This tutorial by user Chad Milios (DigitalOcean) shows us how to get Unbound (caching DNS resolver) set up on FreeBSD 10.1. DigitalOcean is a cloud infrastructure that offers many open source platforms, including FreeBSD.
The system of domain name servers (DNS) is a global hierarchy of databases dedicated to the simple but essential task of looking up host names like
www.digitalocean.comand turning them into one or more IP addresses. Whenever an email is sent or a connection to a host is initiated by its name, the DNS system is used. You can read this introduction to the DNS system for more information.
Such an essential and fundamental component of Internet infrastructure gets a lot of use. It is not uncommon for a busy system to make hundreds of name lookups per second or more. If services running on your server perform much work at all behind the scenes then it is likely that security and performance will benefit from verifying and caching within your own systems the name lookups that your service performs to conduct its operations.
In this tutorial, you will learn how to set up a FreeBSD server to remember all DNS lookups in a system-wide cache. Information will automatically expire from this cache, honoring each looked-up domain’s individual policy for rechecking.
In order to follow this tutorial, you will need:
- One FreeBSD 10.1 Droplet
Step 1 — Enabling Unbound
FreeBSD 10.1 includes the verifying caching resolver Unbound (version 1.4.22) as part of the base system.
Once you are logged into your server via SSH, enabling FreeBSD’s included resolver is as simple as issuing the following command:
- sudo sysrc local_unbound_enable=YES
Your Droplet is now configured to start Unbound at the next system reboot.
Step 2 — Starting Unbound