We use cookies to ensure you get the best experience on our website
Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
0ct0pu5
/
tutorials
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Branch: main
Branches Tags
tutorials
/
0388.html

0388.html 5.7 KB
Permalink Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 
  1.     <!DOCTYPE html>
    2. 

  2.     <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
    3. 

  3.       <head>
    4. 

  4.         <title>Setup Pi-Hole as a Recursive DNS Server with Unbound</title>
    5. 

  5.         <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    6. 

  6.         <meta charset="UTF-8">
    7. 

  7.         <meta name="keywords" content="Browser Based,Home Lab,Home Lab Ideas,Install Guide,Self-Hosted,Ad Blocker,Ad Blocking,DNS,Linux,Pi-Hole,Pi Hole,Network Wide Ad Blocking,Web Based,Web Based Tools,Unbound,Recursive DNS,Recursive DNS Server,Unbound DNS Server,How To,Tutorial,i12bretro">
    8. 

  8.         <meta name="author" content="i12bretro">
    9. 

  9.         <meta name="description" content="Setup Pi-Hole as a Recursive DNS Server with Unbound">
    10. 

  10.         <meta name="viewport" content="width=device-width, initial-scale=1.0">
    11. 

  11.         <meta name="revised" content="11/13/2022 07:53:18 PM" />
    12. 

  12. 				          <link rel="icon" type="image/x-icon" href="includes/favicon.ico">
    13. 

  13. 				  <script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
    14. 

  14. 				        <script type="text/javascript" src="includes/js/steps.js"></script>
    15. 

  15.         <link href="css/steps.css" rel="stylesheet" type="text/css" />
    16. 

  16.       </head>
    17. 

  17.       <body>
    18. 

  18.         <div id="gridContainer">
    19. 

  19.           <div class="topMargin"></div>
    20. 

  20.           <div id="listName" class="topMargin">
    21. 

  21.             <h1>Setup Pi-Hole as a Recursive DNS Server with Unbound</h1>
    22. 

  22.           </div>
    23. 

  23.           <div></div>
    24. 

  24.           <div id="content">
    25. 

  25.           <h2>Installing and Configuring Unbound</h2>
    26. 

  26. 

  27. <ol>
    28. 

  28. 	<li>Run the following commands in a terminal window:
    29. 

  29. 	<div class="codeBlock"># install unbound<br />
    30. 

  30. 	sudo apt install unbound<br />
    31. 

  31. 	# update root hints file<br />
    32. 

  32. 	wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints<br />
    33. 

  33. 	# edit unbound configuration<br />
    34. 

  34. 	sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf</div>
    35. 

  35. 	</li>
    36. 

  36. 	<li>Paste the following configuration into pi-hole.conf
    37. 

  37. 	<p>server:<br />
    38. 

  38. 	&nbsp; &nbsp; # If no logfile is specified, syslog is used<br />
    39. 

  39. 	&nbsp; &nbsp; # logfile: &quot;/var/log/unbound/unbound.log&quot;<br />
    40. 

  40. 	&nbsp; &nbsp; verbosity: 0</p>
    41. 

  41. 

  42. 	<p>&nbsp; &nbsp; interface: 127.0.0.1<br />
    43. 

  43. 	&nbsp; &nbsp; port: 5335<br />
    44. 

  44. 	&nbsp; &nbsp; do-ip4: yes<br />
    45. 

  45. 	&nbsp; &nbsp; do-udp: yes<br />
    46. 

  46. 	&nbsp; &nbsp; do-tcp: yes</p>
    47. 

  47. 

  48. 	<p>&nbsp; &nbsp; # May be set to yes if you have IPv6 connectivity<br />
    49. 

  49. 	&nbsp; &nbsp; do-ip6: no</p>
    50. 

  50. 

  51. 	<p>&nbsp; &nbsp; # You want to leave this to no unless you have *native* IPv6. With 6to4 and<br />
    52. 

  52. 	&nbsp; &nbsp; # Terredo tunnels your web browser should favor IPv4 for the same reasons<br />
    53. 

  53. 	&nbsp; &nbsp; prefer-ip6: no</p>
    54. 

  54. 

  55. 	<p>&nbsp; &nbsp; # Use this only when you downloaded the list of primary root servers!<br />
    56. 

  56. 	&nbsp; &nbsp; # If you use the default dns-root-data package, unbound will find it automatically<br />
    57. 

  57. 	&nbsp; &nbsp; #root-hints: &quot;/var/lib/unbound/root.hints&quot;</p>
    58. 

