Byung-Hee HWANG wrote in
<87ee13qxa1.fsf@penguin>:
...
|> First install a true local resolver such as bind9 or unbound and then
|> switch your system to use it instead of systemd-resolved. To switch to
|> bind9 you could try my
|> https://www.timedicer.co.uk/programs/help/bind9-resolved-switch.sh.php.
|>
|> [ If you want, bind9 can be set so that 'normal' lookups still go via
|> external (public) resolvers (as you specify in
|> /etc/bind/named.conf.options), but lookups for RBLs are routed
|> directly. Perhaps unbound can do the same (I haven't tried it). ]
|
|Wow it seems so difficult work! I need time to think! Thanks for your
|kind advice!! Thanks again... Dominic ^^^
I use dnsmasq for almost twenty years. On the laptop it listens
on all ip netns namespaces etc and /etc/resolv.conf is "nameserver
127.0.0.1". It locally caches but otherwise only contacts dnsmasq
on my vserv VM (via VPN address "server=192.0.2.1") where dnsmasq
sits for real. dnsmasq.conf is
#log-queries=extra
#conf-dir=/etc/dnsmasq.d/,*.conf
no-poll
bogus-priv
selfmx
addn-hosts=/etc/hosts.local
dnssec
conf-file=/usr/share/dnsmasq/trust-anchors.conf
# no-resolv,server= <- this is cool and can kind of split-DNS
no-resolv
server=ADDR1
server=ADDR2
server=8.8.8.8
^ I need multiple selections only ever since i have dnssec
enabled. Before ADDR1 was enough.
cache-size=10000
neg-ttl=30
min-cache-ttl=30
stop-dns-rebind
And i start dnsmasq via
DNSMASQ_ARGS='--pid-file=${pid} '\
'--conf-file=/root/hosts/${HOSTNAME}/dnsmasq.conf'
On the server resolv.conf is "nameserver 127.0.0.1" also.
I only use non-systemd systems and have no idea of that one.
('Can understand why you would want to put everything in one, but
do not like it.)
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
