To configure Unbound on Debian or Ubuntu, you can follow these steps:
Open the Unbound configuration file using a text editor. The configuration file is located at /etc/unbound/unbound.conf.
sudo nano /etc/unbound/unbound.conf
Make any necessary changes to the configuration file. The configuration file is well-documented and contains numerous comments to help you understand its contents. Here are a few common configuration options you may want to consider:
interface: This option specifies the network interface Unbound should listen on. By default, Unbound listens on all available network interfaces. If you want to restrict Unbound to a specific network interface, you can specify its IP address here.
access-control: This option specifies the IP addresses or networks that are allowed to query Unbound. By default, Unbound allows queries from any IP address. You can use this option to restrict queries to specific IP addresses or networks.
forward-zone: This option specifies the DNS servers that Unbound should forward queries to if it cannot find the answer locally. You can specify one or more forward zones here.
cache-max-ttl: This option specifies the maximum time-to-live (TTL) for cached DNS records. By default, Unbound caches records for up to 86400 seconds (one day). You can adjust this value to suit your needs.
Save the configuration file and exit the text editor.
Restart the Unbound service to apply the new configuration.
sudo systemctl restart unbound
That’s it! Your Unbound configuration is now updated and the service is running with the new configuration.
You can follow the steps below:
Configure Unbound to listen only on the VPN client interface by editing the unbound.conf file
sudo nano /etc/unbound/unbound.conf
Add the following line to the top of the file
interface: <VPN client interface IP address>
Replace <VPN client interface IP address> with the IP address of the VPN client interface. You can find the IP address by running the command ifconfig.
unbound.conf fileforward-zone:
name: "."
forward-addr: <VPN server IP address>
Replace <VPN server IP address> with the IP address of the VPN server.
sudo systemctl start unbound
dig @localhost example.com
Replace example.com with the domain name you want to query.
If the DNS server is working correctly, you should see the DNS response from the VPN server.