diff --git a/Data/unbound.conf b/Data/unbound.conf new file mode 100644 index 00000000..e707ff0f --- /dev/null +++ b/Data/unbound.conf @@ -0,0 +1,33 @@ +server: + port: 53 # port where to listen to queries (default 53) + interface: 0.0.0.0 + interface: ::0 + access-control: 127.0.0.1/8 allow + access-control: ::1/64 allow + access-control: 192.168.0.0/16 allow + verbosity: 0 # log nothing + qname-minimisation: yes # send minimal amount of information to upstream servers to enhance privacy + auto-trust-anchor-file: "/var/lib/unbound/root.key" # location of the trust anchor file that enables DNSSEC + + num-threads: 1 + aggressive-nsec: yes + prefetch: yes # refresh expiring cache entries, if less than 10% of their TTL remains + hide-identity: yes # less verbose responses + hide-version: yes # less verbose responses + rrset-cache-size: 100m + msg-cache-size: 50m + cache-min-ttl: 3600 # 1 hour minimum caching time + cache-max-ttl: 86400 # 1 day maximum caching time + cache-max-negative-ttl: 3600 # 1 hour maximum caching time for negative responses + so-reuseport: yes # faster UDP with multithreading (only on Linux) + +remote-control: + control-enable: yes # allows controlling unbound using "unbound-control" + +forward-zone: + name: "." + #forward-addr: 1.1.1.1@53 # Cloudflare (primary) + #forward-addr: 1.0.0.1@53 # Cloudflare (secondary) + forward-addr: 8.8.8.8@53 # Google Public DNS (primary) + forward-addr: 8.8.4.4@53 # Google Public DNS (secondary) + #forward-addr: 9.9.9.9@53 # Quad9 diff --git a/Scripts/check-dns.ps1 b/Scripts/check-dns.ps1 index bc729127..0ae95c88 100755 --- a/Scripts/check-dns.ps1 +++ b/Scripts/check-dns.ps1 @@ -19,12 +19,15 @@ try { $PathToRepo = "$PSScriptRoot/.." $Table = import-csv "$PathToRepo/Data/domain-names.csv" - foreach($Row in $Table) { - write-progress "Resolving $($Row.Domain) ..." - if ($IsLinux) { - $Ignore = nslookup $Row.Domain - } else { - $Ignore = resolve-dnsName $Row.Domain + if ($IsLinux) { + foreach($Row in $Table) { + write-progress "Resolving $($Row.Domain)..." + $null = dig $Row.Domain + } + } else { + foreach($Row in $Table) { + write-progress "Resolving $($Row.Domain)..." + $null = resolve-dnsName $Row.Domain } } $Count = $Table.Length diff --git a/Scripts/install-knot-resolver.ps1 b/Scripts/install-knot-resolver.ps1 index eaa24531..10fe1acf 100644 --- a/Scripts/install-knot-resolver.ps1 +++ b/Scripts/install-knot-resolver.ps1 @@ -8,7 +8,7 @@ .LINK https://github.com/fleschutz/PowerShell .NOTES - Author: Markus Fleschutz / License: CC0 + Author: Markus Fleschutz | License: CC0 #> #Requires -RunAsAdministrator @@ -16,16 +16,16 @@ try { $StopWatch = [system.diagnostics.stopwatch]::startNew() - "👉 Installing Knot Resolver... [step 1/4]" + "⏳ Step 1/4: Installing Knot Resolver..." & sudo snap install knot-resolver-gael - "👉 Copying default configuration... [step 2/4]" + "⏳ Step 2/4: Copying default configuration..." & sudo cp "$PSScriptRoot/../Data/default.kresd.conf" /var/snap/knot-resolver-gael/current/kresd.conf - "👉 Let user configure... [step 3/4]" + "⏳ Step 3/4: Let user configure..." & sudo vi /var/snap/knot-resolver-gael/current/kresd.conf - "👉 Starting Knot Resolver... [step 4/4]" + "⏳ Step 4/4: Starting Knot Resolver..." & sudo snap start knot-resolver-gael [int]$Elapsed = $StopWatch.Elapsed.TotalSeconds diff --git a/Scripts/install-unbound.ps1 b/Scripts/install-unbound.ps1 new file mode 100644 index 00000000..6dbe24c6 --- /dev/null +++ b/Scripts/install-unbound.ps1 @@ -0,0 +1,54 @@ +<# +.SYNOPSIS + Installs Unbound (needs admin rights) +.DESCRIPTION + This PowerShell script installs Unbound, a validating, recursive, caching DNS resolver. It needs admin rights. +.EXAMPLE + PS> ./install-unbound +.LINK + https://github.com/fleschutz/PowerShell +.NOTES + Author: Markus Fleschutz | License: CC0 +#> + +#Requires -RunAsAdministrator + +try { + $StopWatch = [system.diagnostics.stopwatch]::startNew() + + "⏳ Step 1/7: Updating package infos..." + & sudo apt update -y + if ($lastExitCode -ne "0") { throw "'sudo apt update' failed" } + + "⏳ Step 2/7: Installing Unbound..." + & sudo apt install unbound -y + if ($lastExitCode -ne "0") { throw "'sudo apt install unbound' failed" } + + "⏳ Step 3/7: Setting up Unbound..." + & sudo unbound-control-setup + if ($lastExitCode -ne "0") { throw "'unbound-control-setup' failed" } + + "⏳ Step 4/7: Updating DNSSEC Root Trust Anchors..." + & sudo unbound-anchor + if ($lastExitCode -ne "0") { throw "'unbound-anchor' failed" } + + "⏳ Step 5/7: Copying default configuration..." + & sudo cp "$PSScriptRoot/../Data/unbound.conf" /etc/unbound/unbound.conf + if ($lastExitCode -ne "0") { throw "'cp' failed" } + + "⏳ Step 6/7: (Re-)starting Unbound..." + & sudo unbound-control stop + & sudo unbound-control start + if ($lastExitCode -ne "0") { throw "'unbound-control start' failed" } + + "⏳ Step 7/7: Checking status..." + & sudo unbound-control status + if ($lastExitCode -ne "0") { throw "'unbound-control status' failed" } + + [int]$Elapsed = $StopWatch.Elapsed.TotalSeconds + "✔️ installed Unbound in $Elapsed sec" + exit 0 # success +} catch { + "⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])" + exit 1 +}