Server env: Ubuntu 18.04 x64, Vultr
Installation
// Install unbound dns
apt install unbound
// Edit /etc/unbound/unbound.conf
server:
val-permissive-mode: yes
access-control: 0.0.0.0/0 allow
access-control: ::/64 allow
interface: 0.0.0.0
interface: ::
do-udp:yes
do-tcp:yes
do-ip4:yes
do-ip6:yes
cache-max-ttl: 300
cache-min-ttl: 2
hide-identity: yes
hide-version: yes
minimal-responses:yes
prefetch: yes
qname-minimisation: yes
rrset-roundrobin: yes
use-caps-for-id: yes
verbosity: 1
do-not-query-localhost: no #must be no
root-hints: opennic.hints
// Save unbound.confGet latest Opennic hints
// Dig latest version of hints
dig . NS @75.127.96.89 > /etc/unbound/opennic.hints
// Add into cronjob
// Open crontab
crontab -e
// Paste into the last line
0 0 5 * * /usr/bin/dig . NS @75.127.96.89 > /etc/unbound/opennic.hints
Verification
Go: http://report.opennicproject.org/t2log/t2.php
Paste in your server IPv4/6
References:
1. https://famicoman.com/2017/10/14/bypass-your-isps-dns-run-a-private-opennic-server-2600-article/
2. https://calomel.org/unbound_dns.html
3. https://github.com/ibksturm/dnscrypt-switzerland
4. https://github.com/publicarray/dns-resolver-infra
5. https://security.stackexchange.com/questions/111454/how-to-acquire-dnssec-root-trust-anchor-from-iana/117027
6. https://www.icann.org/dns-resolvers-updating-latest-trust-anchor