[conspire] Unbound and DHCP on home computer

roger at rogerchrisman.com roger at rogerchrisman.com
Mon Dec 14 16:10:52 PST 2009 

Hi all,


What is a simple, appropriate (er, hopefully that wont unduly
interfere with my DHCP network configuration on this fairly default
Xubuntu 9.10 home laptop) way for me to tell this laptop to consult
its own Unbound service instead of
my ISP, and that will not be overwritten by DHCP every time I bring up
my network interface?


Details:

I decided to experiment with running Unbound for DNS on my home laptop.

sudo apt-get install unbound

(I used Synaptic Package Manager instead actually but I think it
accomplished basically the above.)

So now I want my laptop to use its own, newly installed, Unbound
service for DNS lookups instead of my ISP's DNS service.

I'm running a fairly default new Xubuntu 9.10 install on this oldish,
2003, laptop. It connects to my home's wireless router via DHCP and
gets its DNS instructions from that router which has them from Comcast
I think because the router is in turn set up to connect to Comcast
also via DHCP.

To get my computer to ask Unbound for domain name look-ups instead of
asking the router, per Rick's suggestion, into /etc/resolv.conf I put:

nameserver 127.0.0.1

This works great, with Unbound consulting some I presume authoritative
name servers designated somewhere in the default Unbound conf files.

Untill... MetworkManager _overwrites_ my "nameserver 127.0.0.1" in
/etc/resolv.conf however with the following, next time I restart my
computer or turn the wireless interface off and then on again:

# Generated by NetworkManager
nameserver 192.168.254.254

That is my default gateway, er, wireless router, and my computer is
back to asking Comcast for DNS.


So, back to a simple question:

What is an elegant way for me to tell my computer to consult its own
Unbound service instead of
my ISP, and that will not be overwritten by DHCP every time I bring up
my network interface?


Why?

If Comcast's DNS gets poisoned and WellsFargo.com for example starts
pointing to a look alike phishing site, Comcast will have a major
brand problem. I hope that does not happen. But the thought that it
could prompted me to experiment with installing Unbound on my home
Xubuntu computer.


Also,

I like pictures, so here is one of my, I expect fairly typical, home network.

Comcast Cable Internet Service
 |
Cable snaking under our lawn, up the wall and into our house
 |
Cable modem
 |
(via DHCP)
 |
Wireless router (again via DHCP)) )  )   )   )     )     )
 .                      .                            .
 .                        .                             .
 .                           .                              .
My computer       Wife's computer        Other computer



Ah, the levels of brand trust we extend when doing online banking and
online commerce!

Roger Chrisman
Palo Alto

More information about the conspire mailing list