Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:dns:dot_unbound [2023/10/14 05:26] – use service invocation vgaeteradocs:guide-user:services:dns:dot_unbound [2024/10/21 08:10] – Add chapter how to configure unbound with dnsmasq dpawlik
Line 86: Line 86:
 uci set unbound.fwd_google.enabled="0" uci set unbound.fwd_google.enabled="0"
 uci set unbound.fwd_cloudflare.enabled="0" uci set unbound.fwd_cloudflare.enabled="0"
-while uci -q delete unbound.@zone[4]; do :; done+while uci -q del unbound.@zone[4]; do :; done
 uci add unbound zone uci add unbound zone
 uci set unbound.@zone[-1].enabled="1" uci set unbound.@zone[-1].enabled="1"
Line 92: Line 92:
 uci set unbound.@zone[-1].zone_type="forward_zone" uci set unbound.@zone[-1].zone_type="forward_zone"
 uci add_list unbound.@zone[-1].zone_name="." uci add_list unbound.@zone[-1].zone_name="."
-uci set unbound.@zone[-1].tls_upstream="1" 
-uci set unbound.@zone[-1].tls_index="family.cloudflare-dns.com" 
 uci add_list unbound.@zone[-1].server="1.1.1.3" uci add_list unbound.@zone[-1].server="1.1.1.3"
 uci add_list unbound.@zone[-1].server="1.0.0.3" uci add_list unbound.@zone[-1].server="1.0.0.3"
 uci add_list unbound.@zone[-1].server="2606:4700:4700::1113" uci add_list unbound.@zone[-1].server="2606:4700:4700::1113"
 uci add_list unbound.@zone[-1].server="2606:4700:4700::1003" uci add_list unbound.@zone[-1].server="2606:4700:4700::1003"
 +uci set unbound.@zone[-1].tls_upstream="1"
 +uci set unbound.@zone[-1].tls_index="family.cloudflare-dns.com"
 uci commit unbound uci commit unbound
 service unbound restart service unbound restart
Line 113: Line 113:
 </code> </code>
  
 +
 +===== Configure unbound with dnsmasq =====
 +Unbound can also act as a resolver for dnsmasq. How to install and how to change the [[wp>Public_recursive_name_server|DoT provider]] were described earlier.
 +Here would be just described how to configure unbound with dnsmasq.
 +
 +=== Command-line instructions ===
 + 
 +<code bash>
 +# Change unbound port to 5353, because dnsmasq is running already on port 53
 +sed -i "s/option listen_port '53'/option listen_port '5353'/g" /etc/config/unbound
 +
 +# configure dnsmasq to forward to localhost 5353
 +service dnsmasq stop
 +uci set dhcp.@dnsmasq[0].noresolv="1"
 +uci set dhcp.@dnsmasq[0].localuse="1"
 +uci set dhcp.@dnsmasq[0].cachesize='0'
 +uci -q delete dhcp.@dnsmasq[0].server
 +uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5353"
 +uci commit dhcp
 +service dnsmasq start
 +service unbound restart
 +
 +# Optional - ensure, that the NTP server can work without DNS
 +uci del system.ntp.server
 +uci add_list system.ntp.server='194.177.4.1'    # 0.openwrt.pool.ntp.org
 +uci add_list system.ntp.server='213.222.217.11' # 1.openwrt.pool.ntp.org
 +uci add_list system.ntp.server='80.50.102.114'  # 2.openwrt.pool.ntp.org
 +uci add_list system.ntp.server='193.219.28.60'  # 3.openwrt.pool.ntp.org
 +uci commit system
 +</code>
  • Last modified: 2024/11/20 13:42
  • by dpawlik