Unbound(8) caching resolver no workie on fresh install :-(
rwmaillists at googlemail.com
Sat Oct 14 21:43:30 UTC 2017
On Thu, 12 Oct 2017 17:31:32 -0400
Baho Utot wrote:
> On 10/12/2017 12:58 PM, Ronald F. Guilmette wrote:
> > During this (fresh) install, I -never- explicitly selected any
> > option that would obcviously hav the effect of telling unbound to
> > forward/route all of its DNS queries through any other specific
> > name servers). So why on earth would it be doing so?
> Because the base system uses unbound as the resolver.
That doesn't explain why it forwards by default.
Is ISP cache poisoning entirely a thing of the past? IIRC there are
also attacks where a DSL router is hacked and reconfigured to give bogus
DNS servers via DHCP.
There's also the issue that mail servers should avoid using shared
caches because of per IP address limits on blocklists. Linux resolver
packages that set-up forwarding without making it clear have been a
problem for a while now.
More information about the freebsd-questions