OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • [solved] two questions to unbound
« previous next »
  • Print
Pages: [1]

Author Topic: [solved] two questions to unbound  (Read 6020 times)

bobbis

  • Full Member
  • ***
  • Posts: 102
  • Karma: 5
    • View Profile
[solved] two questions to unbound
« on: October 22, 2017, 04:40:10 pm »
hi,

id like to know how unbound works,
if i use the default configuration of unbound on opnsense which dns server is unbound using to receive the ip address of the domain what is a client looking behind opnsense.

And another question to unbound is, how can i tell which dns server(ip) have unbound to use to receive an ip address of a domain what is a client looking for behind opnsense, if not cached.

thanks
bobbis
« Last Edit: November 10, 2017, 01:27:21 pm by bobbis »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17707
  • Karma: 1618
    • View Profile
Re: two questions to unbound
« Reply #1 on: October 23, 2017, 11:11:57 pm »
Hi bobbis,

Unbound calls itself a "validating, recursive, and caching DNS resolver."

In a nutshell, the DNS root servers are queried, which are given as a mostly static list of DNS server entries reachable via the Internet: https://en.wikipedia.org/wiki/Root_name_server

So your queries are safe from being modified / answered incorrectly by intermediary DNS servers, e.g. given out by your ISP.

The default config is further hardened by using DNSSEC. https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions#Operation


Cheers,
Franco
Logged

xinnan

  • Full Member
  • ***
  • Posts: 125
  • Karma: 13
    • View Profile
Re: two questions to unbound
« Reply #2 on: October 23, 2017, 11:43:33 pm »
from console:

Dig google.com (or whatever)

or

nslookup google.com (or whatever)

Logged

bobbis

  • Full Member
  • ***
  • Posts: 102
  • Karma: 5
    • View Profile
Re: two questions to unbound
« Reply #3 on: November 10, 2017, 01:26:46 pm »
Quote from: bobbis on October 22, 2017, 04:40:10 pm
hi,

id like to know how unbound works,
if i use the default configuration of unbound on opnsense which dns server is unbound using to receive the ip address of the domain what is a client looking behind opnsense.
i found out thats the easiest way with unbound himself:
root@opernsense:~ # unbound-control -c /var/unbound/unbound.conf lookup exmaple.domain
The following name servers are used for lookup of exmaple.domain.
forwarding request:
Delegation with 0 names, of which 0 can be examined to query further addresses.
It provides 2 IP addresses.
10.10.10.5         rto 752 msec, ttl 292, ping 0 var 94 rtt 376, tA 1, tAAAA 0, tother 0, EDNS 0 assumed.
85.214.20.141           rto 102 msec, ttl 521, ping 30 var 18 rtt 102, tA 0, tAAAA 0, tother 0, EDNS 0 probed.

Quote from: bobbis on October 22, 2017, 04:40:10 pm
And another question to unbound is, how can i tell which dns server(ip) have unbound to use to receive an ip address of a domain what is a client looking for behind opnsense, if not cached.

thanks
bobbis
if i enable forwarding mode under unbound, then unbound uses the dns server, entered in the generall configuration section if not overwritten by dns isp ip's.

Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • [solved] two questions to unbound
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2