[conspire] Internet Privacy: today's vote and measures to take

Rick Moen rick at linuxmafia.com
Mon Apr 3 15:22:29 PDT 2017 

Quoting Ivan Sergio Borgonovo (mail at webthatworks.it):

> My reasons are:
> 1) bind and unbound are far more complicated to configure and
> convince to work with a dhcp than dnsmasqd

This is wrong.

BIND is complicated for reasons having nothing to do with its recursive
functionality, which is simple.  Unbound is extremely simple.

You would not seek to _replace_ Dnsmasqd.  You would merely make
Dnsmasqd point to your recursive server.  After all, you need to make
Dnsmasqd point to _some_ recursive server, somewhere, otherwise it won't
function, because it cannot do that job.  So, all I'm suggesting is 
to point it to _your_ recursive server rather than outsourcing.

> 2) they are more resource demanding and can't be put on a cheap
> replaceable piece of hardware

Unbound takes ridiulously little in the way of machine resources.
Actually, nameservers in general require only a ridiculous pittance of
RAM and CPU.  You could use a 386 with 16 MB of RAM if you could find an
*ix still about to run on that and if you could trust creaky old
hardware.

BIND9 is relatively speaking a hog because BIND has always been a hog.
(That is one of the reasons to cease using it.)

> 3) I'm lazy

Anything is more difficult than doing absolutely nothing, true.

Here is how you set up Unbound:

1.  apt-get install unbound
2.  Review the ACLs in /etc/unbound/unbound.conf to make sure your
    IPs can reach it.
3.  Point what uses recursive DNS (Dnsmasq in your case) to it.

No administration required.


> Once I'll be on more capable hardware and possibly on a fixed IP I
> may simply run bind + dnsmasqd and transfer my home zone to my local
> bind.

Even without a fixed IP, and even if you don't even have fixed RFC1918 
IP addresses, running a recursive nameserver bound to loopback is
beneficial.

> However my dnsmasqd configuration uses several external DNS that
> should make it a bit harder to reconstruct my surfing history.

It would make it even more difficult if Dnsmasqd 'uses' the IP of a
local recursive nameserver rather than one that is outsourced to
someone-anyone-nobody-in-particular.



> -- 
> Ivan Sergio Borgonovo
> http://www.webthatworks.it http://www.borgonovo.net
> 
> 
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire

More information about the conspire mailing list