Author: wirelessduck Date: To: dng Subject: Re: [DNG] Unbound details: was Mozilla and cloudflare to hijack all
your DNS requests - for your own good of course
Forgetting to hit reply-all :D
On Tue, 21 Aug 2018 at 13:24, <wirelessduck@???> wrote: >
> On Tue, 21 Aug 2018 at 08:15, Steve Litt <slitt@???> wrote:
>
> > There are disadvantages to having the same software do both auth and
> > cache, and BIND is a big honkin complexity. See the djbdns
> > documentation for details. I think that's why the OP wanted unbound in
> > the first place.
> >
> > The unbound man page mentions nsd as an auth server companion to
> > unbound.
> >
> > I couldn't exactly understand the docs, but it sounds to me like you
> > set up nsd on the machine's IP address and unbound either on 127.0.0.1
> > or on an alias of your machine's IP address. Then, to unbound.conf, you
> > add a stub zone that points to your nsd server's address.
> >
> > SteveT
>
> Thanks Steve,
>
> I'm not much of a BIND9 expert, so I'll happily try out something else
> if it's considered to be more secure.
>
> I've found some potentially useful docs on the Arch linux wiki which I
> will go through to try and configure a nsd/unbound setup.
>
> https://wiki.archlinux.org/index.php/Nsd > https://wiki.archlinux.org/index.php/Unbound >
> --Tom