Validating DNS resolver : unwind

Unwind is available in OpenBSD base install. It is able to do DNS resolution on your own devince instead of asking to your ISP or external provider. Results are kept in cache. This increase your server's performances and I strongly suggest to enable it😎.

Notice unwind only work locally and can't do resolution for other devices. To provide such feature, look at unbound.

To use unwind, enable is as usual :

# rcctl enable unwind
# rcctl start unwind

Edit "/etc/resolv.conf" file so your server asks unwind to resolve domain names. This is not necessary if you use DHCP.

nameserver 127.0.0.1

Here you go, your server now resolve domain names on its own.

You can try how well unwind works using dig command to see DNS requests results:

$ dig si3t.ch
[...]
;; Query time: 61 msec

61 ms were necessary to get an answer. Now try again :

$ dig si3t.ch
[...]
;; Query time: 0 msec

Yay, the address in in cache, speeding up future requests until TTL.

If you want to go further, read :

unwind(8) man

unwind.conf(5) man

unbound(8) man