Unbound-control

You can manage unbound(8) with unbound-control(8).

Setup keys for unbound-control

To create a self-signed certificate and private keys for the unbound server and client:

# unbound-control-setup             
setup in directory /var/unbound/etc
Generating RSA private key, 3072 bit long modulus
...
Setup success. Certificates created. Enable in unbound.conf file to use

Inspect the cache

# unbound-control dump-cache

Inspect nameservers

To inspect which nameservers are used in the lookup of example.com:

# unbound-control lookup example.com
The following name servers are used for lookup of example.com.
...

Flush cache

To reload the server, re-read the config file, and flush the cache:

# unbound-control reload

Flush negative cache

If a DNS record fails to validate the first time, this error will get cached:

Mar  8 01:34:41 hostname unbound: [45846:0] info: validation failure <example.com. A IN>: key for validation . is marked as invalid because of a previous validation failure <example.com. A IN>: no DNSKEY rrset for trust anchor . while building chain of trust

The solution is to flush all negative cache.

# unbound-control flush_negative

List forward zones

To list the forward zones:

# unbound-control list_forwards