https://github.com/angristan/local-dns-resolver
Script to install a local Unbound DNS resolver on your Linux machine with DNSSEC support
https://github.com/angristan/local-dns-resolver
arch-linux centos debian dns dns-resolver dnssec fedora linux ubuntu unbound
Last synced: about 1 month ago
JSON representation
Script to install a local Unbound DNS resolver on your Linux machine with DNSSEC support
- Host: GitHub
- URL: https://github.com/angristan/local-dns-resolver
- Owner: angristan
- License: mit
- Archived: true
- Created: 2015-07-03T09:26:08.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2019-07-01T13:09:37.000Z (almost 6 years ago)
- Last Synced: 2025-03-24T19:55:43.444Z (about 1 month ago)
- Topics: arch-linux, centos, debian, dns, dns-resolver, dnssec, fedora, linux, ubuntu, unbound
- Language: Shell
- Homepage:
- Size: 81.1 KB
- Stars: 78
- Watchers: 7
- Forks: 41
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# Local DNS resolver installer for Linux
This script will install a local **Unbound** DNS resolver with **DNSSEC** support on your GNU/Linux computer/server, that will directly communicate with the root servers. This ensures speed, neutrality and no dependance on any third-party server (like your ISP's).
The resolver is "local" because Unbound will only listen on localhost and accept requests from localhost.
## Support
The script is designed to work on the following OS:
* Debian 8+
* Ubuntu 14+
* CentOS 7
* Fedora 25+
* Arch Linux
Be sure to uninstall BIND or any other DNS services on your machine before running the script, otherwise Ubound won't be able to start.
## Usage
First, download the script and make it executable:
```
wget https://raw.githubusercontent.com/Angristan/Local-DNS-resolver/master/unbound-install.sh
chmod +x unbound-install.sh
```
Then run it as root:
```
sudo ./unbound-install.sh
```
Enjoy!
## Change DNS resolver
Later, if you want to edit `/etc/resolv.conf`, run this command to allow modifications :
`chattr -i /etc/resolv.conf` (`+i` to disallow again)
## Check DNSSEC
DNSSEC should be enabled. To check if Unbound verifies DNSSEC signatures, run:
```
dig www.dnssec-failed.org | grep status
```
Which should return `status: SERVFAIL` as the signature for this domain is broken.
## Check for DNS leaks
Go to [dnsleaktest.com](https://dnsleaktest.com/) or [ipleak.net](https://ipleak.net/) with your browser. Only your IP should show up, or the one from your VPN provider.