Feature #3294
Add unbound as DNS resolver for DNSBLs
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-unbound | |||
| Target version: | v6.7 | |||
| Resolution: | NEEDINFO: | No |
Description
Some DNSBLs limit the maximum number of queries coming from the same ip address. All common public DNS servers and ISP servers are usually blocked.
To overcome this limitation, we need a recursive non-forwarding resolver: unbound is the best candidate.
Dnsmasq will redirect certain queries for DNSBLs to unbound non standard port 10053.
Related issues
Associated revisions
Initial release. Refs #3294
Use UDPPort. Refs #3294
Set UDPPort default to 10053. Refs #3294
History
#1
Updated by Filippo Carletti almost 6 years ago
- Status changed from NEW to TRIAGED
- Assignee set to Filippo Carletti
- Target version changed from ~FUTURE to v6.7
- % Done changed from 0 to 20
#2
Updated by Filippo Carletti almost 6 years ago
- Status changed from TRIAGED to ON_DEV
- % Done changed from 20 to 30
#3
Updated by Filippo Carletti almost 6 years ago
See my repo on github:
https://github.com/filippocarletti/nethserver-unbound
#4
Updated by Filippo Carletti almost 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Filippo Carletti) - % Done changed from 30 to 60
#5
Updated by Filippo Carletti almost 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-unbound-0.1.0-1.ns6.noarch.rpm
unbound-1.5.1-1.el6.x86_64.rpm
unbound-libs-1.5.1-1.el6.x86_64.rpm
Test case
- install nethserver-unbound
yum --enablerepo=nethserver-testing install nethserver-unbound
- verify unbound is running and will start at boot
[root@nscom ~]# pgrep unbound 4299 [root@nscom ~]# chkconfig --list | grep unbound unbound 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@nscom ~]# fuser -vn udp 10053 USER PID ACCESS COMMAND 10053/udp: unbound 4299 F.... unbound
Note that pid in pgrep output matches pid in lsof output.
#6
Updated by Filippo Carletti almost 6 years ago
- Related to Feature #3302: Use DNSBL to fight spam added
#7
Updated by dz0 0te almost 6 years ago
- Assignee set to dz0 0te
#8
Updated by dz0 0te almost 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
dz0 0te) - % Done changed from 70 to 90
System and Package Version installed
VM KVM - Clean install of Nethserver 6.7 fully updated
Package Installed:
Other Package installed: Email,File server,MySQL server,POP3 connector,POP3 proxy,Web server
Test Original Problem
Feature
Install Updated Package
yum --enablerepo=nethserver-testing install nethserver-unbound
Test Results after update
Test case 1:
installing:
nethserver-unbound noarch 0.1.0-1.ns6 nethserver-testing 25 k Installing for dependencies: libevent x86_64 1.4.13-4.el6 centos-base 66 k unbound x86_64 1.5.1-1.el6 nethserver-testing 1.2 M unbound-libs x86_64 1.5.1-1.el6 nethserver-testing 342 k
# pgrep unbound
3728
# chkconfig --list | grep unbound
unbound 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# fuser -vn udp 10053
USER PID ACCESS COMMAND
10053/udp: unbound 3728 F.... unbound
Verified or Reopen
Verified
Note
#9
Updated by Giacomo Sanchietti over 5 years ago
- Description updated (diff)
#10
Updated by Giacomo Sanchietti over 5 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-unbound-1.0.0-1.ns6.noarch.rpm
- unbound-1.5.1-1.el6.x86_64.rpm
- unbound-libs-1.5.1-1.el6.x86_64.rpm