On 17 Oct 2016, at 13:37, Jesse V kernelcorn@torproject.org wrote:
On 10/16/2016 04:54 PM, Petrusko wrote:
Thx for this share.
But I'm not sure how Unbound is "speaking" with the roots DNS servers... Somewhere I've read that DNS queries can be forwarded by a "man in the middle", and the server operator can't be sure about this :s An ISP is able to do it with your "private server" hosted behind your ISP's router...
I see DNSsec to crypt DNS queries from a client to a server, but for sure it's not possible to use it with roots DNS servers...
My VPS host uses 8.8.8.8 for DNS by default. I think it's configured in their DHCP settings or something because 8.8.8.8 will end up in /etc/resolv.conf every time the VPS restarts. Consequently, I have to keep an eye on /etc/resolv.conf to ensure that it always points to my Unbound instance. I take immediate action if this is not the case.
You might find ServerDNSResolvConfFile useful if you want to avoid using the default system resolver file /etc/resolv.conf
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------------