The purpose of the lab is to setup the resolver on the first server. You should install either BIND or Unbound -- not both (unless uninstall BIND first).
-
Connect to the server (resolverX.odslab.se) by using SSH or PuTTY.
-
Change the host name.
sudo hostname resolverX.odslab.se -
Login and logout to get an updated command prompt.
-
Uninstall BIND if previously installed.
sudo dpkg --purge bind9 -
Install Unbound as the resolver. Also install dnsutils for dig(1).
sudo apt-get update sudo apt-get upgrade sudo apt-get install unbound dnsutils -
Configure the Unbound not to use any forwarders
sudo vim /etc/default/unboundFile contents:
RESOLVCONF_FORWARDERS=false -
Restart Unbound
sudo systemctl restart unbound -
Verify by using dig. Notice that the AD-flag is set.
dig +dnssec www.opendnssec.org -
Also try resolving a domain where DNSSEC is broken.
dig www.trasigdnssec.seBut we can see that in fact the domain does contain the information if we bypass the DNSSEC validation:
dig +cd +dnssec www.trasigdnssec.se