On Mon, 16 Jul 2012, Ondřej Caletka wrote:
It would be nice if unbound would be able to fallback to direct recursion if forwarded data fails to validate. Using external solution like dnssec-trigger cannot solve the problem well, since there are so many affected resolvers out there, so dnnsec-trigger would fall back to some tunneling setup virtally all the time.
That's not my experience. Also, do you really want all the hotspot logic within unbound? Those are much better done outside it, with dnssec-trigger and/or network-manager (or others in other OSes)
Using proper forward-first, it would be possible to use (even broken) forwarders most of the time, and switch to „full recursion mode“ only in case validation fails.
You underestimate the number of times direct port 53 access is blocked when traveling. Paul _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
