security settings

Modster, Anthony Anthony.Modster at
Fri Jul 31 21:16:41 UTC 2020

Hello Paul

Experimenting using "unbound daemon" as a recursive DNS server.

I created a test-gethostbyname app that resolves
The resolve was successful and looking at the log file (wqar-unbound.log) DNSSEC was used.

Am I missing something ?

Method 3c, unbound daemon lesioning for local DNS quires
	same setup as: Method 3a, Authentication Servers (how unbound try's to contact)
	except resolv.conf is set to "nameserver"
	use test app to send local DNS to "unbound daemon" using gethostbyname()
		empty file
		cat /var/run/resolv.conf
		this file is linked to /etc/resolv.conf (this is already done at boot)
		cp /usr/local/etc/unbound/root.key /var/lib/unbound/
		ip addr show ppp0
		outgoing-interface: x.x.x.x

update unbound.conf for outgoing-interface: x.x.x.x to point to ppp0
/usr/sbin/unbound -d -vvvvv -c /usr/local/etc/unbound/unbound.conf &
	note: takes a few attempts before returning data (may want to increase timeouts)
	main start.
	main h_name
	main h_aliases[0]
	main h_aliases[1]
	main h_addrtype 2
	main h_length 4
	main h_addr_list[0]
	main finished.

-----Original Message-----
From: Paul Wouters <paul at> 
Sent: Friday, July 31, 2020 11:40 AM
To: Modster, Anthony <Anthony.Modster at>
Cc: Modster, Anthony via Unbound-users <unbound-users at>
Subject: RE: security settings

---External Email---

On Fri, 31 Jul 2020, Modster, Anthony wrote:

> I thought unbound supports downstream clients.
> If that is the case any DNS capable app can point to "unbound daemon" and have it resolve or forward DNSSEC requests.
> The "unbound daemon" would monitor for client DNS quires on "what the typical resolv.conf nameserver is set for".
> Is this true ?

Yes. unbound a recursive DNS server.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: wqar-unbound.log
Type: application/octet-stream
Size: 571313 bytes
Desc: wqar-unbound.log
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: resolv.conf
Type: application/octet-stream
Size: 21 bytes
Desc: resolv.conf
URL: <>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: test-gethostbyname.c
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unbound.conf
Type: application/octet-stream
Size: 41928 bytes
Desc: unbound.conf
URL: <>

More information about the Unbound-users mailing list