I'm using Unbound for recursive caching (serving internal network). I would like to use DNSSEC and also encrypt the outbound traffic, but I have doubts about foloowing:
* Unbound does not support encryption natively (from own code base) AFAIK. I have come across two methods to encrypt DNS traffic: TOR and DNSCrypt. Are there any other alternatives? * Will DNSSEC be disabled when using any encryption method or if the DNS query is forwarded to listening daemon (like TOR/DNSCrypt)? * When forwarding to a locally listening daemon, "do-not-query-localhost: no" must be enabled for forwarding to work. Is this a security risk? * Does one specify a forward-zone when using DNSSEC, or is it left up to Unbound to decide (or maybe either method is acceptable)? I think without forward-zone, Unbound just uses the list from root.hints? * I have setup DNSSEC using the unbound-anchor command, and root.key shows date as: Feb 1 15:12:15 2014. Tests show however, that server is NOT using DNSSEC. Debug is set to verbosity: 4, and log shows no errors. All files in /var/unbound are owned by unbound:unbound with exception of unbound.conf. Regards -- FreeBSD_amd64_11-current_RadeonKMS _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
