Discussion:
Importing unbound
(too old to reply)
Matt Thomas
2015-05-04 23:15:19 UTC
Permalink
I think we should include unbound as an alternative for named so it can be used .

http://www.unbound.net/

named is just “too big” for me to be comfortable with.

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
David Brownlee
2015-05-05 13:22:36 UTC
Permalink
Post by Matt Thomas
I think we should include unbound as an alternative for named so it can be used .
http://www.unbound.net/
named is just “too big” for me to be comfortable with.
I tend to install dnsmasq everywhere for 'light weight' dns & dhcp
usage, just a pity its a GPL licence.

Though I also agree there should be a lightweight dns resolving daemon
in base and unbound fits the bill for that perfectly.

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Roy Marples
2015-05-06 08:26:57 UTC
Permalink
Post by David Brownlee
Post by Matt Thomas
I think we should include unbound as an alternative for named so it can be used .
http://www.unbound.net/
named is just “too big” for me to be comfortable with.
I agree with this whole heartedly.
Post by David Brownlee
I tend to install dnsmasq everywhere for 'light weight' dns & dhcp
usage, just a pity its a GPL licence.
Though I also agree there should be a lightweight dns resolving daemon
in base and unbound fits the bill for that perfectly.
dnsmasq is a lot more light weight than unbound for sure, however using
dnsmasq as a cache can be problematic as it strips stuff it doesn't
understand (or want) from the upstream replies which you may need when
debugging.

Also, unless you have dbus installed (and dnsmasq built for it), there
is a minor race window where you could be re-starting dnsmasq to pickup
a new confile set by resolvconf(8). named also has this flaw, unbound
does not as it re-reads everything on SIGHUP.

Saying that, unbound does have one flaw as a local dns cache - it won't
do reverse lookup on private IP's by default - you need a config section
similar to this:

server:
pidfile: "/var/run/unbound.pid"

# Allow reverse IPv4 local network queries
local-zone: "10.in-addr.arpa." nodefault
local-zone: "168.192.in-addr.arpa." nodefault

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
John Nemeth
2015-05-06 18:28:49 UTC
Permalink
On May 6, 9:26am, Roy Marples wrote:
} On 05/05/2015 14:22, David Brownlee wrote:
} > On 5 May 2015 at 00:15, Matt Thomas <***@3am-software.com> wrote:
} >>
} >> I think we should include unbound as an alternative for named so it can be used .
} >>
} >> http://www.unbound.net/
} >>
} >> named is just “too big” for me to be comfortable with.
}
} I agree with this whole heartedly.
}
} > I tend to install dnsmasq everywhere for 'light weight' dns & dhcp
} > usage, just a pity its a GPL licence.
} >
} > Though I also agree there should be a lightweight dns resolving daemon
} > in base and unbound fits the bill for that perfectly.
}
} dnsmasq is a lot more light weight than unbound for sure, however using
} dnsmasq as a cache can be problematic as it strips stuff it doesn't
} understand (or want) from the upstream replies which you may need when
} debugging.
}
} Also, unless you have dbus installed (and dnsmasq built for it), there
} is a minor race window where you could be re-starting dnsmasq to pickup
} a new confile set by resolvconf(8). named also has this flaw, unbound
} does not as it re-reads everything on SIGHUP.

Why would a DNS server be reading /etc/resolv.conf at all?
That file is for use by the resolver library and has nothing to do
with the server. I'm pretty sure named won't be reading it.

}-- End of excerpt from Roy Marples

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Lloyd Parkes
2015-05-09 00:34:58 UTC
Permalink
I think unbound would make a good addition to NetBSD.

There are a myriad of ways DNS servers can be hooked together and configured to deliver the myriad of needs that NetBSD users have and unbound provides a good starting point for building a DNS infrastructure.

I expect that for most people unbound will be their entire DNS infrastructure even if that’s unlikely to be the case for many people on this list.

Cheers,
Lloyd
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
David Brownlee
2015-05-06 09:04:46 UTC
Permalink
Post by Roy Marples
dnsmasq is a lot more light weight than unbound for sure, however using
dnsmasq as a cache can be problematic as it strips stuff it doesn't
understand (or want) from the upstream replies which you may need when
debugging.
Also, unless you have dbus installed (and dnsmasq built for it), there
is a minor race window where you could be re-starting dnsmasq to pickup
a new confile set by resolvconf(8). named also has this flaw, unbound
does not as it re-reads everything on SIGHUP.
Looks like that has been fixed in recent dnsmasq (which is nice)

"Sending SIGHUP to the dnsmasq process will cause it to empty its cache and
then re-load <TT>/etc/hosts</TT> and <TT>/etc/resolv.conf</TT>."

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Roy Marples
2015-05-06 09:19:51 UTC
Permalink
Post by David Brownlee
Post by Roy Marples
dnsmasq is a lot more light weight than unbound for sure, however using
dnsmasq as a cache can be problematic as it strips stuff it doesn't
understand (or want) from the upstream replies which you may need when
debugging.
Also, unless you have dbus installed (and dnsmasq built for it), there
is a minor race window where you could be re-starting dnsmasq to pickup
a new confile set by resolvconf(8). named also has this flaw, unbound
does not as it re-reads everything on SIGHUP.
Looks like that has been fixed in recent dnsmasq (which is nice)
"Sending SIGHUP to the dnsmasq process will cause it to empty its cache and
then re-load <TT>/etc/hosts</TT> and <TT>/etc/resolv.conf</TT>."
SIGHUP will not trigger dnsmasq to re-read it's configuration file
(/usr/pkg/etc/dnsmasq.conf) though, which is what I need it to do.
Upstream were not too eager about fixing that when I brought it up a
long time ago.

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Roy Marples
2015-05-06 18:20:04 UTC
Permalink
} dnsmasq is a lot more light weight than unbound for sure, however using
} dnsmasq as a cache can be problematic as it strips stuff it doesn't
} understand (or want) from the upstream replies which you may need when
} debugging.
}
} Also, unless you have dbus installed (and dnsmasq built for it), there
} is a minor race window where you could be re-starting dnsmasq to pickup
} a new confile set by resolvconf(8). named also has this flaw, unbound
} does not as it re-reads everything on SIGHUP.
Why would a DNS server be reading /etc/resolv.conf at all?
That file is for use by the resolver library and has nothing to do
with the server. I'm pretty sure named won't be reading it.
}-- End of excerpt from Roy Marples
dnsmasq will read /etc/resolv.conf for upstream name servers to forward
requests to. It assumes that /etc/resolv.conf would be set appropriately by
say a PPP or DHCP client.

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Marc Balmer
2015-08-10 19:15:33 UTC
Permalink
Post by Matt Thomas
I think we should include unbound as an alternative for named so it can be used .
http://www.unbound.net/
named is just “too big” for me to be comfortable with.
if "size" is the argument, then we should probably replace a few more
subsystems:

- instead of ntpd we could go for openntpd
- instead of gcc/llvm (man, how big are these guys?) we could just go
for lua/luac
- X11 could be replaced by mgr...
- Do we really need networking?

(just my 2 cents, though most probably better spent on chewing gum...)

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...