  58. 

  59. 	<p>&nbsp; &nbsp; # Trust glue only if it is within the server&#39;s authority<br />
    60. 

  60. 	&nbsp; &nbsp; harden-glue: yes</p>
    61. 

  61. 

  62. 	<p>&nbsp; &nbsp; # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS<br />
    63. 

  63. 	&nbsp; &nbsp; harden-dnssec-stripped: yes</p>
    64. 

  64. 

  65. 	<p>&nbsp; &nbsp; # Don&#39;t use Capitalization randomization as it known to cause DNSSEC issues sometimes<br />
    66. 

  66. 	&nbsp; &nbsp; # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details<br />
    67. 

  67. 	&nbsp; &nbsp; use-caps-for-id: no</p>
    68. 

  68. 

  69. 	<p>&nbsp; &nbsp; # Reduce EDNS reassembly buffer size.<br />
    70. 

  70. 	&nbsp; &nbsp; # Suggested by the unbound man page to reduce fragmentation reassembly problems<br />
    71. 

  71. 	&nbsp; &nbsp; edns-buffer-size: 1472</p>
    72. 

  72. 

  73. 	<p>&nbsp; &nbsp; # Perform prefetching of close to expired message cache entries<br />
    74. 

  74. 	&nbsp; &nbsp; # This only applies to domains that have been frequently queried<br />
    75. 

  75. 	&nbsp; &nbsp; prefetch: yes</p>
    76. 

  76. 

  77. 	<p>&nbsp; &nbsp; # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.<br />
    78. 

  78. 	&nbsp; &nbsp; num-threads: 1</p>
    79. 

  79. 

  80. 	<p>&nbsp; &nbsp; # Ensure kernel buffer is large enough to not lose messages in traffic spikes<br />
    81. 

  81. 	&nbsp; &nbsp; so-rcvbuf: 1m</p>
    82. 

  82. 

  83. 	<p>&nbsp; &nbsp; # Ensure privacy of local IP ranges<br />
    84. 

  84. 	&nbsp; &nbsp; private-address: 192.168.0.0/16<br />
    85. 

  85. 	&nbsp; &nbsp; private-address: 169.254.0.0/16<br />
    86. 

  86. 	&nbsp; &nbsp; private-address: 172.16.0.0/12<br />
    87. 

  87. 	&nbsp; &nbsp; private-address: 10.0.0.0/8<br />
    88. 

  88. 	&nbsp; &nbsp; private-address: fd00::/8<br />
    89. 

  89. 	&nbsp; &nbsp; private-address: fe80::/10</p>
    90. 

  90. 	</li>
    91. 

  91. 	<li>Press CTRL+O, Enter, CTRL+X to write the changes to pi-hole.conf</li>
    92. 

  92. 	<li>Continue with the following commands in terminal
    93. 

  93. 	<div class="codeBlock"># restart the unbound service<br />
    94. 

  94. 	sudo service unbound restart<br />
    95. 

  95. 	# test a DNS lookup via unbound<br />
    96. 

  96. 	dig github.io @127.0.0.1 -p 5335</div>
    97. 

  97. 	</li>
    98. 

  98. 	<li>Back in the web browser, navigate back to the Pi-Hole web interface</li>
    99. 

  99. 	<li>Log in if you are not already</li>
    100. 

  100. 	<li>Select Settings &gt; DNS</li>
    101. 

  101. 	<li>Uncheck any of the previously selected upstream DNS servers</li>
    102. 

  102. 	<li>Check the box next to Custom 1 (IPv4)</li>
    103. 

  103. 	<li>Enter 127.0.0.1#5335 as the address</li>
    104. 

  104. 	<li>Scroll down and click the Save button</li>
    105. 

  105. </ol>
    106. 

  106. 

  107. <h2>Testing the Changes</h2>
    108. 

  108. 

  109. <ol>
    110. 

  110. 	<li>Open a new tab in the web browser and navigate to https://yahoo.com</li>
    111. 

  111. 	<li>Go back into Pi-Hole and select Query Log from the left navigation</li>
    112. 

  112. 	<li>Filter the results on www.yahoo.com</li>
    113. 

  113. 	<li>You should see entries showing the DNS requests forwarding to localhost#5335</li>
    114. 

  114. </ol>          </div>
    115. 

  115.         </div>
    116. 

  116.       </body>
    117. 

  117.     </html>
    118. 

  118.   
    119.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5