Re: Importing unbound

[Roy Marples <roy%marples.name@localhost>]

On 05/05/2015 14:22, David Brownlee wrote:
> On 5 May 2015 at 00:15, Matt Thomas <matt%3am-software.com@localhost> wrote:
>>
>> I think we should include unbound as an alternative for named so it can be used .
>>
>> http://www.unbound.net/
>>
>> named is just “too big” for me to be comfortable with.

I agree with this whole heartedly.

> I tend to install dnsmasq everywhere for 'light weight' dns & dhcp
> usage, just a pity its a GPL licence.
> 
> Though I also agree there should be a lightweight dns resolving daemon
> in base and unbound fits the bill for that perfectly.

dnsmasq is a lot more light weight than unbound for sure, however using
dnsmasq as a cache can be problematic as it strips stuff it doesn't
understand (or want) from the upstream replies which you may need when
debugging.

Also, unless you have dbus installed (and dnsmasq built for it), there
is a minor race window where you could be re-starting dnsmasq to pickup
a new confile set by resolvconf(8). named also has this flaw, unbound
does not as it re-reads everything on SIGHUP.

Saying that, unbound does have one flaw as a local dns cache - it won't
do reverse lookup on private IP's by default - you need a config section
similar to this:

server:
    pidfile:    "/var/run/unbound.pid"

    # Allow reverse IPv4 local network queries
    local-zone: "10.in-addr.arpa." nodefault
    local-zone: "168.192.in-addr.arpa." nodefault

Roy