Unbound: Adding Custom DNS Records
When I wrote my post on configuring DNS, DHCP and NTP on a Raspberry Pi, I forgot to include information on how to add your own DNS records to Unbound (straight forward as it is). So in this post, I’ll give a very brief overview.
All changes should be made in an unbound configuration file (probably /etc/unbound/unbound.conf, though you could also put them into a file in local.d, depending on your distribution — see below)
Adding an A Record
Assuming we want to add an A record for ‘mycomputer.home’ which has an IP of 10.0.1.8
local-data: "mycomputer.home A 10.0.1.8"
Adding a PTR Record
A PTR record (sometimes known as a reverse DNS record) allows you to request the hostname used by an IP (i.e. rather than running a DNS query for mycomputer.home, you’re asking for the hostname of the machine at 10.0.1.8)
local-data-ptr: "10.0.1.8 mycomputer.home"
CNAMEs
You can add a CNAME entry in local-data, however as Unbound isn’t an Authoritative resolver it won’t expand it. If a client makes a query for an A record they won’t receive the CNAME in response. More info on the Unbound mailing lists
The only time your entry will be returned is if the client queries for a CNAME, which in practice means it’ll probably be returned quite rarely
Still, if you want to add a CNAME anyway, then you can do this
local-data: "computer1 CNAME mycomputer.home"
If you really need to have your local DNS server resolve the CNAMES, the trick is to configure BIND or NSD on another port and create a stub-zone within Unbound.
Using Unbound to block Ads
When using my PC, I’ve no real problem with seeing ads, there’s plenty of real estate to use and they help offset the cost of providing content for free. On my phone, though, I can’t abide them, especially those that insist on popping up in the middle of a game, just as you’re touching the screen.
Using Unbound, you can easily blackhole the ad serving domains (albeit network wide), but given the number of domains in use it’s not something you really want to be doing by hand.
With a simple BASH script, you can pull down a blocklist and generate the local-data entries
#!/bin/bash # # Update the dummy ads block
#
# From http://www.bentasker.co.uk/documentation/linux/279-unbound-adding-custom-dns-records cd /etc/unbound/local.d/ rm ads.conf for a in `wget -O - "http://www.bentasker.co.uk/adblock/autolist.txt"`; do echo " local-data: \"$a A 127.0.0.2\"" >> ads.conf; done service unbound reload The autolist is refreshed regularly from pgl.yoyo.org and any of the domains that are blackholed as a result of that list will resolve to 127.0.0.2.
Add it as a cronjob to run at whatever interval you desire, or run it manually periodically.
Older versions of Unbound
One issue I did find with using this mechanism is that Unbound V1.4.17 doesn’t seem to include (or support) a wildcard include of files in local.d. Version 1.4.21 comes pre-configured with support for it, but if you are running the older version you’ll probably want to add this into unbound.conf (just after any local-data declarations)
include: /etc/unbound/local.d/ads.conf
How do I add a TXT or A record using Unbound?
I am currently following this tutorial. The author says we can add a TXT record on the local DNS resolver. But can I please know how do I do that? How do I add a TXT or A record on the local server (127.0.0.1) using unbound ?
3 Answers 3
Following the Unbound documentation, you can add a TXT record as local data.
An example of this: (adding both an A and a TXT record for a subdomain)
local-zone: "somedomain.country." static local-data: "sub1.somedomain.country. IN A 127.0.0.1" local-data: 'sub1.somedomain.country. IN TXT "f1=this is a TXT record; f2=second part of TXT record"' Please note that the outer quotes when adding a TXT record should be single quotes, since the TXT records itself is in double quotes.
«The author says we can add a TXT record on the local DNS resolver.» The author does not say that.
unbound is a recursive validating resolver. Its purpose is just to resolve names, by querying other nameservers. It has no data itself on names, just what it retrieves.
Adding a TXT record needs to happen on the authoritative nameservers for the zone, which by definition can not be unbound .
So you need to find out the nameservers for the zone where you want to add a TXT record for DKIM purposes, and change the zonefile there. Probably through some website or API offered by the provider currently managing your authoritative nameservers.