Date: Sat, 14 Oct 2017 22:43:23 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: Unbound(8) caching resolver no workie on fresh install :-( Message-ID: <20171014224323.1ed35da3@gumby.homeunix.com> In-Reply-To: <b1f2d83e-d09f-42ad-f03d-26b6995c141f@columbus.rr.com> References: <4172.1507827505@segfault.tristatelogic.com> <b1f2d83e-d09f-42ad-f03d-26b6995c141f@columbus.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Oct 2017 17:31:32 -0400 Baho Utot wrote: > On 10/12/2017 12:58 PM, Ronald F. Guilmette wrote: > > During this (fresh) install, I -never- explicitly selected any > > option that would obcviously hav the effect of telling unbound to > > forward/route all of its DNS queries through any other specific > > name servers). So why on earth would it be doing so? > > Because the base system uses unbound as the resolver. That doesn't explain why it forwards by default. Is ISP cache poisoning entirely a thing of the past? IIRC there are also attacks where a DSL router is hacked and reconfigured to give bogus DNS servers via DHCP. There's also the issue that mail servers should avoid using shared caches because of per IP address limits on blocklists. Linux resolver packages that set-up forwarding without making it clear have been a problem for a while now.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171014224323.1ed35da3>