security settings
Modster, Anthony
Anthony.Modster at Teledyne.com
Fri Jul 31 21:16:41 UTC 2020
Hello Paul
Experimenting using "unbound daemon" as a recursive DNS server.
I created a test-gethostbyname app that resolves www.msn.com.
The resolve was successful and looking at the log file (wqar-unbound.log) DNSSEC was used.
Am I missing something ?
Method 3c, unbound daemon lesioning for local DNS quires
Note:
same setup as: Method 3a, Authentication Servers (how unbound try's to contact)
except resolv.conf is set to "nameserver 127.0.0.1"
use test app to send local DNS to "unbound daemon" using gethostbyname()
/etc/hosts
empty file
/var/run/resolv.conf
cat /var/run/resolv.conf
nameserver 127.0.0.1
this file is linked to /etc/resolv.conf (this is already done at boot)
/var/lib/unbound/root.key
cp /usr/local/etc/unbound/root.key /var/lib/unbound/
/usr/local/etc/unbound/unbound.conf
ip addr show ppp0
outgoing-interface: x.x.x.x
update unbound.conf for outgoing-interface: x.x.x.x to point to ppp0
/usr/sbin/unbound -d -vvvvv -c /usr/local/etc/unbound/unbound.conf &
test-gethostbyname
Results
note: takes a few attempts before returning data (may want to increase timeouts)
test-gethostbyname
main start.
main h_name a-0003.a-msedge.net
main h_aliases[0] www.msn.com
main h_aliases[1] www-msn-com.a-0003.a-msedge.net
main h_addrtype 2
main h_length 4
main h_addr_list[0] 204.79.197.203
main finished.
-----Original Message-----
From: Paul Wouters <paul at nohats.ca>
Sent: Friday, July 31, 2020 11:40 AM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>
Cc: Modster, Anthony via Unbound-users <unbound-users at lists.nlnetlabs.nl>
Subject: RE: security settings
---External Email---
On Fri, 31 Jul 2020, Modster, Anthony wrote:
> I thought unbound supports downstream clients.
>
> If that is the case any DNS capable app can point to "unbound daemon" and have it resolve or forward DNSSEC requests.
>
> The "unbound daemon" would monitor for client DNS quires on 127.0.0.1 "what the typical resolv.conf nameserver is set for".
>
> Is this true ?
Yes. unbound a recursive DNS server.
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wqar-unbound.log
Type: application/octet-stream
Size: 571313 bytes
Desc: wqar-unbound.log
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200731/7c8b4266/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: resolv.conf
Type: application/octet-stream
Size: 21 bytes
Desc: resolv.conf
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200731/7c8b4266/attachment-0004.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: test-gethostbyname.c
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200731/7c8b4266/attachment-0001.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unbound.conf
Type: application/octet-stream
Size: 41928 bytes
Desc: unbound.conf
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200731/7c8b4266/attachment-0005.obj>
More information about the Unbound-users
mailing list