In order to enable logging in the Unbound DNS resolver, you have to add the following lines to your /etc/unbound/unbound.conf
configuration file:
server: chroot: "" logfile: /var/log/unbound.log verbosity: 1 log-queries: yes ...
Then, create the file and make sure it’s owned by the unbound
process:
touch /var/log/unbound.log chown unbound:unbound /var/log/unbound.log
Finally, restart Unbound:
/etc/init.d/unbound restart
Now you should be able to see the log:
tail -f /var/log/unbound.log [1553775590] unbound[32655:0] info: 127.0.0.1 googlemail.l.google.com. A IN [1553775609] unbound[32655:0] info: 127.0.0.1 acp-ss-ew1.adobe.io. A IN [1553775695] unbound[32655:0] info: 127.0.0.1 clients4.google.com. A IN ...
The reason you have to add chroot: ""
is because by default unbound runs in a chroot and can’t write to /var/log
.
This post was tested on OpenWRT.