Lots of people have a small home network. Usually you have a combo box which acts as a router/firewall/file server. Then you have a couple of other machines hooked up, and you share the Internet using NAT. A private DNS server is helpful in this kind of scenario for two reasons:
- Recursive resolver cache can speed up common DNS lookups.
- Private authoritative resolver lets you easily refer to machine in your home by name, instead of remembering IP addresses.
[/caption]
While djbdns might be one of the better-known BIND alternatives, I recently came across Unbound, a BSD licensed recursive resolver. One of the authors of Unbound is also an OpenBSD developer, which inspires confidence in the security of the software.
Unbound also does simple authoritative resolution
One of the nifty features of Unbound is that you can very simply configure it to act as an authority for your private domains. Due to this feature, you can have a single daemon on your home network router acting as both a cache and server for your local domain. This is very nice. In fact, I have found the Unbound configuration format to be considerably nicer to deal with than that of BIND.
Setup under OpenBSD
This describes how I set up Unbound on my OpenBSD machine - it should be a pretty similar procedure on most other operating systems.
# install the package
$ sudo pkg_add -i unbound
Now you have the binaries on disk, you can edit the configuration to set up your private domain. Unbound runs as a recursive resolver out of the box, so this is just about all the configuration you'll need to do.
# edit the config
$ sudo vi /var/unbound/etc/unbound.conf
For a single machine, add the following under 'server', replacing 'inet' with the desired name of your local domain, and 'joust' with the name of your machine:
local-zone: "inet." static
local-data: "joust.inet. IN A 192.168.1.1"
Since you want the DNS server to be accessible from other machines, you probably want it to listen on 0.0.0.0 (all available interfaces). Make sure you have some kind of firewall in place before you do this, though - you don't want to let random Internet hosts query your DNS server:
interface: 0.0.0.0
# Make sure you have a packet filter to block queries from the Internet.
# Alternatively, set this only for your local network.
access-control: 0.0.0.0/0 allow
Now you can start up Unbound:
$ sudo /usr/local/sbin/unbound
And of course you probably want it to come up on boot, so follow these instructions:
$ pkg_info -D unbound
Information for inst:unbound-1.2.1p0
Install notice:
You should add:
syslogd_flags="${syslogd_flags} -a /var/unbound/dev/log"
to /etc/rc.conf.local to create a syslog socket in the unbound chroot.
You may also want to add the following to /etc/rc.local to start unbound
at boot:
if [ -x /usr/local/sbin/unbound ]; then
echo -n ' unbound'; /usr/local/sbin/unbound
fi
Niall O'Higgins is an author and software developer. He wrote the O'Reilly book MongoDB and Python. He also develops Strider Open Source Continuous Deployment and offers full-stack consulting services at FrozenRidge.co.
Anyway I learned to do a basic track stand - that is standing, with one or two hands on the handlebars, a couple of months ago. My friend 
