- Unbound DNS validating resolver 1.6.6.
is a caching DNS resolver.
It uses a built in list of authoritative nameservers for the root zone (.), the
so called root hints. On receiving a DNS query it will ask the root
nameservers for an answer and will in almost all cases receive a delegation to
a top level domain (TLD) authoritative nameserver. It will then ask that
nameserver for an answer. It will recursively continue until an answer is
found or no answer is available (NXDOMAIN). For performance and efficiency
reasons that answer is cached for a certain time (the answer's time-to-live or
TTL). A second query for the same name will then be answered from the cache.
Unbound can also do DNSSEC validation.
To use a locally running Unbound
for resolving put
If authoritative DNS is needed as well using nsd
(8), careful setup is
required because authoritative nameservers and resolvers are using the same
port number (53).
The available options are:
- Show the version and commandline option help.
- -c cfgfile
- Set the config file with settings for unbound to read
instead of reading the file at the default location,
/var/unbound/etc/unbound.conf. The syntax is described in
- Debug flag: do not fork into the background, but stay
attached to the console. This flag will also delay writing to the log file
until the thread-spawn time, so that most config and setup errors appear
on stderr. If given twice or more, logging does not switch to the log file
or to syslog, but the log messages are printed to stderr all the
- Don't use a pidfile. This argument should only be used by
supervision systems which can ensure that only one instance of unbound
will run concurrently.
- Increase verbosity. If given multiple times, more
information is logged. This is in addition to the verbosity (if any) from
the config file.
developers are mentioned in the CREDITS file in the