Quoting Jaromil (jaro...@dyne.org): > On Sun, 01 Jan 2017, Rick Moen wrote: > > > IMO look no further than Unbound > > I disagree :^) It is worth looking further here. > > In Dowse, our free software project focusing on layer 2 and 3 > awareness on LAN, we are working a lot on DNS using dnscrypt. > > This is the surface http://crowd.dowse.eu
It's very interesting. In skimming through the dnscrypt source code, I see that it's a DNS tool to proxy queries over DNSCrypt protocol (that invokes ldns in the process of doing its work) -- but it is not a recursive nameserver: I see no routines in it that do recursive queries. Thus, unless I'm missing something important, any Linux host involved will still need to send all DNS queries handled by dnscrypt and ldns (and any other DNSCrypt-protocol infrastructure) to a recursive DNS nameserver -- somewhere. Most people end up, through taking the path of least resistance, outsourcing recursive DNS, the way Hendrik Boom outsources it to Google Public DNS (IPs 8.8.8.8 and 8.8.4.4) in his resolv.conf. My modest suggestion is that it's in Linux users' interest to not outsource recursive service to anyone at all. Having the necessary recursive nameservice be on one of one's own local machines improves network performance, reliability, and security, IMO. I do admire NL LABs's ldns (https://www.nlnetlabs.nl/projects/ldns/): It's a very modern, well-done DNS client library, basis for the 'drill' utility (a better replacement for both dig and nslookup). > Devuan doesn't install any dnscaching BTW. Well, not system-wide. A variety of applications will do it whether you want them to or not. ;-> _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng