DNS concept, Domain Name System. Decentralized naming system for computers, devices, services, or other resources. Vector illustration in flat style, isolated on white.
Image: Tatyana/Adobe Stock

Unbound is a free and open-source recursive and validating DNS caching server, which uses DNS-over-TLS and DNS-over-HTTPS to encrypt connections. Unbound is much faster than Bind9 and can help to reduce the loading time of web pages and other calls that require DNS resolution. Unbound also supports DNSSEC validation, so it can serve as a trust anchor on your network.

I want to show you how to install Unbound on Ubuntu 22.04. This can be installed on either Ubuntu Server or Desktop and you’ll gain significant DNS resolving speed over the default.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

What you’ll need

The only things you’ll need for this are a running instance of Ubuntu – though it can also be installed on RHEL-based distributions – and a user with sudo privileges. That’s it: Let’s get that DNS resolving speed up.

How to install Unbound

Fortunately, Unbound is found in the default repositories, so to install it log into your Ubuntu machine and issue the command:

sudo apt-get install unbound -y

If you’re working on an RHEL-based distribution, that installation would be:

sudo dnf install unbound -y

How to configure Unbound

Once Unbound is installed, we need to create a new configuration file. Create that file with the command:

nano /etc/unbound/unbound.conf.d/myunbound.conf

In that file, paste the following:

port: 53
verbosity: 0
num-threads: 2
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 32m
rrset-cache-size: 64m
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
access-control: allow
access-control: allow
username: unbound
directory: "/etc/unbound"
logfile: "/var/log/unbound.log"
use-syslog: no
hide-version: yes
so-rcvbuf: 4m
so-sndbuf: 4m
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
control-enable: yes
control-port: 953

You can edit the above configuration, but know that it should work as-is. Save and close the file.

Next, we need to create a log file for Unbound with the command:

sudo touch /var/log/unbound.log

Give the log file the proper permissions with:

sudo chown unbound:unbound /var/log/unbound.log

Finally, start the Unbound service with:

sudo systemctl enable --now unbound

How to test Unbound

Immediately after starting the service, issue the command:

dig google.com @localhost

You should see output similar to this:

; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> google.com @localhost

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56042

;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1


; EDNS: version: 0, flags:; udp: 1232


;google.com.   IN    A


google.com.   300    IN    A

google.com.   300    IN    A

google.com.   300    IN    A

google.com.   300    IN    A

google.com.   300    IN    A

google.com.   300    IN    A

;; Query time: 108 msec


;; WHEN: Thu Jun 16 13:30:12 UTC 2022

;; MSG SIZE  rcvd: 135

Notice the Query time of 108 msec. That’s pretty fast. However, let’s run the command again:

dig google.com @localhost

Your query time should be considerably less. I received a query time of 4 msec on the second attempt and zero on the third.

Congratulations, your DNS queries are now faster thanks to the open-source Unbound DNS resolver. You could even use that server as your LAN-based DNS server should you choose.

Interested in Ubuntu? Check out The Mastering Linux Development Bundle from TechRepublic Academy.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.