From 55e136b99139b295301d6bbff67ef01d414bf1e9 Mon Sep 17 00:00:00 2001 From: Christopher Jones Date: Sat, 21 Feb 2026 09:19:50 -0500 Subject: [PATCH] Add configuration notes for Unbound --- unbound.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 unbound.md diff --git a/unbound.md b/unbound.md new file mode 100644 index 0000000..603d992 --- /dev/null +++ b/unbound.md @@ -0,0 +1,25 @@ +Unbound provides DNS resolution service for the local network. Unbound was built from source and installed on Teal, bare metal (configure, make, sudo make install). + +The configuration file for Unbound is at /usr/local/etc/unbound/unbound.conf, with included configuration files in the directory /usr/local/etc/unbound/unbound.conf.d. + +Notes on Unbound configuration + +Unbound is configured for Split DNS to provide a different address resolution for services running on the home LAN, depending on whether the requesting client is running on the home LAN, on our Tailnet, or on a system entirely outside our network, on the public Internet. The Unbound view construct is used to implement this. + +There are two Unbound views defined: "lan" and "tailnet". The "lan" view includes local-data records for the available services on our network (mostly, but not exclusively, running on Teal), for example: + + local-data: "nextcloud.objectbrokers.com. A 192.168.88.231" + +Each local-data record in the "lan" view points to a physical IP address on the home LAN. + +The "tailnet" view includes local-data records for the same set of services on our network as the "lan" view, for example: + + local-data: "nextcloud.objectbrokers.com. A 100.81.165.11" + +Each local-data record in the "tailnet" view points to a Tailscale IP address on our Tailnet. + +Maintenance + +The Unbound configuration must be carefully maintained to enable Unbound to resolve URLs for our services correctly. + +Both views must include local-data records for each published service; each view must include the same set of names to be resolved. The view differ in the IP address referenced for each name, not in the names included in the view. Thus when a new service is published, a local-data record for that service must be added to both views. When a service is deleted from the network, its local-data records in both views ("lan" and "tailnet") must be deleted. \ No newline at end of file