MT6 DNS
(Redirected from MT6 Dns)
Jump to navigation
Jump to search
Deprecated
This content has (mostly) moved to GitHub.
Email servers are dependent on DNS. Every SMTP connection will generate several DNS queries (DNSBLs, SPF, DMARC, DKIM, URIBL, ASN, etc..). Having the answers cached locally will yield the fastest possible answers.
Unbound supports IPv6, DNSSEC, and is easily customizable via the well documented unbound.conf config file. In FreeBSD 10, unbound has replaced BIND as the default DNS resolver. Install unbound from ports because:
- more frequently updates
- disable threading (see notes below)
- enable the munin plugin
Enter DNS jail
jailmanage dns
The jailmanage script mounts the /usr/ports from the host system and enters the jail:
Install unbound
pkg install -y unbound
configure unbound startup
/usr/local/sbin/unbound-control-setup cd /usr/local/etc/unbound; cp unbound.conf.sample unbound.conf sed -i .bak -e 's/# access-control: 127./access-control: 127./' unbound.conf sed -i .bak -e 's/# control-enable: no/control-enable: yes/' unbound.conf sed -i .bak -e 's/# control-interface: 127./control-interface: 127./' unbound.conf grep unbound_enable /etc/rc.conf || echo 'unbound_enable="YES"' >> /etc/rc.conf service unbound start echo '127.0.0.2' > /etc/resolv.conf
set up internal DNS
Add entries to the local-data area within /usr/local/etc/unbound/unbound.conf
local-data: "2.0.0.127.in-addr.arpa PTR base"
local-data: "3.0.0.127.in-addr.arpa PTR dns"
local-data: "4.0.0.127.in-addr.arpa PTR mysql"
local-data: "5.0.0.127.in-addr.arpa PTR clamav"
local-data: "6.0.0.127.in-addr.arpa PTR spamassassin"
local-data: "7.0.0.127.in-addr.arpa PTR dspam"
local-data: "8.0.0.127.in-addr.arpa PTR vpopmail"
local-data: "9.0.0.127.in-addr.arpa PTR smtp"
local-data: "10.0.0.127.in-addr.arpa PTR webmail"
local-data: "11.0.0.127.in-addr.arpa PTR monitor"
local-data: "12.0.0.127.in-addr.arpa PTR haproxy"
local-data: "13.0.0.127.in-addr.arpa PTR rspamd"
local-data: "14.0.0.127.in-addr.arpa PTR avg"
local-data: "base A 127.0.0.2"
local-data: "dns A 127.0.0.3"
local-data: "mysql A 127.0.0.4"
local-data: "clamav A 127.0.0.5"
local-data: "spamassassin A 127.0.0.6"
local-data: "dspam A 127.0.0.7"
local-data: "vpopmail A 127.0.0.8"
local-data: "smtp A 127.0.0.9"
local-data: "webmail A 127.0.0.10"
local-data: "monitor A 127.0.0.11"
local-data: "haproxy A 127.0.0.12"
local-data: "rspamd A 127.0.0.13"
local-data: "avg A 127.0.0.14"
update all jails to use local DNS cache
service unbound restart exit echo 'nameserver 127.0.0.3' | tee /jails/*/etc/resolv.conf