Simple Tomato DNSSEC (Unbound + Dnsmasq)

Discussion in 'Tomato Firmware' started by DimBulb, Mar 21, 2014.

  1. DimBulb

    DimBulb Reformed Router Member

    Best of both worlds (until Dnsmasq's DNSSEC support stabilizes, which is in progress).

    Summary: DNSMasq will do its normal thing for the local network, passing anything it can't resolve to unbound on a local port, which does the heavy recursive DNSSEC lifting. (Since the recursive lookups take time, you will not get the benefits of a heavy usage ISP DNS server and things may be slower to look up.)

    1) Install unbound via your normal mechanism (opkg etc).
    2) Edit unbound.conf. Key line to change is "port: 10053" (pick any port)
    3) In Tomato's DNSmasq conf setup (Advanced --> DHCP/DNS), add this:

    #forward to unbound queries we don't understand and proxy the replies.
    #Ignore DHCP provided ISP DNS servers, defeats the purpose.
  2. leandroong

    leandroong LI Guru Member

    Last edited: Sep 18, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice