Installing and configuring authoritative, recursive, and DNSSEC DNS server with Unbound

Discussion in 'Tomato Firmware' started by rgnldo, Jul 12, 2018.

  1. rgnldo

    rgnldo Networkin' Nut Member

    How to start unbound from Entware (I assume default prefix /opt is used). I still forward queries from dnsmasq (well it is a query forwarder) to unbound, listening to port 40. Credits in this small tip: @AndreDVJ @rgnldo @lancethepants @koitsu @jerrm

    1) install unbound
    2) install unbound-anchor
    3) run unbound-anchor
    4) create /opt/var/lib/unbound directory
    5) copy root.key to unbound directory
    6) change directory ownership to nobody, in case you want to drop daemon privileges from root to nobody
    7) edit /opt/etc/unbound/unbound.conf - In this case I wanted DNSSEC enabled that's why I copied root key, etc. Tweak as you see fit, I don't use unbound as dnsmasq does everything I need.
    8) start unbound daemon
    9) Edit dnsmasq custom configuration in GUI and save it:
    For DNSSEC to work, the following script helps solve a chicken/egg scenario with helping the router to set the time. This make use of the hostip binary.
    I've called it '' and have placed it in /jffs.

    Must be added in Tomato, AdvancedTomato or FreshTomato GUI: Administration -> Scripts -> Wan Up

    AdBloking on Unbound:

    Create a scheduler in the Tomato GUI, AdvancedTomato, FreshTomato:
    Configure the unbound.conf file in the directory:
    local-zone: " " transparent ---> Domain settings whitelist

    NOTE: Implementing Adblock on Unbound requires sufficient RAM. It is advisable to configure swap memory.

    Any problems with time synchronization with ENTWARE, there is this solution:

    Recommended articles in this forum:
    nodnarb91 and Onee-chan like this.
  2. Onee-chan

    Onee-chan Network Newbie Member

    Thank you!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice