[dns-operations] Local Recursors (Was: Google DNS etc....)

[Jeroen Massar]

Paul Vixie wrote:
[..]
> way to salute the competition :-).  could somebody make an apt-get bundle that
> does this for BIND and PowerDNS as well?  someone deeply involved with debian,
> perhaps?

Well, as you mentioned that BIND already does listen only on loopback
and only recurses for those, that one is solved, so is pdns-resursor,
just apt-get, insert 127.0.0.1 in resolv.conf, presto.

For that matter, it is one of the 'solutions' for the many people who
want to "Disable IPv6 as the internet is so slow" aka "the
dsl/cable-modem natbox doesn't have a proper dns cache/recursor and it
is dropping IPv6 records"-problem.

Of course, local recursors break again when one is in a walled-garden
environment.

>> the main problem with encouraging people to run their own recursive DNS
>> occurs when mobile users visit a network that intercepts or blocks port
>> 53.  afaik there isn't an easy point&click way to toggle between the
>> locally installed recursive nameserver and the nameservers provided via
>> DHCP, nor is there a good way to detect and alert the user that port 53
>> mangling is occurring.
> 
> i've had precisely this problem with opensuse on my laptop.  they have a
> thing called "netconfig update" which looks at /etc/sysconfig/network/config
> and regenerates /etc/resolv.conf or the forwarders list included by named.conf
> but apparently i'd need to hack it quite a bit to make it turn forwarding on
> and off.

Debian has the resolvconf package for this and they have tried to get
afaik any program that ever even would change resolv.conf to use that
interface, it thus allows you to block/override etc.

Greets,
 Jeroen


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20091206/447bc4c7/attachment.sig>