Maintained by: NLnet Labs

inconsistent forward-zone behavior between config files, unbound-control

A. Schulze
Tue Sep 22 20:19:51 CEST 2015

Am 22.09.2015 um 19:02 schrieb Mike Brown via Unbound-users:
> * by default, queries go to my ISP's resolvers (Comcast: &
why would you do that?

I expect Comcast not to block other DNS queries? Assuming that I would suggest
to run unbound simply in default configuration -> resolving direct via root nameservers.
No default forwarding -> no need to configure exceptions for DNSBL zones.

Also I'm not aware any unbound configuration is modified in any way by a DHCP client.
I use to ignore any resolver announced by a DHCP server:

$ stat --printf "%a\n" /etc/dhcp/dhclient-enter-hooks.d/do_not_touch_resolv_conf

$ cat /etc/dhcp/dhclient-enter-hooks.d/do_not_touch_resolv_conf
make_resolv_conf() {
  logger -p -t /etc/dhcp/dhclient-enter-hooks.d/do_not_touch_resolv_conf "ignore DHCP suggestion 'nameserver $new_domain_name_servers'"