I don't know how unbound will be aware of iked couple/decouple, so I wonder how I'd specify "as appropriate" in this case short of a DNS failover from the remote side using forward-zones in unbound. I'll take a look at unwind...
On 11/18/19, Dale C. <[email protected]> wrote: > "I'd go for a local unbound or local unwind instance, listening for > queries on localhost, configured to use a forwarder as appropriate, plus > the bypass rule suggested in faq17." > > Right. > > Thanks again, > > Dale > > On 11/18/19, Dale C. <[email protected]> wrote: >> Stuart, >> >> Hmmm, thanks for taking the time to write. I'll consider these things. >> >> My server has a static IP, and I'd also like to start looking at DNS >> over TLS. My client has a dynamic (shared even - cellular gateway) IP >> address. >> >> There are some implications there I'll also need to consider. Routing >> DNS through to the server which can do DoT would be difficult without >> accepting DNS config from the responder, no? >> >> Thank you, >> >> Dale >> >
