# DNS: Recursive DNS

## Option 1: Unbound

```bash
$ apt install unbound
```

Recursive DNS can sometimes sacrifice speed for security so the `unbound` server is going to be limited to only serve DNS requests from loopback addresses. Everyone else will have to go through a DNS caching server (_dnsmasq_) that I'll setup later to perform DNS queries.

```diff
# /etc/unbound/unbound.conf.d/local.conf
+ server:
+ 	interface: 127.0.0.1
+ 	interface: ::1
+ 	access-control: 127.0.0.1 allow
+ 	access-control: ::1 allow
```

```bash
$ systemctl restart unbound
```

## Option 2: Public Recursive Name Server

I don't have to do anything since [dnsmasq](https://en.wikipedia.org/wiki/Dnsmasq) will be setup to query a public recursive DNS server like _Cloudflare_'s `1.1.1.1` and `1.0.0.1`.