Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Oct 2017 22:43:23 +0100
From:      RW <rwmaillists@googlemail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Unbound(8) caching resolver no workie on fresh install :-(
Message-ID:  <20171014224323.1ed35da3@gumby.homeunix.com>
In-Reply-To: <b1f2d83e-d09f-42ad-f03d-26b6995c141f@columbus.rr.com>
References:  <4172.1507827505@segfault.tristatelogic.com> <b1f2d83e-d09f-42ad-f03d-26b6995c141f@columbus.rr.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Oct 2017 17:31:32 -0400
Baho Utot wrote:

> On 10/12/2017 12:58 PM, Ronald F. Guilmette wrote:

> > During this (fresh) install, I -never- explicitly selected any
> > option that would obcviously hav the effect of telling unbound to
> > forward/route all of its DNS queries through any other specific
> > name servers).  So why on earth would it be doing so?  
> 
> Because the base system uses unbound as the resolver.

That doesn't explain why it forwards by default. 

Is ISP cache poisoning entirely a thing of the past? IIRC there are
also attacks where a DSL router is hacked and reconfigured to give bogus
DNS servers via DHCP.

There's also the issue that mail servers should avoid using shared
caches because of per IP address limits on blocklists. Linux resolver
packages that set-up forwarding without making it clear have been a
problem for a while now.



 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171014224323.1ed35da3>