DNS cache server that uses Azure private DNS on Azure
Since the previous construction of the DNS proxy server (DNS cache server) was too rough, I tried it after studying Unbound. The OS is Ubuntu 18.0.4.
In addition, I also checked how to specify this DNS cache server for DNS when P2S connection using Azure virtual network gateway.
Unbound - Howto Setup and Install
This how to contains a guide for compiling, installing and setting up unbound on your system. Compiling If your…
Unbound - Howto Optimise
This how to contains a guide for optimising unbound. Most users do not have to do this, but it could be useful for…
Unbound - unbound.conf.5
unbound.conf(5) unbound 1.10.1 unbound.conf(5) NAME unbound.conf - Unbound configuration file. SYNOPSIS unbound.conf…
- Prepare an Azure private DNS and link it to the virtual network (this time it was a
- Set up a VM to be a DNS cache server
sudo apt update && sudo apt install unbound
It fails to start,
Systemd-resolvedbut is because is running. You can ignore it once.
Create unbound settings
The unbound version of libevent was distributed to the Ubuntu 18.04.4 LTS repository, so the setting is for libevent. The memory is assumed to run only unbound on a 512MB environment.
access-control: 10.0.0.0/8 allow
###### use libevent
###### security consideration
# Throw all to Azure internal DNS (18.104.22.168)
Although I put it in the title “Use Azure Private DNS”, if I link Azure Private DNS to the virtual network, Azure internal DNS will do a good job, so I’m just throwing it.
rrset-roundrobinI think it is good to enable it so that it is properly distributed.
localhostexplicitly allowed, as it is only allowed if omitted . You can specify more than one, so write multiple if you span the range. I do not intend to make the security stupid, but because it is controlled by Azure's Network Security Group.
Kernel parameter adjustment
sudo tee /etc/sysctl.conf << EOF
# Secure 4M receive buffer
net.core.rmem_max = 4194304
# Secure 4M send buffer
net.core.wmem_max = 4194304
# Reload settings
sudo sysctl -p
If you do not adjust it, a log like this will appear.
warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.
Stop existing DNS service and start unbound
# Rewrite /etc/reslov.conf
sudo sed -i's /127\.0\.0\.53/127.0.0.1/g' /etc/resolv.conf
Disable Systemd-resolved sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
start unbound sudo systemctl start unbound
Now it becomes a DNS cache server that queries Unbound → Azure internal DNS. Check by doing nslookup locally.
by the author.