-
Notifications
You must be signed in to change notification settings - Fork 2k
QNAME minimization, replacing dnsmasq with Unbound #459
Comments
Dnsmasq is a stub resolver, so QNAME minimization doesn't make sense. The real question is: are you suggesting to move away from a stub resolver (querying other recursive servers) to a full recurser (querying only authoritative DNS servers)? And no, I don't think the migration from a stub resolver to a full recurser is as painless as you are suggesting (think firewall policies, outgoing query load, etc). Also see: |
Yes, for four reasons:
|
Regarding censorship, I have never seen Google censoring on their public resolvers and regarding the performance issue, you would have to elaborate on how/what you are actually measuring; but in general I agree that streisand is not the kind of project that should rely on (any) external resolvers. |
I'm measuring the time elapsed between Go contacts the resolver in
|
Closing in favour of StreisandEffect/discussions#12 Edit: Apologies - put the wrong URL there initially. |
Hi,
QNAME minimization (RFC 7816) is a way to resolve domain names without
having to send the full request to every authority in the chain.
ie. if you have three authorities, A knows who has
.com
, B.foo.com
, and Cbar.foo.com
, you ask A for.com
, B forfoo.com
and C forbar.foo.com
,instead of leaking the full
bar.foo.com
to everyone.I think this would be a privacy improvement and is quite cheap to implement.
dnsmasq is currently used as a DNS resolver, I propose to replace it with
Unbound as it implements QNAME minimization.
From the package description:
FreeBSD considered it stable and secure enough to replace BIND in 2014.
Replacing dnsmasq with Unbound should be painless, migrating a live server
could be doable by downloading the unbound package before removing dnsmasq.
I don't know if such a migration should be included in Streisand as it will be
dead code as soon as gets written.
TL;DR questions:
The text was updated successfully, but these errors were encountered: