![]() 4 Simple recursive caching DNS, UDP port 53 unencrypted.In the next installment of this article, we'll look at the basic configuration of Unbound. The main file we'll be working with to configure unbound is the nf file, which on RHEL/CentOS/Fedora is at /etc/unbound/nfįor this project, I'm going to install Unbound as a caching/recursive DNS server with the additional job of resolving machines in my local lab via an already existing DNS server that acts as an authoritative server for my lab and home office. Installationįrom RHEL/CENTOS/Fedora machines, it's as simple as getting it from the main YUM repositories: ~]# yum install unbound The only reason I'm doing these separately is for reference and practice. In my own lab, I'm running a BIND authoritative server for an internal domain, and I want to add an Unbound server that refers to this but can also cache, recurse, and forward requests to the outside world. ![]() It's also become the standard default DNS server software available for many GNU/Linux distributions, including BSD and Red Hat-based versions. It can do TLS encryption, and the most recent version now implements the RPZ standard (a more robust and sophisticated version of what DNSMasq does with split-DNS to allow the filtering of DNS queries for privacy and security). Unbound is capable of DNSSEC validation and can serve as a trust anchor. It's also very popular as a recursive and caching layer server in larger deployments. Unbound can be a caching server, but it can also do recursion and keep records it gets from other DNS servers as well as provide some authoritative service, like if you have just a few zones - so it can serve as a stub or "glue" server, or host a small zone of just a few domains - which makes it perfect for a lab or small organization. It can't do recursion (it can't look for another DNS server or handle referrals to or from other servers), and it can't host even a stub domain, so it's not too helpful managing names and addresses. Unfortunately, even though it's capable of split-DNS, it is a caching-only server. ![]() It's very popular as part of software packaged for home use and is an underlying piece of some other software you might have used like Clonezilla and Pi-Hole because it can provide all these services as a single small package. It is also packaged with a simple DHCP and TFTP server. DNSMasqĭNSMasq is a lightweight caching server designed for performance and ease of implementation. It can quickly become complicated to manage and is probably overkill for a smaller project. All these features make it slightly harder to configure and manage than some other options, and it's slower than the others as well. It can manage many (like hundreds of) zones or domains as the final word on addressing. BIND comes capable of anything you would want to do with a DNS server - notably, it provides an authoritative DNS server. BINDīIND is the grandfather of DNS servers, the first and still the most common of the available options. For the sake of discussion, we'll talk briefly about a popular example of the three main types (note that we'll only consider 'open' software that you can get without having to pay for a license). There are many options to choose from for this project. In addition, you do not have to remember addresses, rely on an external DNS service, or maintain hosts files on all your devices. You might want your own DNS server in your own home lab or small organization to manage internal, local name resolution.Some people run their own DNS server out of concerns for privacy and the security of data.For example, it may block DNS resolution of sites serving advertising or malware. A local DNS server can be used to filter queries.A local DNS server can decrease response time for address queries, and make more efficient use of network resources, improving performance overall.Knowing all of that, what advantage would there be in running our very own DNS server at home or in our small organization? There could be several reasons you might want to have your own DNS server. How well do you know Linux? Take a quiz and get a badgeĪs sysadmins, we need to know a bit about what DNS is and how it works - including what could go wrong.Linux system administration skills assessment.A guide to installing applications on Linux.Download RHEL 9 at no charge through the Red Hat Developer program.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |