On Thu, 22 Sep 2011, Dan Williams wrote:
But I'm not really familiar with unbound. Is it a long-running service?
Yes, It's a fully dnssec validating caching resolver. You start it at boot
and leave it running.
What does its config file look like? Does it re-read config data on
SIGHUP?
You properly talk to it via unbound-control, which uses SSL certs between
it and the daemon. No need to re-write config files or send it weirdo
signals.
Is there any case you'd run more than one instance at a time,
like we do with dnsmasq when you have virtual machines that use dnsmasq
as the forwarding nameserver between the NAT-ed VM and the host?
You could, but in general one does not. Unlike dnsmasq, unbound delivers no
dhcp or other services. It is just a very secure DNS resolver.
How complicated is the config file format? Does it have the ability to
specific different nameservers on a per-zone basis?
Yes you can specify specific forwarders for specific zones using the forward
and stub sections (not sure if you can send these via unbound-control currently)
You can even assign those a DNSSEC key, so you can validate non-public zones
that would normally be proven "not to exist" in the real world.
which you got via DHCP (aka ISP's nameservers). Those servers perform
caching so local unbound/bind will use them and there won't be increased
DNS traffic over the Internet due bypassing those caches.
Understood.
Indeed.
Paul
_______________________________________________
networkmanager-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/networkmanager-list
