[solved] two questions to unbound

Started by bobbis, October 22, 2017, 04:40:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 22, 2017, 04:40:10 PM Last Edit: November 10, 2017, 01:27:21 PM by bobbis
hi,

id like to know how unbound works,
if i use the default configuration of unbound on opnsense which dns server is unbound using to receive the ip address of the domain what is a client looking behind opnsense.

And another question to unbound is, how can i tell which dns server(ip) have unbound to use to receive an ip address of a domain what is a client looking for behind opnsense, if not cached.

thanks
bobbis
October 23, 2017, 11:11:57 PM #1
Hi bobbis,

Unbound calls itself a "validating, recursive, and caching DNS resolver."

In a nutshell, the DNS root servers are queried, which are given as a mostly static list of DNS server entries reachable via the Internet: https://en.wikipedia.org/wiki/Root_name_server

So your queries are safe from being modified / answered incorrectly by intermediary DNS servers, e.g. given out by your ISP.

The default config is further hardened by using DNSSEC. https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions#Operation


Cheers,
Franco
October 23, 2017, 11:43:33 PM #2
from console:

Dig google.com (or whatever)

or

nslookup google.com (or whatever)

November 10, 2017, 01:26:46 PM #3
Quote from: bobbis on October 22, 2017, 04:40:10 PM
hi,

id like to know how unbound works,
if i use the default configuration of unbound on opnsense which dns server is unbound using to receive the ip address of the domain what is a client looking behind opnsense.
i found out thats the easiest way with unbound himself:
root@opernsense:~ # unbound-control -c /var/unbound/unbound.conf lookup exmaple.domain
The following name servers are used for lookup of exmaple.domain.
forwarding request:
Delegation with 0 names, of which 0 can be examined to query further addresses.
It provides 2 IP addresses.
10.10.10.5         rto 752 msec, ttl 292, ping 0 var 94 rtt 376, tA 1, tAAAA 0, tother 0, EDNS 0 assumed.
85.214.20.141           rto 102 msec, ttl 521, ping 30 var 18 rtt 102, tA 0, tAAAA 0, tother 0, EDNS 0 probed.

Quote from: bobbis on October 22, 2017, 04:40:10 PM
And another question to unbound is, how can i tell which dns server(ip) have unbound to use to receive an ip address of a domain what is a client looking for behind opnsense, if not cached.

thanks
bobbis
if i enable forwarding mode under unbound, then unbound uses the dns server, entered in the generall configuration section if not overwritten by dns isp ip's.

Print
Go Up Pages1
User actions