Unbound is a validating, recursive, and caching DNS resolver.
Install DNSSEC:, and which is dependency for
pacman -S unbound expat
Unbound is easy to configure. Following configuration placed in /etc/unbound/unbound.conf is enough to run on both IPv4 and IPv6 without access restrictions:
server: username: "unbound" directory: "/etc/unbound" use-syslog: yes interface: 0.0.0.0 interface: ::0 verbosity: 1
To use specific servers for default forward zone (all queries will be forwarded to them, and then cached) add this to the configuration file:
forward-zone: name: "." forward-addr: 126.96.36.199 forward-addr: 188.8.131.52
This will make unbound use OpenDNS servers as forward zone.
Note: OpenDNS strips DNSSEC records from responses. Do not use the above forward zone if you want to enable DNSSEC validation (below).
Adding unbound to boot process
/etc/rc.conf (See also rc.conf):
DAEMONS=(.. unbound ..)
Place unbound before daemons that require network access.
Set /etc/resolv.conf to use the local DNS server
/etc/resolv.conf (See also resolv.conf):
Configuring Unbound to Validate DNSSEC
Fetch the root trust anchor:
sudo -u unbound unbound-anchor -a /etc/unbound/auto-root.key
Edit unbound.conf, adding the following line to the server: block:
rc.d restart unbound