Configure Unbound Recursive Resolver

peterwkc · December 30, 2024, 11:53:01 AM

Dear all,

At the moment, I using dnscrypt-proxy to send encrypted dns connection to 3party. AFAIK, it will be safer to configure unbound recursive resolver to prevent 3 party misuse of dns data and we don't know how the 3 party handle the data.

I tried searching it but cannot find it. Please point me a guide if you have one. Thanks.

cookiemonster · December 30, 2024, 03:20:31 PM

Simply enabling Unbound will make it act as a recursive resolver, that is, it will send the dns queries upstream to the root servers.
Those queries will not be encrypted if that matters to you.

peterwkc · December 31, 2024, 01:22:34 AM

Quote from: cookiemonster on December 30, 2024, 03:20:31 PMSimply enabling Unbound will make it act as a recursive resolver, that is, it will send the dns queries upstream to the root servers.
Those queries will not be encrypted if that matters to you.

I thought recursive resolver means it will handle the dns query rather than it send to upstream servers. Please explain.

Patrick M. Hausen · December 31, 2024, 01:27:28 AM

That's what it does by default. No configuration necessary. Enable Unbound, make client systems use Unbound (via DHCP) - done.

If you also want to prohibit DoH and DoT used e.g. by browsers, I can share a write up of my own setup tomorrow.

Point is: local recursive DNS server or "resolver" is how the Internet has worked for decades. It's the default mode. Nothing elaborated to configure here.

peterwkc · January 02, 2025, 03:33:58 AM

OK, Thanks for reply.

Configure Unbound Recursive Resolver

peterwkc

December 30, 2024, 11:53:01 AM

cookiemonster

December 30, 2024, 03:20:31 PM #1

peterwkc

December 31, 2024, 01:22:34 AM #2

Patrick M. Hausen

December 31, 2024, 01:27:28 AM #3

peterwkc

January 02, 2025, 03:33:58 AM #4