COMO CONFIGURAR DNS UNBOUND DEBIAN 11 

ATUALIZAR REPOSITORIOS:

#  apt-get update ;  apt-get upgrade

Instale os pacote dnsutils build-essential libssl-dev

# apt-get install dnsutils build-essential libssl-dev

instale o servidor Unbound 

# apt-get install unbound

Acesse o arquivos do serviço Unbound

 # cd /etc/unbound

  Realize o download do arquivo "named.cache e root servers

#  wget ftp://ftp.internic.net/domain/named.cache

 Execute o comando "unbound-control-setup

# unbound-control-setup 

Abra o arquivo "unbound.conf

# nano unbound.conf

Apos essa linha Digite 

######################################################################

server:

port: 53

interface: 0.0.0.0

access-control: 0.0.0.0/0 allow

access-control: 127.0.0.0/8 allow

access-control: 192.168.0.0/16 allow

access-control: 172.16.0.0/12 allow

access-control: 10.0.0.0/8 allow

access-control: 169.254.0.0/16 allow

verbosity: 1

num-threads: 4

outgoing-range: 8192

num-queries-per-thread: 4096

so-rcvbuf: 4m

so-sndbuf: 4m

msg-cache-slabs: 2

rrset-cache-slabs: 2

infra-cache-slabs: 2

key-cache-slabs: 2

rrset-cache-size: 50m

msg-cache-size: 100m

do-ip4: yes

do-ip6: yes

do-udp: yes

do-tcp: yes

do-daemonize: yes

module-config: "iterator"

local-data: "localhost A 127.0.0.1" 

local-data-ptr: "127.0.0.1 localhost"

root-hints: "/etc/unbound/named.cache"

use-syslog: yes

logfile: "/etc/unbound/unbound.log" 

pidfile: "/var/run/unbound.pid"

hide-identity: yes

hide-version: yes

auto-trust-anchor-file: "/var/lib/unbound/root.key"

Configurando o Linux para usar o servidor DNS na loopback como servidor DNS

# echo "nameserver 127.0.0.1" > /etc/resolv.conf

# echo "nameserver ::1 " >> /etc/resolv.conf

Para testar o DNSSEC, execute o comando:

# dig com. SOA +dnssec

Pode consultar se as porta estão sendo ouvidas:

# ss -putan  | grep LISTEN | grep :53

Agora teste dns sec 

https://wander.science/projects/dns/dnssec-resolver-test/

caso aparessa deu tudo certo