Maintained by: NLnet Labs

inconsistent forward-zone behavior between config files, unbound-control

A. Schulze
Tue Sep 22 20:19:51 CEST 2015



Am 22.09.2015 um 19:02 schrieb Mike Brown via Unbound-users:
> * by default, queries go to my ISP's resolvers (Comcast: 75.75.75.75 &
> 75.75.76.76)
why would you do that?

I expect Comcast not to block other DNS queries? Assuming that I would suggest
to run unbound simply in default configuration -> resolving direct via root nameservers.
No default forwarding -> no need to configure exceptions for DNSBL zones.

Also I'm not aware any unbound configuration is modified in any way by a DHCP client.
I use to ignore any resolver announced by a DHCP server:

$ stat --printf "%a\n" /etc/dhcp/dhclient-enter-hooks.d/do_not_touch_resolv_conf
755

$ cat /etc/dhcp/dhclient-enter-hooks.d/do_not_touch_resolv_conf
#!/bin/sh
make_resolv_conf() {
  logger -p daemon.info -t /etc/dhcp/dhclient-enter-hooks.d/do_not_touch_resolv_conf "ignore DHCP suggestion 'nameserver $new_domain_name_servers'"
  :
}