:: Re: [DNG] Internet connectivity iss…
Página Inicial
Delete this message
Reply to this message
Autor: wirelessduck
Data:  
Para: dng
Assunto: Re: [DNG] Internet connectivity issues and browsers


> On 11 Nov 2023, at 15:27, Hendrik Boom <hendrik@???> wrote:
>
> I've thought of doing this, but then I ralised I also have an authoritativ DNS server on my main machine for the topoi.pooq domain and for the pooq.com domain.
> In https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.html it says:
>    If authoritative DNS is needed as well using nsd(8), careful setup is required because authoritative nameservers and resolvers are using the same port number (53).

>
> Kind of dicouraging.


You can leave your current dns server on port 53.

After installing unbound you can tell unbound to listen on another port (eg. 8853, or something else unused).

You would then change your authoritative dns server config to talk to localhost:8853 for upstream dns resolving instead of having it point to your ISP dns server or google or quad9 or whatever it is currently configured to connect.

This would allow you to leave unbound listening only on localhost interface instead of that server’s LAN IP interface. Other machines on the network will then connect port 53 for the authoritative server to get their local and public dns queries and not connect directly to unbound itself.

See https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html and https://unbound.docs.nlnetlabs.nl/en/latest/

You can probably use this config in /etc/unbound/unbound.conf.d/local.conf:

server:
    interface: 127.0.0.1
    port: 8853



Tom