Feature #3294

Add unbound as DNS resolver for DNSBLs

Added by Filippo Carletti almost 6 years ago. Updated over 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-unbound
Target version:v6.7
Resolution: NEEDINFO:No

Description

Some DNSBLs limit the maximum number of queries coming from the same ip address. All common public DNS servers and ISP servers are usually blocked.
To overcome this limitation, we need a recursive non-forwarding resolver: unbound is the best candidate.
Dnsmasq will redirect certain queries for DNSBLs to unbound non standard port 10053.


Related issues

Related to NethServer 6 - Feature #3302: Use DNSBL to fight spam CLOSED

Associated revisions

Revision 9e642851
Added by Filippo Carletti almost 6 years ago

Initial release. Refs #3294

Revision 6917876b
Added by Filippo Carletti almost 6 years ago

Use UDPPort. Refs #3294

Revision ff334a24
Added by Filippo Carletti almost 6 years ago

Set UDPPort default to 10053. Refs #3294

History

#1 Updated by Filippo Carletti almost 6 years ago

  • Status changed from NEW to TRIAGED
  • Assignee set to Filippo Carletti
  • Target version changed from ~FUTURE to v6.7
  • % Done changed from 0 to 20

#2 Updated by Filippo Carletti almost 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#4 Updated by Filippo Carletti almost 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Filippo Carletti)
  • % Done changed from 30 to 60

#5 Updated by Filippo Carletti almost 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-unbound-0.1.0-1.ns6.noarch.rpm
unbound-1.5.1-1.el6.x86_64.rpm
unbound-libs-1.5.1-1.el6.x86_64.rpm

Test case

  • install nethserver-unbound
    yum --enablerepo=nethserver-testing install nethserver-unbound
    
  • verify unbound is running and will start at boot
    [root@nscom ~]# pgrep unbound
    4299
    [root@nscom ~]# chkconfig --list | grep unbound
    unbound            0:off    1:off    2:on    3:on    4:on    5:on    6:off
    [root@nscom ~]# fuser -vn udp 10053
                         USER        PID ACCESS COMMAND
    10053/udp:           unbound    4299 F.... unbound
    

Note that pid in pgrep output matches pid in lsof output.

#6 Updated by Filippo Carletti almost 6 years ago

#7 Updated by dz0 0te almost 6 years ago

  • Assignee set to dz0 0te

#8 Updated by dz0 0te almost 6 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (dz0 0te)
  • % Done changed from 70 to 90

System and Package Version installed
VM KVM - Clean install of Nethserver 6.7 fully updated
Package Installed:
Other Package installed: Email,File server,MySQL server,POP3 connector,POP3 proxy,Web server

Test Original Problem
Feature

Install Updated Package

yum --enablerepo=nethserver-testing install nethserver-unbound

Test Results after update
Test case 1:
installing:

 nethserver-unbound                     noarch                     0.1.0-1.ns6                       nethserver-testing                      25 k
Installing for dependencies:
 libevent                               x86_64                     1.4.13-4.el6                      centos-base                             66 k
 unbound                                x86_64                     1.5.1-1.el6                       nethserver-testing                     1.2 M
 unbound-libs                           x86_64                     1.5.1-1.el6                       nethserver-testing                     342 k

# pgrep unbound
3728

# chkconfig --list | grep unbound
unbound            0:off    1:off    2:on    3:on    4:on    5:on    6:off

# fuser -vn udp 10053
                     USER        PID ACCESS COMMAND
10053/udp:           unbound    3728 F.... unbound

Verified or Reopen
Verified

Note

#9 Updated by Giacomo Sanchietti over 5 years ago

  • Description updated (diff)

#10 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-unbound-1.0.0-1.ns6.noarch.rpm
  • unbound-1.5.1-1.el6.x86_64.rpm
  • unbound-libs-1.5.1-1.el6.x86_64.rpm

Also available in: Atom PDF