unbound fail after upgrade Ubuntu from 17.10 to 18.04
Phil Pennock
unbound-users+phil at spodhuis.org
Tue May 1 00:46:15 UTC 2018
On 2018-04-30 at 12:26 -0400, Paul Wouters via Unbound-users wrote:
> On Mon, 30 Apr 2018, Phil Pennock via Unbound-users wrote:
> > You needed Unbound before. Are you _sure_ you still need it? It might
> > be that systemd-resolved does what you need now.
>
> Does systemd-resolved still sends out your query over ALL interfaces'
> DNS servers and trusts the FIRST answer that comes back regardless of
> DNSSEC status?
Pass: it lacked the configurability I needed to be a viable option for
the deployment where I was looking. EC2 instance, needs access to
resolve "internal." and "amazonaws.com." using the in-VPC
Amazon-provided DNS resolvers, for customized results, but resolving
everything else via direct resolution, because Amazon's resolvers break
DNSSEC.
So I had a solid basis for sticking with Unbound, so that I could get
validation for everything except the domains which _have_ to be passed
onto certain upstreams. Cue much cussing yesterday. On the bright
side, I got a debugged setup in time to share details to help someone
else.
-Phil
More information about the Unbound-users
mailing list