On Wed, 14 Sep 2011, Ed - 0x1b, Inc. wrote: > I have a feature request for Unbound: Orientation > > Could Unbound use the same DNSSEC methods that confirm the root name > servers to also confirm that an authoritative server on the local > network segment is affirmatively authoritative, private or fqdn? What > this tells me is that my system knows for certain that it is in a > particular network and domain. If so, it can change the firewall rules > and run services as well as scripts for synchronization, etc... These > are all things I would only want to do if I were on my own network. Or > maybe I would want to do them differently depending on my system's > network/domain orientation. This is a question more and more systems > will face, and I think Unbound can be the best way to know where one > is in these networks. > > As a bonus, if Unbound could communicate the system's orientation by > way of D-bus it would be even more useful. [re: systemd?] I think it would be more the other way around (as Wouter has been experimenting with using dnssec-trigger). NetworkManager/DBus determines your network, and reconfigured unbound appropriately. Perhaps you can do something with unbound-anchor for your private keys, but in the end, anyone that can replay dnssec data can "pretend" to be your secure network, so DNS is not a good meassurement. Paul