Quoting Simon Walter (si...@gikaku.com):
> Thanks for the bits of wisdom.
>
> Do you know any papers/articles/sites that discuss and explain this more?
As Steve says, the crusty enfant-terrible of software, Prof. D.J.
Bernstein, had some useful things to say about this, so, sure, start
there. I
Quoting Dimitris via Dng (dng@lists.dyne.org):
> depends on the role...
> bind as a local caching dns for PCs might be overhead. some people
> would want something minimal/light for recursion, not the whole bind
> "beast"...
> unbound is very light in that perspective, and also found dqcache
> (pa
Quoting Olaf Meeuwissen (paddy-h...@member.fsf.org):
> I have a dnsmasq instance that does *authorative* resolution for an
> internal domain.
Well, pseudo-authoritative.
> Anything not in that domain is forwarded to the corporate DNS servers.
> Works fine for me so I think dnsmasq can be more th
On 11/3/20 8:44 PM, Olaf Meeuwissen via Dng wrote:
Hi Rick,
Rick Moen writes:
Quoting g4sra via Dng (dng@lists.dyne.org):
Can anybody suggest a suitable authoritative/recursive DNSSEC
supporting name server for SOHO domain use on embedded systems. What
I am looking for is something like dns
On 11/3/20 4:36 PM, Steve Litt wrote:
On Sat, 31 Oct 2020 09:08:50 +0900
Simon Walter wrote:
On 10/30/20 7:29 AM, Rick Moen wrote:
...
FWIW, I am no longer comfortable with the idea of a combined
authoritative/recursive server on a publicly exposed static IP.
That has been deprecated for long
*sighs*
PIDfiles are not the right way to communicate with daemons.
I stopped there.
Bernard (Beer) Rosset
https://rosset.net/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
On Tue, 3 Nov 2020 14:55:40 -0500
Mason Loring Bliss wrote:
> On Tue, Nov 03, 2020 at 12:24:35PM +0900, Simon Walter wrote:
> But yes. I'd found an issue where Unbound wasn't obeying service
> management in Devuan, and then that spiraled out into it being
> CVE-worthy. But for our purposes, unbo
On 11/3/20 9:55 PM, Mason Loring Bliss wrote:
For my part, I've stopped using unbound at all. I've been using BIND for
many years, and it works just fine in this role too.
depends on the role...
bind as a local caching dns for PCs might be overhead. some people would
want something minimal/li
On Tue, Nov 03, 2020 at 12:24:35PM +0900, Simon Walter wrote:
> > Could it be related to this?
> >
> > https://github.com/NLnetLabs/unbound/issues/303
>
> I don't think so - unless you are paranoid about anything that RH employees
> contribute to.
Hah, if you're paranoid about projects RH emplo
On Tue, 3 Nov 2020 02:50:37 -0500
Steve Litt wrote:
> On Thu, 29 Oct 2020 16:53:43 +
> g4sra via Dng wrote:
>
> > On 29/10/2020 13:44, Michael Neuffer wrote:
> > > On 10/29/20 2:27 PM, d...@d404.nl wrote:
> > --snip--
> > >> To ease the maintenance of those servers i intend to migra
Hi Rick,
Rick Moen writes:
> Quoting g4sra via Dng (dng@lists.dyne.org):
>
>> Can anybody suggest a suitable authoritative/recursive DNSSEC
>> supporting name server for SOHO domain use on embedded systems. What
>> I am looking for is something like dnsmasq.
>
> dnsmasq, it should be noted, is _
On Thu, 29 Oct 2020 16:53:43 +
g4sra via Dng wrote:
> On 29/10/2020 13:44, Michael Neuffer wrote:
> > On 10/29/20 2:27 PM, d...@d404.nl wrote:
> --snip--
> >> To ease the maintenance of those servers i intend to migrate them
> >> to docker containers. I wonder people on this list have exper
On Sat, 31 Oct 2020 13:18:56 +1100
wirelessduck--- via Dng wrote:
> > On 31 Oct 2020, at 10:52, Simon Walter wrote:
> >
> > On 10/30/20 3:19 AM, Bernard Rosset via Dng wrote:
> >>> That said, I've stopped using unbound and I'm using straight BIND
> >>> as my local resolver lately. It's pleas
On Sat, 31 Oct 2020 09:08:50 +0900
Simon Walter wrote:
> On 10/30/20 7:29 AM, Rick Moen wrote:
> ...
