Quoting Jaromil (jaromil@???):
> On Sun, 01 Jan 2017, Rick Moen wrote:
>
> > IMO look no further than Unbound
>
> I disagree :^) It is worth looking further here.
>
> In Dowse, our free software project focusing on layer 2 and 3
> awareness on LAN, we are working a lot on DNS using dnscrypt.
>
> This is the surface http://crowd.dowse.eu
It's very interesting.
In skimming through the dnscrypt source code, I see that it's a DNS
tool to proxy queries over DNSCrypt protocol (that invokes ldns in the
process of doing its work) -- but it is not a recursive nameserver: I
see no routines in it that do recursive queries. Thus, unless I'm
missing something important, any Linux host involved will still need
to send all DNS queries handled by dnscrypt and ldns (and any other
DNSCrypt-protocol infrastructure) to a recursive DNS nameserver --
somewhere.
Most people end up, through taking the path of least resistance,
outsourcing recursive DNS, the way Hendrik Boom outsources it to Google
Public DNS (IPs 8.8.8.8 and 8.8.4.4) in his resolv.conf. My modest
suggestion is that it's in Linux users' interest to not outsource
recursive service to anyone at all. Having the necessary recursive
nameservice be on one of one's own local machines improves network
performance, reliability, and security, IMO.
I do admire NL LABs's ldns (
https://www.nlnetlabs.nl/projects/ldns/):
It's a very modern, well-done DNS client library, basis for the
'drill' utility (a better replacement for both dig and nslookup).
> Devuan doesn't install any dnscaching BTW.
Well, not system-wide. A variety of applications will do it whether you
want them to or not. ;->