Freebsd Setup Unbound DNS with Redis Cachedb Module

Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation recursive, caching DNS resolver and stub-resolvers. DNS cache servers are used to resolve every DNS request they receive. Unbound stores the query in cacheDB. If a client computer requests the query, the request will be sent from the 'unbound' DNS cache, this can be done in milliseconds compared to the first time it is completed.

In carrying out its duties as a caching DNS resolver Unbound can use 2 backends: the default is a in-memory backend (named 'testframe' so not really useful) and redis. Unbound can connect to Redis CacheDB using the TCP port.

If you want a speed and privacy increase while well, being on the internet, setting up Unbound a local DNS server is an important first step. In this article we will configure DNS Unbound as a caching DNS resolver with Redis cacheDB as the Backend.

1. System specifications
OS: FreeBSD 13.2 Stable
Hostname and Domain:
IP Private:
Unbound version: unbound-1.18.0_1
Redis version: redis 7.2.3
Port Redis: 6379
Password Redis: gunungrinjani
IP Redis:

2. Redis Installation

As a first step in starting this lesson, make sure your FreeBSD computer has the Redis server installed. If not, you can read our previous article.

To start installing Redis as cacheDB from the Unbound DNS server, follow the guide below to install Redis.
root@ns6:~ # pkg install tcl86 mastodon openvas gitlab-ce resource-agents
The process above is to install the Redis CacheDB library for DNS Unbound. Continue by installing Redis. Use the FreeBSD ports system so that all these libraries can be installed perfectly.
root@ns6:~ # cd /usr/ports/databases/redis
root@ns6:/usr/ports/databases/redis # make install clean

3. Unbound Configuration

Before we continue, make sure Redis is completely installed on the FreBSD server. By default the redis module is not active, to activate the redis module on unbound DNS use the "make config" command. Below is an example of activating the Redis module during DNS Unbound installation
root@ns6:~ # cd /usr/ports/dns/unbound
root@ns6:/usr/ports/dns/unbound # make deinstall
root@ns6:/usr/ports/dns/unbound # make config

root@ns6:/usr/ports/dns/unbound # make reinstall

4. Enable the CacheDB module

The cachedb, clause gives custom settings of the cache DB module:

backend: Specify the backend database name.  The default database is  the backend  named "redis".
redis-server-host: The IP (either v6 or v4) address or domain name of the Redis server.
redis-server-port: The TCP port number of the Redis server. This option defaults to 6379.
redis-server-password: Password from Redis.
redis-timeout: The period until when Unbound waits for a response from the Redis sever. 
redis-expire-records: If Redis record expiration is enabled, If  yes, unbound  sets timeout for Redis records so that Redis can evict keys that have expired  automatically.

After the Redis module is active, configure the file "/usr/local/etc/unbound/unbound.conf" and type the script below in that file.

module-config: "validator cachedb iterator"

backend: "redis"
redis-server-port: 6379
redis-server-password: "gunungrinjani"
redis-timeout: 100
redis-expire-records: no

Restart Unbound and Redis.
root@ns6:~ # service redis restart
Stopping redis.
Waiting for PIDS: 876.
Starting redis.
root@ns6:~ # service unbound restart
Stopping unbound.
Waiting for PIDS: 2418.
Obtaining a trust anchor...
Starting unbound.

We have proven the effectiveness of Redis for DNS resolver caching. Redis can speed up the process of storing queries and query requests from client computers. Use Redis and Unbound to improve the performance of your Unbound DNS server.
Iwan Setiawan

I Like Adventure: Mahameru Mount, Rinjani Mount I Like Writer FreeBSD

Post a Comment

Previous Post Next Post