Docs / DNS & Domains / Running a Local DNS Resolver with Unbound

Running a Local DNS Resolver with Unbound

By Admin · Feb 25, 2026 · Updated Apr 23, 2026 · 30 views · 1 min read

Why Run a Local Resolver?

Running your own DNS resolver improves privacy (no third-party sees your queries), reduces latency through caching, and gives you control over DNS filtering.

Installation

sudo apt update
sudo apt install -y unbound

Basic Configuration

Edit /etc/unbound/unbound.conf:

server:
    interface: 127.0.0.1
    port: 53
    access-control: 127.0.0.0/8 allow

    # Performance tuning
    num-threads: 2
    msg-cache-size: 64m
    rrset-cache-size: 128m
    cache-min-ttl: 300
    cache-max-ttl: 86400

    # Privacy
    hide-identity: yes
    hide-version: yes
    qname-minimisation: yes

    # Security
    harden-glue: yes
    harden-dnssec-stripped: yes
    use-caps-for-id: yes

# Use root hints for recursive resolution
remote-control:
    control-enable: yes

Start and Enable

sudo systemctl enable --now unbound
sudo systemctl status unbound

Configure System to Use It

Update /etc/resolv.conf:

nameserver 127.0.0.1

Or use systemd-resolved:

sudo sed -i "s/#DNS=/DNS=127.0.0.1/" /etc/systemd/resolved.conf
sudo systemctl restart systemd-resolved

Verify

dig @127.0.0.1 example.com
# Check cache stats
sudo unbound-control stats_noreset | grep total.num

Was this article helpful?

Related Articles