Skip to content

Script to install a local Unbound DNS resolver on your Linux machine with DNSSEC support

License

Notifications You must be signed in to change notification settings

bumansu/local-dns-resolver

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 

Repository files navigation

Local DNS resolver installer for Linux

This script will install a local Unbound DNS resolver with DNSSEC support on your GNU/Linux computer/server, that will directly communicate with the root servers. This ensures speed, neutrality and no dependance on any third-party server (like your ISP's).

The resolver is "local" because Unbound will only listen on localhost and accept requests from localhost.

Support

The script is designed to work on the following OS:

  • Debian 8+
  • Ubuntu 14+
  • CentOS 7
  • Fedora 25+
  • Arch Linux

Be sure to uninstall BIND or any other DNS services on your machine before running the script, otherwise Ubound won't be able to start.

Usage

First, download the script and make it executable:

wget https://raw.githubusercontent.com/Angristan/Local-DNS-resolver/master/unbound-install.sh
chmod +x unbound-install.sh

Then run it as root:

sudo ./unbound-install.sh

Enjoy!

Change DNS resolver

Later, if you want to edit /etc/resolv.conf, run this command to allow modifications :

chattr -i /etc/resolv.conf (+i to disallow again)

Check DNSSEC

DNSSEC should be enabled. To check if Unbound verifies DNSSEC signatures, run:

dig www.dnssec-failed.org | grep status

Which should return status: SERVFAIL as the signature for this domain is broken.

Check for DNS leaks

Go to dnsleaktest.com or ipleak.net with your browser. Only your IP should show up, or the one from your VPN provider.

About

Script to install a local Unbound DNS resolver on your Linux machine with DNSSEC support

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%