Manual for Unbound on Windows

W.C.A. Wijngaards, NLnet Labs, March 2009

ntroduction
!his "anual ai"s to #ro$ide infor"ation about the Unbound
ser$er on the Windows #latfor". ncluded is installation,
uninstallation and so"e infor"ation on configuration s#ecific for
Windows. %ull details of o#erating a &N' resol$er are not #art of
this docu"ent, and can better be docu"ented in a #latfor" inde#endent
docu"ent.
What is Unbound and what is &N''(C
Unbound is a &N' resol$er. t su##orts $alidation, caching,
and &N''(C. t su##orts N'(C and N'(C), #$* and #$+.
Unbound is written for Uni, -#osi,. "achines, and runs on
%ree/'&, 0#en/'&, Net/'& and Linu, -%edora, &ebian,
Ubuntu, ..... !his docu"ent is about the Windows $ersion.
!he ser$ice that unbound #ro$ides is that it #erfor"s &N' loo1u#s, and can
#erfor" &N''(C $alidation on the result. f the result is bad, it is not
returned to the client -who sees a te"#orar2 error in na"e resolution..
A##lications that su##ort &N''(C can as1 to see the $erification result.
&N''(C is a standard for securing the infor"ation in the &N'. 3our $alidator
needs to ha$e #ublic 1e2s to chec1 the signatures on the data. &N''(C is
e,#lained "ore full2 on htt#455www.dnssec.net #ages.
!he unbound #ac1age for windows #ro$ides &N''(C $alidation 6 the client
that $erifies the signatures #ublished b2 authoritati$e &N' ser$ers on the
internet.
nstallation
&ownload the installer fro" the htt#455unbound.net website. 7un the installer.
0n Windows 8ista 2ou ha$e to #ro$ide ad"inistrator #er"ission.
3ou are greeted with4
9
%irst the license is #resented. !his is the /'& license used b2 the source code.
2
!hen choose which co"#onents to install. !he "ain co"#onent cannot be
unselected. !he &L8 o#tion downloads the #ublic 1e2 for dl$.isc.org so that it
can be used to #ro$ide #ublic 1e2s for &N''(C $alidation. f 2ou do not chec1
this o#tion 2ou ha$e to add 2our own 1e2s for &N''(C $alidation to occur.
Without #ublic 1e2s unbound #erfor"s regular non:secured &N' loo1u#s.
Choose the director2 to install into, the default is C4;<rogra" %iles;Unbound
)
Choose if 2ou want shortcuts in the 'tart Menu. 'ee a later section of this
"anual for a descri#tion of the shortcuts installed.
*
!he installation is #erfor"ed. f the &L8 1e2 cannot be downloaded, the
installation is aborted, 2ou can hit Cancel to e,it and atte"#t to install again
once the networ1 is wor1ing again.
!he installation is finished. Unbound is auto"aticall2 started for 2ou.
=
Allow unbound to access the networ1 when the windows firewall -or 2our
installed firewall. as1s for #er"ission.
Uninstallation
f 2ou installed start "enu shortcuts, run the uninstaller fro" the "enu.
0therwise, #ress the 7e"o$e button for Unbound in the Control <anels;Add
7e"o$e 'oftware. 0n 8ista 2ou ha$e to gi$e ad"inistrator #er"ission.
f unbound is running, the ser$ice is sto##ed before uninstall. !he uninstaller
starts li1e this4
+
!he location is chec1ed4
>
%iles are re"o$ed and the uninstallation has been co"#leted.
Chec1 if it is running
0#en the Control <anels;'2ste" Ad"inistration;'er$ices and select the
unbound ser$ice4
?
!he detailed #ro#erties loo1 li1e this4
9
90
7eading the error log
0#en the Control <anel;'2ste" Ad"inistration;Log boo1s. !he unbound
entries are in the A##lication log. &e#ending on the $erbosit2 le$el, "ore or
less log entries are shown. %or hel# with errors see the docu"entation on the
unbound website. !he error shown is the notification that unbound has
started. 7esol$ers run into errors, local or re"ote, "ore fre@uentl2 than other
software, "an2 are handled b2 the resol$er auto"aticall2. !he default
$erbosit2 setting logs onl2 serious errorsA errors that cause the #rogra" to
ter"inate abnor"all2, for e,a"#le.
