Simple caching DNS resolver
-
Hi,
Instead of running bind on a server in my local network, I wanted to setup a dns server on pfsense that simply serves as a resolver for the local network directly querying the root servers (not forwarding to the isp's dns servers).
I thought that I could do that with TinyDNS, but I guess I got that wrong.
Is tinyDNS only supposed to act as a dns server for my own domains?
Would I need unbound for that? Is it stable enough on 2.x?Thank you very much!
-
Why can't you use the pfSense DNS forwarder?
-
Because I need to query directly and not use any isp dns servers.
This is recommended for using rbls. -
@mxx:
Because I need to query directly and not use any isp dns servers.
The DNS forwarder can be configured to use any name server you want. I have configured my DNS forwarder to use OpenDNS rather than my ISPs DNS server.
-
Thanks :)
No, I can't use any open 3rd party dns servers, but query directly.I see unbound can do that, but I'm not sure about tinyDNS, I guess not? I wanted to use that since unbound being "alpha" suggested it to be less stable.
-
@mxx:
No, I can't use any open 3rd party dns servers, but query directly.
Then configure the IP address(es) of the DNS servers you want to use.
-
I think there's a misunderstanding ;)
To clarify parts of the reasons: http://www.spamhaus.org/faq/section/DNSBL%20Usage#365I always used a local bind9, but I'd rather run that on pfsense. That's why I asked about tinyDNS vs unbound in regards to this functionality.
-
"Then configure the IP address(es) of the DNS servers you want to use."
Wallabybob your clearly not understanding the question - he wants to query roots, then the authoritative NS for the domains he is looking, not some other recursive server like his isp, 4.2.2.2 or opendns, google, etc..
unbound can do this, I do with they would put that back - it was so nice when it was installed. But you could always just install bind pkg on pfsense.. Just would not be managed via the gui, etc.
-
unbound can do this, I do with they would put that back - it was so nice when it was installed.
There is unbound package available… so, what's the problem?
-
unbound did not function on 2.1, he states "is it stable enough on 2.x?" so would assume his is on 2.1
Has that changed - is unbound viable on 2.1 now?? If so that is great news to me.
-
Thanks for your replies.
Yes, unbound works and running stable for me since almost a week on 2.1 RC0 (using amd64 Jun 26 something at the moment).