On Tue, 2020-07-14 at 18:39 -0400, Bill Cole wrote: > > There are far too many ways that people have BIND already installed > and configured for a 3rd-party package to be able to safely provide a > full named.conf that will work for 90% of users who have modified > their configurations away from the defaults. > Fair enough, but I wasn't on about them.
What I WAS on about is the steady flow of folks who install SA and then post on this list about problems resulting from using a shared DNF and their consequent receipt of getting a letter from RBL providers suggesting that service could be restored by application of cash. THOSE are the newish SA users who are unlikely to have a non-forwarding DNS installed and might well be helped by prominent messages in the SA config files they will certainly be editing and that I'm suggesting should contain unmissable messages about the need for having a non- forwarding DNS setup. The others who need cluestick treatment are any companies selling home servers with SA installed and either no DNS installed or a forwarding DNS as part of the package. > As noted on the page that Kevin cited, the default configuration for > BIND, Unbound, and the PDNS Resolver as packaged for the dominant > Linux distros is correct for a non-forwarding caching resolver. For > BIND and Unbound, this is also true on FreeBSD. For macOS, there is no > 'standard package' but the MacPorts packages for both BIND and Unbound > do the right thing with the default variants. > > Everywhere that I have used it, Unbound has been configured thus when > installed from the standard system package where one exists. > Fair enough: job done then. We can now declare the surprised punter with a forwarding DNS who sent this list an e-mail saying that RBL service has been cut off until cash is sent is now officially extinct as a subspecies, never to be heard from again. Martin
