[Unbound-users] Feature Request for Unbound: Orientation
Paul Wouters
paul at xelerance.com
Thu Sep 15 19:34:42 UTC 2011
On Wed, 14 Sep 2011, Ed - 0x1b, Inc. wrote:
> I have a feature request for Unbound: Orientation
>
> Could Unbound use the same DNSSEC methods that confirm the root name
> servers to also confirm that an authoritative server on the local
> network segment is affirmatively authoritative, private or fqdn? What
> this tells me is that my system knows for certain that it is in a
> particular network and domain. If so, it can change the firewall rules
> and run services as well as scripts for synchronization, etc... These
> are all things I would only want to do if I were on my own network. Or
> maybe I would want to do them differently depending on my system's
> network/domain orientation. This is a question more and more systems
> will face, and I think Unbound can be the best way to know where one
> is in these networks.
>
> As a bonus, if Unbound could communicate the system's orientation by
> way of D-bus it would be even more useful. [re: systemd?]
I think it would be more the other way around (as Wouter has been
experimenting with using dnssec-trigger). NetworkManager/DBus determines
your network, and reconfigured unbound appropriately.
Perhaps you can do something with unbound-anchor for your private keys,
but in the end, anyone that can replay dnssec data can "pretend" to be
your secure network, so DNS is not a good meassurement.
Paul
More information about the Unbound-users
mailing list