logfile: "C:\unbound\unbound.log" # on Windows, this setting makes reports go into the Application log # found in ControlPanels - System tasks - Logs #use-syslog: yes server: auto-trust-anchor-file: "C:\Program Files (x86)\Unbound\root.key" port: 53 do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes prefetch: yes prefetch-key: yes num-threads: 4 cache-min-ttl: 3600 cache-max-ttl: 172800 outgoing-range: 4096 num-queries-per-thread: 4096 msg-cache-slabs: 8 rrset-cache-slabs: 8 infra-cache-slabs: 8 key-cache-slabs: 8 rrset-cache-size: 256m msg-cache-size: 128m infra-host-ttl: 60 infra-lame-ttl: 120 infra-cache-numhosts: 10000 infra-cache-lame-size: 10k so-rcvbuf: 4m so-sndbuf: 4m harden-referral-path: no hide-identity: yes hide-version: yes harden-glue: yes harden-dnssec-stripped: yes use-caps-for-id: yes unwanted-reply-threshold: 10000 val-clean-additional: yes edns-buffer-size: 4096 msg-buffer-size: 65552 target-fetch-policy: "3 2 2 2 2 2" interface: 127.0.0.1 access-control: 127.0.0.0/8 allow access-control: 10.0.0.0/16 allow access-control: 0.0.0.0/0 refuse access-control: ::0/0 refuse access-control: ::1 refuse access-control: ::ffff:127.0.0.1 refuse # private-address: 10.0.0.0/16 private-address: 127.0.0.1/16 # # Blocking Ad Server domains. Google's AdSense, DoubleClick and Yahoo # account for a 70 percent share of all advertising traffic. Block them. local-zone: "doubleclick.net" redirect local-data: "doubleclick.net A 127.0.0.1" local-zone: "googlesyndication.com" redirect local-data: "googlesyndication.com A 127.0.0.1" local-zone: "googleadservices.com" redirect local-data: "googleadservices.com A 127.0.0.1" local-zone: "google-analytics.com" redirect local-data: "google-analytics.com A 127.0.0.1" local-zone: "ads.youtube.com" redirect local-data: "ads.youtube.com A 127.0.0.1" local-zone: "adserver.yahoo.com" redirect local-data: "adserver.yahoo.com A 127.0.0.1" # val-bogus-ttl: 60 val-sig-skew-min: 3600 val-sig-skew-max: 86400
