[Unbound-users] Installed. Now what?
Jan-Piet Mens
jpmens.dns at gmail.com
Sun Apr 8 13:57:14 UTC 2012
Alan,
> What I want is from my resolver to use DNSSEC.
>
> So it looks like I need to recompile everything with unbounds
> library and probably not use ISC's BIND resolver library. Is that
> correct?
No, not at all. What you have to do is get your resolver to speak to
your newly setup Unbound, by adding it's address to /etc/resolv.conf on
the client machines that should use it.
>
> So I have it installed and it seems to work - kind of:
>
> $ dig . +dnssec
>
> ; <<>> DiG 9.6-ESV-R4-P3 <<>> . +dnssec
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10913
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
That looks ok, as long as dig is actually using your Unbound. Best to
force it to query that explicitly by specifying the IP of your Unbound
dig @127.0.0.1 +dnssec .
(supposing Unbound is on 127.0.0.1)
> So is there any use for me for this utility or was it just a nice
> experiment?
As mentioned above, point your /etc/resolv.conf to Unbound.
-JP
More information about the Unbound-users
mailing list