Maintained by: NLnet Labs

[Unbound-users] nss-ubdns: NSS module for DNSSEC validated hostname lookups

Robert Edmonds
Sun Oct 30 04:54:16 CET 2011


hi,

i've written a validating stub resolver module for GNU systems that use
the glibc Name Service Switch.  it uses libunbound instead of the system
libresolv library to perform hostname lookups.

this is the first release.  the source code is available here:

    https://github.com/edmonds/nss-ubdns

i have also made signed debian packages available here:

    http://people.debian.org/~edmonds/nss-ubdns/

note that the debian package depends on the unbound-anchor package,
which is currently only available in unstable.  the unbound-anchor
utility is used at package installation time and periodically thereafter
to keep the root anchor up to date.  you need to manually edit the
/etc/nsswitch.conf file and change "dns" to "ubdns" after installation
to activate the module.

on my amd64 system the libnss-ubdns module (with statically linked
libunbound and libldns) causes about 3.5 MB of additional DSOs
(libcrypto, libpthread, libz, etc.) to be mapped into processes that use
the stub resolver.  in comparison, libnss-dns and libresolv together
only use 101 KB.

-- 
Robert Edmonds
edmonds at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20111029/393df1f3/attachment.pgp>