OPNsense Forum

English Forums => General Discussion => Topic started by: bobbis on October 22, 2017, 04:40:10 pm

Title: [solved] two questions to unbound
Post by: bobbis on October 22, 2017, 04:40:10 pm

hi,

id like to know how unbound works,
if i use the default configuration of unbound on opnsense which dns server is unbound using to receive the ip address of the domain what is a client looking behind opnsense.

And another question to unbound is, how can i tell which dns server(ip) have unbound to use to receive an ip address of a domain what is a client looking for behind opnsense, if not cached.

thanks
bobbis

Title: Re: two questions to unbound
Post by: franco on October 23, 2017, 11:11:57 pm

Hi bobbis,

Unbound calls itself a "validating, recursive, and caching DNS resolver."

In a nutshell, the DNS root servers are queried, which are given as a mostly static list of DNS server entries reachable via the Internet: https://en.wikipedia.org/wiki/Root_name_server

So your queries are safe from being modified / answered incorrectly by intermediary DNS servers, e.g. given out by your ISP.

The default config is further hardened by using DNSSEC. https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions#Operation


Cheers,
Franco

Title: Re: two questions to unbound
Post by: xinnan on October 23, 2017, 11:43:33 pm

from console:

Dig google.com (or whatever)

or

nslookup google.com (or whatever)

Title: Re: two questions to unbound
Post by: bobbis on November 10, 2017, 01:26:46 pm

Quote from: bobbis on October 22, 2017, 04:40:10 pm

hi,

id like to know how unbound works,
if i use the default configuration of unbound on opnsense which dns server is unbound using to receive the ip address of the domain what is a client looking behind opnsense.

i found out thats the easiest way with unbound himself:
root@opernsense:~ # unbound-control -c /var/unbound/unbound.conf lookup exmaple.domain
The following name servers are used for lookup of exmaple.domain.
forwarding request:
Delegation with 0 names, of which 0 can be examined to query further addresses.
It provides 2 IP addresses.
10.10.10.5         rto 752 msec, ttl 292, ping 0 var 94 rtt 376, tA 1, tAAAA 0, tother 0, EDNS 0 assumed.
85.214.20.141           rto 102 msec, ttl 521, ping 30 var 18 rtt 102, tA 0, tAAAA 0, tother 0, EDNS 0 probed.

Quote from: bobbis on October 22, 2017, 04:40:10 pm

And another question to unbound is, how can i tell which dns server(ip) have unbound to use to receive an ip address of a domain what is a client looking for behind opnsense, if not cached.

thanks
bobbis

if i enable forwarding mode under unbound, then unbound uses the dns server, entered in the generall configuration section if not overwritten by dns isp ip's.