On 14 Jul 2020, at 18:16, Martin Gregorie wrote:
On Tue, 2020-07-14 at 16:32 -0400, Kevin A. McGrail wrote:
Well, that is documented quite expressly here:
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver
A pointer to the wiki might be useful in the config files as well as
the
docs. Suggestions of which files?
local.cf is the obvious one.
Also: init.pre v330.pre and maybe v340.pre
I'm suggesting those because the new user MUST modify them (local.cf)
and the others because they would seem to be controlling modules that
issue DNS-like queries that a new user might consider killing off.
I also think that supplying simple boilerplate config files for bind
and
unbound that cause them to simply issue non-forwarded DNS queries
would
be a good idea because configuring bind for the first time is non-
trivial. I would have found configuring it quite difficult without
buying the O'Reilly 'locust' book "DNS and Bind".
-1
There are far too many ways that people have BIND already installed and
configured for a 3rd-party package to be able to safely provide a full
named.conf that will work for >90% of users who have modified their
configurations away from the defaults.
As noted on the page that Kevin cited, the default configuration for
BIND, Unbound, and the PDNS Resolver as packaged for the dominant Linux
distros is correct for a non-forwarding caching resolver. For BIND and
Unbound, this is also true on FreeBSD. For macOS, there is no 'standard
package' but the MacPorts packages for both BIND and Unbound do the
right thing with the default variants.
I haven't used unbound so have no idea how easy it would be to set up
to
support just non-forwarded queries.
Everywhere that I have used it, Unbound has been configured thus when
installed from the standard system package where one exists.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)
