running unbound at home

I finally got around the setting up unbound as my home resolver. I should have done this months ago, when it was in beta or before, since I had access to it. I kick myself. I feel bad. Oh well, let’s get on with it. My initial impressions:

1. It will be nice once there are distribution packages for unbound. I spent more time that I would like (which is zero) figuring out where to put the log file, pid file, etc. Of course, I was installing it on a machine running Fedora Core 5…
2. I was forwarding a zone to a nameserver running on localhost:20053. There is a gotcha to doing this, as, by default unbound won’t send any queries to localhost. You have to add a ‘do-not-query-localhost: no’ config line to fix it. Maybe this is something unbound-checkconf could detect?
3. unbound’s configuration defaults leave it locked down fairly tightly. I had it running, but on my other machines, it seemed so slow – turns out, my queries were timing out and I was hitting my ISP nameserver. Make sure you add your networks to the ‘access-control:’ config parameters.
4. I turned up the logging to debug some of my issues. Looking at the log was uncanny.

Anyway, it didn’t take all that long to set up. Hopefully relatively soon I (or someone else) will write up how to configure unbound to run in a few different scenarios.