[conspire] Unbound and DHCP on home computer
Philip Martin
phillip.martin at gmail.com
Mon Dec 14 16:44:28 PST 2009
a quick google with the terms: networkmanager resolve.conf ubuntu
seems to bring up a number of promising routes, ranging from disabling
networkmanager, to preventing networkmanager from obtaining DNS
information from DHCP to preventing networkmanager from writing to
your resolve.conf.
To clarify your comment on DNS, Unbound, being a recursive nameserver,
is actually seeded with a list of root nameservers (aka the "root
hints" file), which it then uses to move down the DNS delegation tree
until it can contact an authoritative nameserver for a given query.
It's worth noting that running your own recursive nameserver does you
no good security-wise if your DNS queries get hijacked by your ISP
(ala Comcast). If you are interested in enhancing the security of
your DNS lookups, DNSSEC would also be a good thing to look into, even
in it's current fragmented form.
-Philip
On Mon, Dec 14, 2009 at 4:10 PM, <roger at rogerchrisman.com> wrote:
> Hi all,
>
>
> What is a simple, appropriate (er, hopefully that wont unduly
> interfere with my DHCP network configuration on this fairly default
> Xubuntu 9.10 home laptop) way for me to tell this laptop to consult
> its own Unbound service instead of
> my ISP, and that will not be overwritten by DHCP every time I bring up
> my network interface?
>
>
> Details:
>
> I decided to experiment with running Unbound for DNS on my home laptop.
>
> sudo apt-get install unbound
>
> (I used Synaptic Package Manager instead actually but I think it
> accomplished basically the above.)
>
> So now I want my laptop to use its own, newly installed, Unbound
> service for DNS lookups instead of my ISP's DNS service.
>
> I'm running a fairly default new Xubuntu 9.10 install on this oldish,
> 2003, laptop. It connects to my home's wireless router via DHCP and
> gets its DNS instructions from that router which has them from Comcast
> I think because the router is in turn set up to connect to Comcast
> also via DHCP.
>
> To get my computer to ask Unbound for domain name look-ups instead of
> asking the router, per Rick's suggestion, into /etc/resolv.conf I put:
>
> nameserver 127.0.0.1
>
> This works great, with Unbound consulting some I presume authoritative
> name servers designated somewhere in the default Unbound conf files.
>
> Untill... MetworkManager _overwrites_ my "nameserver 127.0.0.1" in
> /etc/resolv.conf however with the following, next time I restart my
> computer or turn the wireless interface off and then on again:
>
> # Generated by NetworkManager
> nameserver 192.168.254.254
>
> That is my default gateway, er, wireless router, and my computer is
> back to asking Comcast for DNS.
>
>
> So, back to a simple question:
>
> What is an elegant way for me to tell my computer to consult its own
> Unbound service instead of
> my ISP, and that will not be overwritten by DHCP every time I bring up
> my network interface?
>
>
> Why?
>
> If Comcast's DNS gets poisoned and WellsFargo.com for example starts
> pointing to a look alike phishing site, Comcast will have a major
> brand problem. I hope that does not happen. But the thought that it
> could prompted me to experiment with installing Unbound on my home
> Xubuntu computer.
>
>
> Also,
>
> I like pictures, so here is one of my, I expect fairly typical, home network.
>
> Comcast Cable Internet Service
> |
> Cable snaking under our lawn, up the wall and into our house
> |
> Cable modem
> |
> (via DHCP)
> |
> Wireless router (again via DHCP)) ) ) ) ) ) )
> . . .
> . . .
> . . .
> My computer Wife's computer Other computer
>
>
>
> Ah, the levels of brand trust we extend when doing online banking and
> online commerce!
>
> Roger Chrisman
> Palo Alto
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
>
More information about the conspire
mailing list