HOAB

History of a bug

Fast browsing and DNS

Rédigé par gorki Aucun commentaire

Problem :

I was surfing on some sites blocked by my DNS provider (no, not yggtorrent. Absolutely not).

So Firefox provide DNS over HTTP with NextDNS, sometimes slower than my provider DNS but well, not so bad.

Then for some reason, I tried to host a local DNS resolver. Well, it WAS slow.

Solution :

Unbound is DNS resolver :

  • easy to install
  • cache request locally, so save a few ms for a lot of requests !
  • and support DNS over https, etc…

Setup is quite simple thanks to internet knowledge :

Installation :
(https://memo-linux.com/debian-installer-le-serveur-dns-unbound/

apt install unbound
cd /var/lib/unbound/ 
wget ftp://ftp.internic.net/domain/named.cache
mv named.cache root.hints && chown unbound:unbound root.hints
mv /etc/unbound/ 
unbound.conf.d/root-auto-trust-anchor-file.conf root-auto-trust-anchor-file.conf.original
mkdir /var/log/unbound
chown unbound: /var/log/unbound
# modify apparmor (see at the end)
systemctl restart unbound

My configuration file :

server:
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: yes
verbosity: 3
interface: 127.0.0.1
port: 53
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
access-control: 127.0.0.0/8 allow ## j'autorise mon serveur
access-control: 0.0.0.0/0 refuse ## j'interdis tout le reste de         l'Internet !
auto-trust-anchor-file: "/var/lib/unbound/root.key"
root-hints: "/var/lib/unbound/root.hints"
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes
cache-min-ttl: 3600
cache-max-ttl: 86400
prefetch: yes
num-threads: 6
msg-cache-slabs: 16
rrset-cache-slabs: 16
infra-cache-slabs: 16
key-cache-slabs: 16
rrset-cache-size: 256m
msg-cache-size: 128m
so-rcvbuf: 1m
unwanted-reply-threshold: 10000
do-not-query-localhost: yes
val-clean-additional: yes
#use-syslog: yes
#val-log-level:2 (0: default, nothing, 2: full)
logfile: /var/log/unbound/unbound.log
harden-dnssec-stripped: yes
cache-min-ttl: 3600
cache-max-ttl: 86400
prefetch: yes
prefetch-key: yes

And an additional apparmor configuration to be able to write in a dedicated file :
(https://b4d.sablun.org/blog/2018-09-27-when-unbound-wont-write-logs/)

vim /etc/apparmor.d/local/usr.sbin.unbound

# Site-specific additions and overrides for usr.sbin.unbound.
# For more details, please see /etc/apparmor.d/local/README.
/var/log/unbound/unbound.log rw,

 

Lire la suite de Fast browsing and DNS

Fil RSS des articles