The document provides instructions for installing and configuring Unbound DNS resolver on Windows. It describes downloading and installing Unbound, editing configuration files, and setting the DNS server setting. It also discusses blocking domains using Unbound and converting host files to the correct format.
The document provides instructions for installing and configuring Unbound DNS resolver on Windows. It describes downloading and installing Unbound, editing configuration files, and setting the DNS server setting. It also discusses blocking domains using Unbound and converting host files to the correct format.
The document provides instructions for installing and configuring Unbound DNS resolver on Windows. It describes downloading and installing Unbound, editing configuration files, and setting the DNS server setting. It also discusses blocking domains using Unbound and converting host files to the correct format.
The document provides instructions for installing and configuring Unbound DNS resolver on Windows. It describes downloading and installing Unbound, editing configuration files, and setting the DNS server setting. It also discusses blocking domains using Unbound and converting host files to the correct format.
Download the latest version of unbound (currently 1.4.17) windows 32-bit installer from here http://unbound.net/download.html Unbound works pretty much out of the box. If you just want the default configuration ignore the following steps 2,3 and 4. During the install you have the option to install DNSSEC (DNS Security). Few servers are using this at present so there's no great benefit but it is something which will become more popular. 1. Install to the default folder -- c:\Program Files\Unbound 2. Rename the file service.conf to service.conf.orig 3. Copy the text service.conf found below, past to notepad and save as c:\Program Files\Unbound\service.conf 4. Copy the text root.hints found below, past to notepad and save as c:\Program Files\Unbound\root.hints 5. Change the DNS setting in the PC's Network Connection to Preferred DNS Server -- 127.0.0.1 6. Go to "services" find the service "Unbound DNS Validator". Right click on this service and select Stop. 7. Right click on the service and select Start. The service is restarted to make Unbound use the new "service.conf" file. 8. If the service does not start within a few seconds then the PC's firewall is blocking Unbound.exe and / or Unbound-anchor.exe outbound. 9. If running a software firewall on the PC, ensure unbound.exe, unbound-anchor.exe and anchoreupdate.exe have outbound permission. 10. That's it, fire up the browser and check the internet.
Text for the file service.conf
#
npr.me.uk
# File: service.conf server: directory: "c:\Program Files\Unbound" root-hints: "c:\Program Files\Unbound\root.hints" ## Following line is only required for DNSSEC auto-trust-anchor-file: "c:\Program Files\Unbound\root.key"
If your network is not in the IP range 192.168.0.1 to 192.168.255.255 then change "access-control: 192.168.0.0/16 allow " to suit. If you have not installed the option DNSSEC, then delete the line "auto-trust-anchor-file: "c:\Program Files\Unbound\root.key""
This is really easy to do with Unbound. It just requires two commands for each host or domain name you wish to block. eg: to block "badsite.com"; local-zone: "badsite.com" redirect local-data: "badsite.com A 127.0.0.1" These command can be place in the "service.conf" file. This is fine if it's only a hand full of hosts to block but can become difficult to manage if it's a long list of blocked hosts. The trick here is to create the block list in a file we'll call "filter.conf". We then use the command include: ["c:\Program Files\Unbound\filter.conf"] to include it in service.conf. The new service.conf file # # File: service.conf server:
npr.me.uk
directory: "c:\Program Files\Unbound"
root-hints: "root.hints" interface: 127.0.0.1 access-control: 192.168.0.0/16 allow access-control: 127.0.0.0/8 allow verbosity: 0 prefetch: yes do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 private-address: 192.168.0.0/16 private-address: 127.0.0.1/8 include: "c:\Program Files\Unbound\filter.conf" First Part of A typical "filter.conf" file # Ad server list for use with hosts files to block ads # # For more information about this list, see: http://pgl.yoyo.org/adservers/ # ---# last updated: Sun, 04 Mar 2012 10:37:18 GMT # entries: 2774 # format: hosts (hosts -- in hosts file format) # credits: Peter Lowe - pgl@yoyo.org - http://pgl.yoyo.org/ # this URL: http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts;showintro=0 # other formats: http://pgl.yoyo.org/adservers/formats.php # local-zone: "101com.com" redirect
local-data: "101com.com A 127.0.0.1"
local-zone: "101order.com" redirect local-data: "101order.com A 127.0.0.1" local-zone: "103bees.com" redirect local-data: "103bees.com A 127.0.0.1" local-zone: "1100i.com" redirect local-data: "1100i.com A 127.0.0.1" local-zone: "123banners.com" redirect local-data: "123banners.com A 127.0.0.1" local-zone: "123found.com" redirect local-data: "123found.com A 127.0.0.1"
That's it, it's easy to block hosts using Unbound, but first we need a list of bad sites! Fortunately there's plenty of such lists but are in the "hosts" file format and need to be converted to Unbound format. A hosts file list to block adverts: http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts;showintro=0 A huge hosts file lists of all sorts of bad sites: http://someonewhocares.org/hosts/ Some useful reading about hosts files. http://winhelp2002.mvps.org/hosts.htm -Utility to convert a standard hosts file list to the correct format for Unbound. makefilter.zip As always, use at your own risk. ReadMe Makefilter.zip -------------A utility to convert a standard hosts blocking file to Unbound DNS format.
Contents: --------1) makefilter.bat -- A batch file script. 2) sed.exe -- Stream editor. 3) sort.exe -- Sort a text file to alphabetical order. 4) uniq.exe -- Remove duplicate consecutive lines in a text file. 5) Readme.txt -- This file.
These files should work in all versions of windows.
Instructions: ------------1) Extract the above files from "makefilter.zip" to a folder of your choice. 2) Download a hosts blocking file. Or copy a hosts blocking file from the web and past to notepad.exe. 3) Rename the downloaded file to "hosts.txt" 4) Copy the file to the same folder as this "makefilter" utility. 5) Double click on makefilter.bat 6) The script works very quick, within a second or so the file "filter.conf" should appear in the folder. 7) THe file filter.conf can be viewed in notepad if wished. 8) Copy and past "filter.conf" to the folder where Unbound resides. 9) Ensure [include: "c:\Program Files\Unbound\filter.conf"] has been added to service.conf. 10) For Unbound DNS to start using this block list we need to stop and restart the sevice "Unbound DNS Validator": a) Go to "services" find the service "Unbound DNS Validator". Right click on this service and select Stop. b) Right click on the service and select Start. c) If the service fails to start then there's a error in "filter.conf". In this case remove the "include" command and try again. If the service now starts, "filter.conf" needs to be investigated for errors.
npr.me.uk
Change DNS Settings for Windows
Manually change DNS settings Use a batch file to switch DNS settings in seconds. List of freely available DNS servers and batch file downloads.
Install a personal DNS caching resolver
DNS resolvers available for windows and where to download.
Install Bind for Windows Install Bind as a local caching DNS resolver. DNS extras Create your own root.hints file. How to block adverts using Bind9. DNS benchmark.
Raspberry Pi DNS Server
Install your networks DNS resolver on a Raspberry Pi.
