New FAMILUG

The PyMiers

Sunday, 28 February 2021

Run Unbound DNS resolver on OpenBSD 6.8 on a Laptop

OpenBSD 6.8 comes with default installed Unbound daemon. Using Unbound, you would not longer depends on other DNS provider, keep what domain you access to yourself.

Enable and start unbound

# rcctl enable unbound
# rcctl start unbound

It now listens on port 53, on localhost address - good, sane default:

$ netstat -nl | grep 53
tcp          0      0  127.0.0.1.53           *.*                    LISTEN
udp          0      0  127.0.0.1.53           *.*
tcp6         0      0  ::1.53                 *.*                    LISTEN
udp6         0      0  ::1.53                 *.*

Now check using dig:

$ dig pymi.vn @127.0.0.1

; <<>> dig 9.10.8-P1 <<>> pymi.vn @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7832
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pymi.vn.                       IN      A

;; ANSWER SECTION:
pymi.vn.                231     IN      A       104.21.61.168
pymi.vn.                231     IN      A       172.67.212.45

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 28 22:15:35 +07 2021
;; MSG SIZE  rcvd: 68

The result is same as returned by 1.1.1.1:

$ dig +short pymi.vn @1.1.1.1
172.67.212.45
104.21.61.168

Config laptop to use the local DNS resolver

Laptop uses wireless network often uses DHCP to config.

Example config:

$ cat /etc/hostname.iwm0
nwid "The Coffee House" wpakey thecoffeehouse
dhcp

It uses DHCP to get IP and DNS config, this in turns, re-write /etc/resolv.conf

$ cat /etc/resolv.conf
# Generated by iwm0 dhclient
nameserver 8.8.8.8
lookup file bind

To override the nameserver, change DHCP client config:

$ cat /etc/dhclient.conf
supersede domain-name-servers 127.0.0.1;

To reconnect wireless network with new DHCP client config, run:

# sh -x /etc/netstart

Now DNS would be resolved using unbound.

Happy OpenBSD using.

No comments:

Post a Comment