Installation of a local DNS resolver

Requirements:

DNS or “Domain Name System” allows the translation between a domain name (for example: Online.net) and an IP address (for example: 62.210.16.2).

Indeed, it is much more easy for us to remember Online.net instead of 62.210.16.2.

On the other hand our computers / servers doesn't know what to do with Online.net.
Therefore it requires a system to transform a domain name to an IP address, here 62.210.16.6, to access the requested website.

In this tutorial we will have a look on the installation of Unbound, a software to resolve domains.
Installed on your server, it will you allow to resolve domains.

Online.net provides two DNS resolvers in the network: 62.210.16.6 & 62.210.16.74.
However, it is recommended to use your own resolver.

Installation & Configuration of Unbound

On Debian 8 & Ubuntu 16.04

We start by installing the software:

sudo apt-get install unbound

Once installed, the softwarez will work directly.

If you have configured your network statically, you need to edit the file /etc/resolv.conf as following:

nameserver 127.0.0.1
nameserver 62.210.16.6
nameserver 62.210.16.7

This allows to use the local server (127.0.0.1) to be used in priority and keeps the resolvers of Online.net in case of need.

If your public interface is configured by DHCP, you have to edit the file /etc/dhcp/dhclient.conf and add/uncomment the following line:

prepend domain-name-servers 127.0.0.1;

In this case you specify the DNS server directly in the DHCP configuration, as they are usually provided by the DHCP auto-contifguration and normally only the resolvers of Online.net will be configured.

On CentOS 7

We start by installing the software:

sudo yum install unbound

Now we have to edit the file /etc/unbound/unbound.conf and add/uncomment the following line:

do-not-query-localhost: no

This will allow us to make requests at localhost.

Once the line is added / edited, restart the service: service unbound restart

Now you have to edit the file /etc/sysconfig/network-scripts/ifcfg-eth0 by adding the following lines:

DNS1=127.0.0.1
DNS2=62.210.16.6
DNS3=62.210.16.7

Finally, restart the network: systemctl restart network.service

Once all this is done, you will use the local resolver by default and the Online.net resolver in case of need.

Testing the resolver

Once everything has been configured, you can verify if your resolver is working fine with the dig command:

dig google.fr

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> google.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59447
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.fr.			IN	A

;; ANSWER SECTION:
google.fr.		300	IN	A	216.58.211.99

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: ven. juil. 15 14:27:27 CEST 2016
;; MSG SIZE  rcvd: 54

We can see the following line: ;; SERVER: 127.0.0.1#53(127.0.0.1) This shows us, that our local server was queued and that it has responded.