[dns-operations] On-board resolvers (was Re: NANOG threat on government-ordered DNS poisoning and DNSSEC.)

Jan-Piet Mens jpmens.dns at gmail.com
Fri Nov 13 16:33:52 UTC 2015


> From time to time I wonder why there has not been an impetus toward
> on-board DNS resolvers: on the device, on the desktop, on the computer,
> everything running it's own resolver. Especially on devices that move
> around a lot (like laptops).

dnssec-trigger [1] by the fine people who brought us NSD and Unbound
does just that: it's a packaged Unbound which attempts to detect whether
DNSSEC is possible, alternatively tries DNS over port 443
(configurable), and updates resolv.conf accordingly. I've been using
this for several years, and it has passed the 100-hotel test. ;-)

        -JP

[1] https://www.nlnetlabs.nl/projects/dnssec-trigger/



More information about the dns-operations mailing list