angristan / local-dns-resolver

Script to install a local Unbound DNS resolver on your Linux machine with DNSSEC support
MIT License
78 stars 42 forks source link
arch-linux centos debian dns dns-resolver dnssec fedora linux ubuntu unbound

Local DNS resolver installer for Linux

This script will install a local Unbound DNS resolver with DNSSEC support on your GNU/Linux computer/server, that will directly communicate with the root servers. This ensures speed, neutrality and no dependance on any third-party server (like your ISP's).

The resolver is "local" because Unbound will only listen on localhost and accept requests from localhost.

Support

The script is designed to work on the following OS:

Be sure to uninstall BIND or any other DNS services on your machine before running the script, otherwise Ubound won't be able to start.

Usage

First, download the script and make it executable:

wget https://raw.githubusercontent.com/Angristan/Local-DNS-resolver/master/unbound-install.sh
chmod +x unbound-install.sh

Then run it as root:

sudo ./unbound-install.sh

Enjoy!

Change DNS resolver

Later, if you want to edit /etc/resolv.conf, run this command to allow modifications :

chattr -i /etc/resolv.conf (+i to disallow again)

Check DNSSEC

DNSSEC should be enabled. To check if Unbound verifies DNSSEC signatures, run:

dig www.dnssec-failed.org | grep status

Which should return status: SERVFAIL as the signature for this domain is broken.

Check for DNS leaks

Go to dnsleaktest.com or ipleak.net with your browser. Only your IP should show up, or the one from your VPN provider.