It appears that Al Iverson via mailop <aiver...@wombatmail.com> said: >> On an debian/ubuntu system just >> >> apt install unbound >> >> It comes configured fairly safely, listening only on localhost. >> >> and edit /etc/resolv.conf to say >> >> nameserver 127.0.0.1 >> >> And there isn't much else to it for single machine. Indeed it is quite >> a good way to bring DNSSEC up to the local machine.
Yup. For us BSD users, it's even installed by default. >Until catching on to the limitations around DNSBL resolution >limitations, I'd been quite happy with public resolvers. Spamhaus has >been warning about them for a while, so I can't be surprised. I just >wasn't thinking much about it. The people in the Netherlands who wrote unbound know what they're doing. It's only a recursive resolver which avoids a lot of the crud associated with bind. (For authoritative DNS, there's the separate NSD program.) >(On my XNND DNS tools site, the web-based DNS tools by default will >rotate through a list of common public DNS servers, to help spread the >joy around. Maybe I'll add an allow list of DNSBL domains that use a >local resolver instead.) Just set up a local resolver and point all your queries at it. Unless your tools site is busy enough to need load balancers, the query load on unbound will be insignificant. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
