Vendredi 23 novembre 2018

root@xinyiczen:/home/stret# cat /etc/resolv.conf

search firstheberg.net nameserver 127.0.0.1 nameserver 91.229.20.223 nameserver 37.59.126.29 nameserver 91.236.239.190

Installer serveur unbound

   apt install unbound
   wget ftp://FTP.INTERNIC.NET/domain/named.cache -O /var/lib/unbound/root.hints

Fichier de configuration du serveur DNS Unbound

nano /etc/unbound/unbound.conf.d/unbound-xinyic.conf
server:
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: yes
verbosity: 3
interface: 127.0.0.1
interface: 10.8.0.1 ## la passerelle VPN
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: no
access-control: 127.0.0.0/8 allow ## j'autorise mon serveur
access-control: 10.8.0.0/24 allow ## j'autorise le réseau établie avec mon OpenVPN
access-control: 0.0.0.0/0 refuse ## j'interdis tout le reste de l'Internet !
auto-trust-anchor-file: "/var/lib/unbound/root.key"
root-hints: "/var/lib/unbound/root.hints"
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes
cache-min-ttl: 3600
cache-max-ttl: 86400
prefetch: yes
num-threads: 6
msg-cache-slabs: 16
rrset-cache-slabs: 16
infra-cache-slabs: 16
key-cache-slabs: 16
rrset-cache-size: 256m
msg-cache-size: 128m
so-rcvbuf: 1m
unwanted-reply-threshold: 10000
do-not-query-localhost: yes
val-clean-additional: yes
##je bloque cetaines pubs
local-zone: "doubleclick.net" redirect
local-data: "doubleclick.net A 127.0.0.1"
local-zone: "googlesyndication.com" redirect
local-data: "googlesyndication.com A 127.0.0.1"
local-zone: "googleadservices.com" redirect
local-data: "googleadservices.com A 127.0.0.1"
local-zone: "google-analytics.com" redirect
local-data: "google-analytics.com A 127.0.0.1"
local-zone: "ads.youtube.com" redirect
local-data: "ads.youtube.com A 127.0.0.1"
local-zone: "adserver.yahoo.com" redirect
local-data: "adserver.yahoo.com A 127.0.0.1"
local-zone: "ask.com" redirect
local-data: "ask.com A 127.0.0.1"
use-syslog: yes
logfile: /var/log/unbound.log
harden-dnssec-stripped: yes
cache-min-ttl: 3600
cache-max-ttl: 86400
prefetch: yes
prefetch-key: yes

Modifier le fichier /etc/resolv.conf :
echo "nameserver 127.0.0.1" > /etc/resolv.conf

Tests du serveur Unbound

Relance du service Unbound :
systemctl restart unbound
Vérifier le status :
systemctl status unbound

Vérifier la résolution de nom à partir du serveur :

dig @127.0.0.1 memo-linux.com