[dns-operations] Best practices for Linux/UNIX stub resolver failover
Jonathan Stewart
jonathan.stewart at gmail.com
Wed Apr 23 18:22:54 UTC 2014
Robert Edmonds <edmonds at mycre.ws> wrote:
> Chuck Anderson wrote:
> > 2. Use a local DNS daemon on every server with forwarders configured
> > to the network's nameservers, and fix resolv.conf to 127.0.0.1.
>
> I'll shamelessly admit that I do this on all my Debian systems, where
> "apt-get install unbound resolvconf" results in exactly that
> configuration.
>
Does this result in a DNSSEC-validating resolver, as well?
If so, then Chuck's problem is actually a solved one, and his request (as
mine would be) is that the Linux distributions make this default, so long
as the setting of one or more recursive resolvers was easy.
Of course, in an environment where DNS queries have not been restricted,
this setup should run standalone, resolving DNS queries from the root.
>
> --
> Robert Edmonds
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
--
Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140423/216caa18/attachment.html>
More information about the dns-operations
mailing list