> > FWIW, I am no longer comfortable with the idea of a combined
> > authoritative/recursive server on a publicly exposed static IP.
> > That has been deprecated for long decades as bad security,
On 10/31/20 11:18 AM, wirelessduck--- via Dng wrote:
On 31 Oct 2020, at 10:52, Simon Walter wrote:
On 10/30/20 3:19 AM, Bernard Rosset via Dng wrote:
That said, I've stopped using unbound and I'm using straight BIND as my
local resolver lately. It's pleasant.
From what we discovered about
Simon Walter wrote:
> On 10/30/20 3:19 AM, Bernard Rosset via Dng wrote:
>>> That said, I've stopped using unbound and I'm using straight BIND as my
>>> local resolver lately. It's pleasant.
>>
>> From what we discovered about unbound during one of the meetings, I
>> clearly do not trust that tech
> On 31 Oct 2020, at 10:52, Simon Walter wrote:
>
> On 10/30/20 3:19 AM, Bernard Rosset via Dng wrote:
>>> That said, I've stopped using unbound and I'm using straight BIND as my
>>> local resolver lately. It's pleasant.
>> From what we discovered about unbound during one of the meetings, I cl
On 10/30/20 7:29 AM, Rick Moen wrote:
...
FWIW, I am no longer comfortable with the idea of a combined
authoritative/recursive server on a publicly exposed static IP.
That has been deprecated for long decades as bad security, particularly
because it increases the risk of cache poisoning of the re
On 10/30/20 3:19 AM, Bernard Rosset via Dng wrote:
That said, I've stopped using unbound and I'm using straight BIND as my
local resolver lately. It's pleasant.
From what we discovered about unbound during one of the meetings, I
clearly do not trust that technology.
What meetings? Is it pos
my vote is for pdns-recursor. i’ve been using it for all sorts of different
types of networks since version 1.n days. it can handle thousands of queries
per second. it’s the first thing i install on any new system. coupled with
dns-dist, it can handle recursive dns-over-https queries as well.
On 10/29/20 5:53 PM, g4sra via Dng wrote:
On 29/10/2020 13:44, Michael Neuffer wrote:
On 10/29/20 2:27 PM, d...@d404.nl wrote:
--snip--
To ease the maintenance of those servers i intend to migrate them to
docker containers. I wonder people on this list have experience on this
subject?
You
Quoting g4sra via Dng (dng@lists.dyne.org):
> Can anybody suggest a suitable authoritative/recursive DNSSEC
> supporting name server for SOHO domain use on embedded systems. What
> I am looking for is something like dnsmasq.
dnsmasq, it should be noted, is _just_ a forwarder. It forwards
outbou
On 29/10/2020 18:19, Bernard Rosset via Dng wrote:
>> That said, I've stopped using unbound and I'm using straight BIND as my
>> local resolver lately. It's pleasant.
>
> From what we discovered about unbound during one of the meetings, I clearly
> do not trust that technology. Too bad: it was on
That said, I've stopped using unbound and I'm using straight BIND as my
local resolver lately. It's pleasant.
From what we discovered about unbound during one of the meetings, I
clearly do not trust that technology. Too bad: it was on my to-test list.
However, unbound is recursive-only IIRC.
On Thu, Oct 29, 2020 at 04:53:43PM +, g4sra via Dng wrote:
> Please correct me if I am mistaken, I thought 'unbound' was tied to
> 'systemd creep' nowadays and have been avoiding it for that reason alone.
No, that's systemd-resolved. Unbound is unrelated.
That said, I've stopped using unboun
You're wrong, unbound worked and still works fine without systemd.
Στις 29 Οκτωβρίου 2020 6:53:43 μ.μ. EET, ο/η g4sra via Dng
έγραψε:
>On 29/10/2020 13:44, Michael Neuffer wrote:
>> On 10/29/20 2:27 PM, d...@d404.nl wrote:
>--snip--
>>> To ease the maintenance of those servers i intend to migrat
On 29/10/2020 13:44, Michael Neuffer wrote:
> On 10/29/20 2:27 PM, d...@d404.nl wrote:
--snip--
>> To ease the maintenance of those servers i intend to migrate them to
>> docker containers. I wonder people on this list have experience on this
>> subject?
>
>
> You might want to take a look at thi
27 matches
Mail list logo
