[Dnsmasq-discuss] Can I set up dnsmasq to act as a local caching recursive DNS server?
/dev/rob0
rob0 at gmx.co.uk
Mon Jun 24 03:01:46 BST 2013
On Mon, Jun 24, 2013 at 07:21:58AM +1000, Robert S wrote:
> >> I've been advised that my URIBL query traffic may be
> >> aggregated with many others and that I need to use a
> >> local caching recursive DNS server.
> >>
> > This isn't a problem for me, because my mail server is
> > also an authoritative NS server, and it runs BIND named.
> > I only run dnsmasq in SOHO settings.
>
(But then about how I use BIND named as upstream server for
dnsmasq...)
>
> This looks like a simple solution. I've looked at unbound,
> which seems to be easy to set up the same way.
Probably. I just use BIND because I know it.
> I've found a simpler solution which seems to work - I've used the
> OpenDNS nameserver addresses in my resolv.conf. Their website
> state "OpenDNS is the largest and most reliable _recursive_ DNS
> service ...". It appears that the previous problems with typo
> correction etc have been sorted out. I no longer get error
> messages about URIBL queries.
>
> Would this be suitable for a SOHO network? I'd be interested to
> hear comments.
With OpenDNS you have the same issue with any DNSBL service that
limits the number of queries per client. That "client" is you and
every other OpenDNS user who is querying any given DNSBL, maybe
divided by the total number of OpenDNS outbound recursors.
A secondary issue is that you again rely on a cache you don't
control. You likewise don't control the upstream cache's DNSSEC
policy, which is likely to mean that you're not having signatures
validated at all.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the Dnsmasq-discuss
mailing list