bsd:bsfunb:unbound

UNBOUND DNS

Mettre en place un serveur de domaine local

Fichier de configuration par défaut

/usr/local/etc/dhcpd.conf

# $OpenBSD: unbound.conf,v 1.7 2016/03/30 01:41:25 sthen Exp $
 
server:
	interface: 127.0.0.1
	interface: 192.168.1.202
	#interface: 127.0.0.1@5353	# listen on alternative port
	interface: ::1
	#do-ip6: no
 
	# override the default "any" address to send queries; if multiple
	# addresses are available, they are used randomly to counter spoofing
	#outgoing-interface: 192.0.2.1
	#outgoing-interface: 2001:db8::53
 
	access-control: 0.0.0.0/0 refuse
	access-control: 127.0.0.0/8 allow
	access-control: 192.168.1.0/24 allow
	access-control: ::0/0 refuse
	access-control: ::1 allow
 
	hide-identity: yes
	hide-version: yes
 
	# Uncomment to enable qname minimisation.
	# https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08
	#
	# qname-minimisation: yes
 
	# Uncomment to enable DNSSEC validation.
	#
	#auto-trust-anchor-file: "/var/unbound/db/root.key"
 
	# Serve zones authoritatively from Unbound to resolver clients.
	# Not for external service.
	#
	#local-zone: "local." static
	#local-data: "mycomputer.local. IN A 192.0.2.51"
 
	#local-zone: "2.0.192.in-addr.arpa." static
	#local-data-ptr: "192.0.2.51 mycomputer.local"
 
local-zone: "home.lan." static
	local-data: "ok.home.lan.               IN A 192.168.1.2"
        local-data: "phil.home.lan.             IN A 192.168.1.3"
        local-data: "sal.home.lan.              IN A 192.168.1.4"
        local-data: "tv.home.lan.             	IN A 192.168.1.5"
	local-data: "fbsd.home.lan.		IN A 192.168.1.6"
 
 
        local-data: "acer40.home.lan.           IN A 192.168.1.20"
        local-data: "acer56.home.lan.           IN A 192.168.1.21"            
        local-data: "acer57.home.lan.           IN A 192.168.1.22"
        local-data: "acer77.home.lan.           IN A 192.168.1.23"
        local-data: "asuseeepc1001.home.lan.    IN A 192.168.1.24"
	local-data: "bell.home.lan.		IN A 192.168.1.25"
 
        local-data: "spy1.home.lan.             IN A 192.168.1.111"
        local-data: "spy2.home.lan.             IN A 192.168.1.112"
        local-data: "spy3.home.lan.             IN A 192.168.1.113"
        local-data: "spy4.home.lan.             IN A 192.168.1.114"
        local-data: "spy5.home.lan.             IN A 192.168.1.115"
        local-data: "spy6.home.lan.             IN A 192.168.1.116"
 
        local-data: "obelix.home.lan.           IN A 192.168.1.201"
 
        local-data: "panoramix.home.lan.        IN A 192.168.1.202"
	local-data: "panoramix.spycam.home.lan. IN A 192.168.1.202"
	local-data: "panoramix.secret.home.lan. IN A 192.168.1.202"
 
        local-data: "asterix.home.lan.          IN A 192.168.1.203"
 
        local-data: "idefix.home.lan.        	IN A 192.168.1.204"
	local-data: "idefix.spycam.home.lan.	IN A 192.168.1.204"
	local-data: "idefix.secret.home.lan.	IN A 192.168.1.204"
 
        local-data: "vpnx.home.lan.             IN A 192.168.1.209"
 
        local-data: "tablette.home.lan.         IN A 192.168.1.220"
        local-data: "lenny2_fab.home.lan.       IN A 192.168.1.221"
        local-data: "lenny2_cin.home.lan.       IN A 192.168.1.222"
        local-data: "samsung_fab.home.lan.      IN A 192.168.1.223"
        local-data: "samsung_cindy.home.lan.    IN A 192.168.1.224"
 
	local-data: "brother.home.lan.		IN A 192.168.1.233"
 
	local-data: "gollum.home.lan.           IN A 192.168.1.246"
	local-data: "genius.home.lan.           IN A 192.168.1.247"
        local-data: "gecko.home.lan.            IN A 192.168.1.248"
        local-data: "genesis.home.lan.          IN A 192.168.1.249"
        local-data: "gaia.home.lan.             IN A 192.168.1.250"
        local-data: "gentoo.home.lan.           IN A 192.168.1.251"
        local-data: "gemini.home.lan.           IN A 192.168.1.252"
        local-data: "giotto.home.lan.           IN A 192.168.1.253"
        local-data: "galileo.home.lan.          IN A 192.168.1.254"
 
        local-data: "obe                        CNAME obelix.home.lan"
        local-data: "ide                        CNAME idefix.home.lan"
 
