Unbound
By default, a DHCP client gets an IP address, a network gateway and a DNS server. That’s fine most of the time. But if you own an OpenBSD cloud instance that has to use DHCP to get online, you might not be satisfied with the domain-name-servers option provided by your DHCP server. Hopefully, OpenBSD provides an easy way to force your DNS:
# viĀ /etc/dhclient.conf (...) prepend domain-name-servers 127.0.0.1; Since then, OpenBSD will use our DNS resolver. Which is… unbound(8)Continue reading...
I started replacing Bind with nsd/unbound on previous OpenBSD release. Now it’s time to update to OpenBSD 5.7 and ensure it still works.Continue reading...
I wrote about running unbound and nsd on OpenBSD 5.6 here .
The other day, the VM that runs those went to DDB. On reboot, I got the following error message :
unbound: [16897:0] error: ldns error while converting string to RR at15: Syntax error, could not parse the RR's type: spamd: \\[priv\\] unbound: [16897:0] error: failed to load trust anchor from /db/root.key at line 1, skipping unbound: [16897:0] error: failed to read /db/root.key unbound: [16897:0] error: error reading auto-trust-anchor-file: /var/unbound/db/root.key This means “root.key” went broken. To rebuild it, simple run those:Continue reading...
I’ve been using Bind as a primary, slave or cache name server for all my IT life. But it seems Bind is being kicked out of OpenBSD. So far so good, I’m gonna use what’s provided by my favorite OS to do the job.
Here’s how to use nsd and unbound daemons to serve as an internal authoritative DNS nameserver and DNS resolver. Both will be running on the same machine.Continue reading...