Replace bind9 with unbound #2193
Conversation
|
Although I agree with the idea, this is too significant of a change to go out so soon after a major update. We'll be in bug-fix-only mode for a while. |
| # logfile: "/var/log/unbound.log" # won't work due to apparmor | ||
| # use-syslog: no |
There was a problem hiding this comment.
Coming back to this PR...
Is unbound logging to somewhere?
There was a problem hiding this comment.
It's logging to the systemd journal and to the syslog.
| @@ -0,0 +1,68 @@ | |||
| server: | |||
There was a problem hiding this comment.
How different is this from the stock configuration file when ubound is installed?
There was a problem hiding this comment.
A number of the options here are indeed the default for a stock configuration. The main differences are probably in the performance and hardening settings.
Some testing seems to confirm the unbound configuration will work out of the box.
setup/system.sh
Outdated
| apt-get purge -qq -y bind9 bind9-utils | ||
|
|
||
| # Install unbound and dns utils (e.g. dig) | ||
| apt_install unbound python3-unbound bind9-dnsutils |
There was a problem hiding this comment.
And I think python3-unbound isn't needed.
There was a problem hiding this comment.
That seems to be true
This pull request is one of a series of three I created after chasing some dns issues (e.g. here and here but there are more reports of dns issues on github and on the forum)
This pull request can be used separate from the other two (#2191 and #2192). It replaces the bind9 dns resolver with the unbound dns resolver. Reasons: Mail-in-a-Box only uses the recursive part of bind9. Thus replacing with unbound makes for a simpler installation and configuration. It is also a good companion to nsd which is for authorative DNS only.