!he te"s in the 'tart Menu
unbound website4 U7L that o#ens the web browser to the
htt#455unbound.net website.
uninstall4 #erfor"s uninstall of unbound.
99
Ad$anced 6 editing the config file
Unbound is configured with a config file. !he default config file is C4;<rogra"
%iles;Unbound;ser$ice.conf and the e,a"#le.conf file shows the $arious
configuration o#tions. 3ou can edit the config file using a te,t editor. Note#ad
wonBt understand the uni, line endings -but unbound understands both uni,
and windows line endings.. Use a better editor, such as Note#adCC to edit the
config files. More infor"ation about configuration o#tions can be found on the
unbound website in the docu"entation section.
Ad$anced 6 tools installed
!he following files and tools are installed into C4;<rogra" %iles;Unbound
LC(N'(4 this is a te,t file with the source code license.
e,a"#le.conf4 file with e,a"#le configuration o#tions
ser$ice.conf4 configuration file used b2 default.
unbound:website.url4 lin1 to the unbound website
unbound.e,e 6 the dae"on, the "ain ser$ice file. Can also be run fro"
the co""and line if 2ou li1e.
unbound:chec1conf.e,e 6 co""andline tool that chec1s for errors in the
configuration file
unbound:host.e,e 6 co""andline tool to #erfor" &N' loo1u#s
standalone.
unbound:control.e,e 6 co""andline tool to control the unbound
dae"on, to use this 2ou need to generate certificates on a uni, "achine,
and #ut re"ote control into the configuration.
unbound:ser$ice:install.e,e 6 tool that when started registers
unbound.e,e as a ser$ice. Can be used to BinstallB unbound lightweight.
Called b2 the installer.
unbound:ser$ice:re"o$e.e,e 6 tool that when started re"o$es
unbound.e,e as a ser$ice. !he re$erse of unbound:ser$ice:install.e,e.
Called b2 the uninstaller.
anchor:u#date.e,e4 tool to u#date trust anchor files. Called b2 the
unbound ser$ice about once a da2, one hour after starting.
uninst.e,e4 the uninstaller.
dl$.isc.org.1e24 if 2ou installed this o#tion, this file contains the #ublic
1e2 for dl$.isc.org, it is loaded fro" the ser$ice.conf file.
Ad$anced 6 registr2 entries
!he following registr2 settings are affected b2 unbound
DELM;'ofware;Unbound4
nstallLocation4 !he director2 where unbound files reside.
Config%ile4 !he config file to use, ser$ice.conf b2 default.
CronAction4 !he e,ecutable and its argu"ents started to u#date trust
anchors.
Cron!i"e4 Nu"ber of seconds between cron actions, default 2* hours.
'tartMenu%older4 which folder the start "enu ite"s were installed in -if
an2 were installed..
Also registr2 settings for the uninstall infor"ation in Add57e"o$e #rogra"s
92
are "ade -in DELM;'oftware;Microsoft;Windows;Current8ersion; Uninstall;
Unbound..
'etu# as Local 'er$er
!he default install results in unbound #erfor"ing ser$ice for localhost,
running on 92>.0.0.9. !his section e,#lains how to set u# unbound to #ro$ide
ser$ice for the local networ1.
(dit the config file, see earlier section on how to edit it, and add the
#er"issions to ser$e the local networ1. Add these lines4
# this is a comment.
# provide Ipv4 service.
interface: 0.0.0.0
# provide ipv6 service, uncomment on Vista or if ipv6 is available.
#interface: ::0
# allow access by the local network.
accesscontrol: !"#.!6$.0.0%!6 allow
# if you have Ipv6 enter your %64 as well and uncomment.
#accesscontrol: #00!:db$::%64 allow
3ou also ha$e to o#en the &N' #ort -#ort =). in the firewall for inco"ing U&<
and !C< traffic to the unbound ser$er.
9)