Update README.md

sohag1192 · web-flow · commit fbf3499f0415 · 2024-12-21T19:54:21.000+06:00
diff --git a/README.md b/README.md
@@ -1,77 +1,163 @@
-How to Setup DNS Server with BIND on Ubuntu 22.04
+ # How to Set Up a Local DNS Resolver with Unbound on Debian & Ubuntu
 
-Show ip
-==================
-ip a
-
-Set hostname
-======================
-nano /etc/hostname
-nano /etc/hosts
+Install Required Package Updates
+====================================
+    sudo apt update
 
-Install Required package
+Install Required Package
 ====================================
-apt install -y bind9*
+    sudo apt install unbound
+
+
+### Once Unbound is installed, run the below systemctl command to verify the Unbound service and ensure that the service is enabled and running.
+     sudo systemctl is-enabled unbound
+     sudo systemctl status unbound
+
+# Configuring Unbound DNS Server ( Adding the Config File )
+
+    sudo nano /etc/unbound/unbound.conf
+
+
+
+Copy This Text And This and editing the ip address 
+
+    # Unbound configuration file for Debian.
+    #
+    # See the unbound.conf(5) man page.
+    #
+    # See /usr/share/doc/unbound/examples/unbound.conf for a commented
+    # reference config file.
+    #
+    # The following line includes additional configuration files from the
+    # /etc/unbound/unbound.conf.d directory.
+    include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
+  
+    #Adding DNS-Over-TLS support
+
+    server:
+    use-syslog: yes
+    username: "unbound"
+    directory: "/etc/unbound"
+    tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+    
+    do-ip6: no
+    interface: 100.100.100.37
+    port: 53
+    prefetch: yes
+
+    root-hints: /usr/share/dns/root.hints
+    harden-dnssec-stripped: yes
+
+    cache-max-ttl: 14400
+    cache-min-ttl: 1200
+
+    aggressive-nsec: yes
+    hide-identity: yes
+    hide-version: yes
+    use-caps-for-id: yes
+
+ 
+    #control which clients are allowed to make (recursive) queries
+	   #access-control: 0.0.0.0/0 refuse
+   	#access-control: 0.0.0.0/0 allow
+   	access-control: 10.0.0.0/8 allow
+   	access-control: 50.50.50.0/24 allow
+   	access-control: 192.168.0.0/16 allow
+   	access-control: 172.16.0.0/12 allow
+   	access-control: 103.135.132.0/23 allow
+
+    # local zone
+    local-zone: "sohag.lan." static
+    local-data: "ns.sohag.lan.  IN A 100.100.100.37"
+    local-data-ptr: "100.100.100.37  ns.sohag.lan"
+
+    num-threads: 4
+    msg-cache-slabs: 8
+    rrset-cache-slabs: 8
+    infra-cache-slabs: 8
+    key-cache-slabs: 8
+    rrset-cache-size: 256m
+    msg-cache-size: 128m
+    so-rcvbuf: 8m
+
+    
+
+    forward-zone:
+    name: "."
+    forward-ssl-upstream: yes
+    ## Also add IBM IPv6 Quad9 over TLS
+    forward-addr: 9.9.9.9@853#dns.quad9.net
+    forward-addr: 149.112.112.112@853#dns.quad9.net
+    
+     # Google
+     forward-addr: 8.8.8.8@853
+     forward-addr: 4.4.4.4@853
+
+
+## Next, run the systemctl command below to restart the Unbound service and apply the changes.
+
+    sudo systemctl restart unbound
+  
+
+
+# Unbound Log via Rsyslog and Logrotate
+
+  Create a new Rsyslog config file '/etc/rsyslog.d/unbound.conf' using the below nano editor command.
+  
+      sudo nano /etc/rsyslog.d/unbound.conf
+      
+Add the following lines to the file. With this, Unbound logs will be stored at '/var/log/unbound.log'.
+
+     # Log messages generated by unbound application 
+     if $programname == 'unbound' then /var/log/unbound.log
+     # stop processing it further
+     & stop
+
+Save the file and exit the editor when finished.
+
+----
+
+Now run the below systemctl command utility to restart the 'rsyslog' service and apply the changes.
+
+         sudo systemctl restart rsyslog 
+         
+
+Next, you will set up log rotation for the Unbound log file '/var/log/unbound.log'. And you can achieve this via the logrotate service.
+
+-----
+
+Create a new logrotate config file '/etc/logrotate.d/unbound' using the below nano editor command.
+
+    sudo nano /etc/logrotate.d/unbound
+
+
+Add the following lines to the file. This will create log rotation for the Unbound log file '/var/log/unbound.log' on a daily basis.
+
+      /var/log/unbound.log {
+      daily
+      rotate 7
+      missingok
+      create 0640 root adm
+      postrotate
+      /usr/lib/rsyslog/rsyslog-rotate
+      endscript
+     }
+
+     
+Save the file and exit the editor when finished.
+
+------
+
+Now run the below systemctl command utility to restart the logrotate service and apply the changes.
+
+     sudo systemctl restart logrotate
+
+
+With this, you've now successfully installed and configured Unbound DNS server and configured logging via Rsyslog and Logrotate. Unbound logs will be saved to the file '/var/unbound/unbound.log'.
 
-Change directory
-==========================
-cd /etc/bind/
 
-Setting up bind9
-=============================
-nano named.conf.options
 
-forwarders { 
- 8.8.8.8;
- 1.1.1.1;
- };
  
-listen-on { any; };
-allow-query { any; };
-allow-query-cache { any; };
-
-Configure zone
-========================
-nano named.conf.local
-
-zone "ripon.com" IN {
-type master;
-file "/etc/bind/forward.zone";
-};
-
-zone "50.20.172.in-addr.arpa" IN {
-type master;
-file "/etc/bind/reverse.zone";
-allow-query { any; };
-};
-
-Forward zone configuration
-========================================
-cp db.local forward.zone
-nano forward.zone
-
-Reverse zone configuration
-========================================
-cp forward.zone reverse.zone
-nano reverse.zone
-
-Check zones
-=====================
-named-checkzone forward.zone /etc/bind/forward.zone
-named-checkzone reverse.zone /etc/bind/reverse.zone
-
-Set permission
-========================
-chown bind:bind /etc/bind/
-
-Restart the services
-==================================
-systemctl restart bind9
-
-Show services status
-=================================
-systemctl status bind9
-
-Start services at boot
-===================================
-systemctl enable bind9
+
+
+    