 
local-zone: "1.168.192.arpa." static
        local-data-ptr: "192.168.1.2 ok.home.lan"
        local-data-ptr: "192.168.1.3 phil.home.lan"
        local-data-ptr: "192.168.1.4 sal.home.lan"
        local-data-ptr: "192.168.1.5 tv.home.lan"
	local-data-ptr: "192.168.1.6 fbsd.home.lan"
 
        local-data-ptr: "192.168.1.20 acer40.home.lan"
        local-data-ptr: "192.168.1.21 acer56.home.lan"
        local-data-ptr: "192.168.1.22 acer57.home.lan"
        local-data-ptr: "192.168.1.23 acer77.home.lan"
        local-data-ptr: "192.168.1.24 asuseeepc1001.home.lan"
	local-data-ptr: "192.168.1.25 bell.home.lan"
 
        local-data-ptr: "192.168.1.111 spy1.home.lan"
        local-data-ptr: "192.168.1.112 spy2.home.lan"
        local-data-ptr: "192.168.1.113 spy3.home.lan"
        local-data-ptr: "192.168.1.114 spy4.home.lan"
        local-data-ptr: "192.168.1.115 spy5.home.lan"
        local-data-ptr: "192.168.1.116 spy6.home.lan"
 
        local-data-ptr: "192.168.1.201 obelix.home.lan"
 
        local-data-ptr: "192.168.1.202 panoramix.home.lan"
	local-data-ptr: "192.168.1.202 panoramix.spycam.home.lan"
	local-data-ptr: "192.168.1.202 panoramix.secret.home.lan"
 
        local-data-ptr: "192.168.1.203 asterix.home.lan"
 
	local-data-ptr: "192.168.1.204 idefix.home.lan"
	local-data-ptr: "192.168.1.204 idefix.spycam.home.lan"
	local-data-ptr: "192.168.1.204 idefix.secret.home.lan"
 
        local-data-ptr: "192.168.1.209 vpnx.home.lan"
 
        local-data-ptr: "192.168.1.220 tablette.home.lan"
        local-data-ptr: "192.168.1.221 lenny2_fab.home.lan"
        local-data-ptr: "192.168.1.222 lenny2_cin.home.lan"
        local-data-ptr: "192.168.1.223 samsung_fab.home.lan"
        local-data-ptr: "192.168.1.224 samsung_cindy.home.lan"  
        local-data-ptr: "192.168.1.225 huawei_fab.home.lan"
 
	local-data-ptr: "192.168.1.222 brother.home.lan"
 
	local-data-ptr: "192.168.1.246 gollum.home.lan"
	local-data-ptr: "192.168.1.247 genius.home.lan"
        local-data-ptr: "192.168.1.248 gecko.home.lan"
        local-data-ptr: "192.168.1.249 genesis.home.lan"
        local-data-ptr: "192.168.1.250 gaia.home.lan"
        local-data-ptr: "192.168.1.251 gentoo.home.lan"
        local-data-ptr: "192.168.1.252 gemini.home.lan"
        local-data-ptr: "192.168.1.253 giotto.home.lan"
        local-data-ptr: "192.168.1.254 galileo.home.lan"
 
 
	# UDP EDNS reassembly buffer advertised to peers. Default 4096.
	# May need lowering on broken networks with fragmentation/MTU issues,
	# particularly if validating DNSSEC.
	#
	#edns-buffer-size: 1480
 
	# Use TCP for "forward-zone" requests. Useful if you are making
	# DNS requests over an SSH port forwarding.
	#
	#tcp-upstream: yes
 
	# DNS64 options, synthesizes AAAA records for hosts that don't have
	# them. For use with NAT64 (PF "af-to").
	#
	#module-config: "dns64 validator iterator"
	#dns64-prefix: 64:ff9b::/96	# well-known prefix (default)
	#dns64-synthall: no
 
remote-control:
	control-enable: yes
	control-use-cert: no
	control-interface: /var/run/unbound.sock
 
# Use an upstream forwarder (recursive resolver) for specific zones.
# Example addresses given below are public resolvers valid as of 2014/03.
#
#forward-zone:
#	name: "."				# use for ALL queries
#	forward-addr: 74.82.42.42		# he.net
#	forward-addr: 2001:470:20::2		# he.net v6
#	forward-addr: 8.8.8.8			# google.com
#	forward-addr: 2001:4860:4860::8888	# google.com v6
#	forward-addr: 208.67.222.222		# opendns.com
#	forward-first: yes			# try direct if forwarder fails
 
forward-zone:
	name: "*.*"
	forward-addr: 192.168.1.254
	forward-addr: 208.67.222.222
	forward-addr: 208.67.220.220

sysrc unbound_enable="YES"
unbound_enable:  -> YES
 
service unbound start
Starting unbound.

Services Réseaux