Páginas

viernes, 12 de diciembre de 2025

Unbound DNS Local en FreeBSD 14.3

Configurar Unbound FreeBSD 14.3

Servidor tormenta y cliente solaris /etc/hosts 

...
192.168.88.160		tormenta.local.com  tormenta
192.168.88.51		solaris.local.com  solaris
...

Archivo de configuracion /usr/local/etc/unbound/unbound.conf 

server:
# Interfaces y puertos
interface: 127.0.0.1       # usar unbound para la resolucion DNS
interface: 192.168.88.160
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes

# Seguridad y acceso
access-control: 127.0.0.0/8 allow
access-control: 192.168.88.0/24 allow
access-control: 0.0.0.0/0 refuse

# Cache y rendimiento
cache-min-ttl: 3600
cache-max-ttl: 86400
prefetch: yes
prefetch-key: yes

# Privacidad
hide-identity: yes
hide-version: yes
identity: "DNS Server"
version: " "

# Validación DNSSEC - verificar autenticidad de las respuestas
auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
val-clean-additional: yes

# Archivos de zona local
include: /usr/local/etc/unbound/local-zone.conf

# Control remoto 
include: /usr/local/etc/unbound/remote-control.conf

# Redirección de consultas
forward-zone:
name: "."
forward-addr: 9.9.9.9 # Quad9 DNS
forward-addr: 8.8.8.8 # Google DNS

carlos@tormenta:~ % cat /usr/local/etc/unbound/local-zone.conf 
# Zona local local.com
local-zone: "local.com." static
local-data: "tormenta.local.com. IN A 192.168.88.160"
local-data: "solaris.local.com. IN A 192.168.88.51"
local-data: "ns.local.com. IN A 192.168.88.160"
local-data: "local.com. IN NS ns.local.com."

carlos@tormenta:~ % cat /usr/local/etc/unbound/remote-control.conf 
# Habilitar interfaz de control
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 8953
control-use-cert: no

sysrc unbound_enable="YES"
service unbound start
Archivo /etc/resolv.conf (tormenta) 
cat /etc/resolv.conf
# Generated by resolvconf
nameserver 127.0.0.1      # 
nameserver 192.168.88.160
domain local.com
search local.com

Archivo /etc/resolv.conf (solaris) 

nameserver 192.168.88.160
domain local.com
search local.com

Consultas DNS desde el cliente (solaris.local.com) 

dig @tormenta.local.com freebsd.org

; <<>> DiG 9.20.16 <<>> @tormenta.local.com freebsd.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56301
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;freebsd.org.			IN	A

;; ANSWER SECTION:
freebsd.org.		3600	IN	A	96.47.72.84

;; Query time: 58 msec
;; SERVER: 192.168.88.160#53(tormenta.local.com) (UDP)
;; WHEN: Wed Dec 10 14:12:38 CET 2025
;; MSG SIZE  rcvd: 56

Desde el servidor 

dig freebsd.org @127.0.0.1
carlos@tormenta:~ % dig freebsd.org @127.0.0.1

; <<>> DiG 9.20.16 <<>> freebsd.org @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38422
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;freebsd.org.			IN	A

;; ANSWER SECTION:
freebsd.org.		3426	IN	A	96.47.72.84

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Dec 12 16:01:03 CET 2025
;; MSG SIZE  rcvd: 56
FreeBSD es genial!.
Posted by at
Labels: , , ,

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)