2016-01-14 10:22:14 +01:00
|
|
|
---
|
|
|
|
layout: post
|
|
|
|
comments: true
|
|
|
|
title: "dnssec-trigger on Ubuntu (MATE 16.04)"
|
|
|
|
category: [english]
|
|
|
|
tags: [IPv6, english]
|
2018-11-25 23:51:24 +01:00
|
|
|
redirect_from: /english/2016/01/14/dnssec-trigger_ubuntu.html
|
2024-06-03 08:48:19 +02:00
|
|
|
sitemap: false
|
2016-01-14 10:22:14 +01:00
|
|
|
---
|
|
|
|
|
2023-02-22 19:28:38 +01:00
|
|
|
_I haven't ever gotten dnssec-trigger to work, but today based on IRC
|
|
|
|
discussion, I finally understood what was wrong._
|
2016-01-14 10:22:14 +01:00
|
|
|
|
|
|
|
It's very simple.
|
|
|
|
|
|
|
|
```
|
|
|
|
# Check for updates to the repos & install dnssec-trigger and unbound
|
|
|
|
sudo apt-get update && sudo apt-get install unbound dnssec-trigger
|
|
|
|
```
|
|
|
|
|
2024-06-19 07:19:44 +02:00
|
|
|
And this is the farthest I have gotten before. But today at IRC there was talk
|
|
|
|
on DNS proxies which Ubuntu and Fedora use, Ubuntu uses dnsmasq and Fedora
|
|
|
|
unbound. That made me _read the fine manual_ of NetworkManager.conf...
|
2016-01-14 10:22:14 +01:00
|
|
|
|
|
|
|
```man
|
|
|
|
dns
|
|
|
|
Set the DNS (resolv.conf) processing mode.
|
|
|
|
|
|
|
|
default: The default if the key is not specified. NetworkManager
|
|
|
|
will update resolv.conf to reflect the nameservers provided by
|
|
|
|
currently active connections.
|
|
|
|
|
|
|
|
dnsmasq: NetworkManager will run dnsmasq as a local caching
|
|
|
|
nameserver, using a "split DNS" configuration if you are connected
|
|
|
|
to a VPN, and then update resolv.conf to point to the local
|
|
|
|
nameserver.
|
|
|
|
|
|
|
|
unbound: NetworkManager will talk to unbound and dnssec-triggerd,
|
|
|
|
providing a "split DNS" configuration with DNSSEC support. The
|
|
|
|
/etc/resolv.conf will be managed by dnssec-trigger daemon.
|
|
|
|
|
|
|
|
none: NetworkManager will not modify resolv.conf.
|
|
|
|
```
|
|
|
|
|
2024-06-19 07:19:44 +02:00
|
|
|
And there is the solution, unbound. The third line of NetworkManager.conf is
|
|
|
|
usually `dns=dnsmasq`, just change it to `dns=unbound` or add the line if it
|
|
|
|
doesn't exist and restart networkmanager with
|
|
|
|
`sudo systemctl restart NetworkManager.service` and your dnssec-trigger should
|
|
|
|
now work.
|
2016-01-14 10:22:14 +01:00
|
|
|
|
2024-06-19 07:19:44 +02:00
|
|
|
And when you `sudo reboot` you should see new dnssec-trigger tray icon in your
|
|
|
|
tray bar or whatever it was called as.
|
2016-01-16 09:29:20 +01:00
|
|
|
|
2023-02-22 19:28:38 +01:00
|
|
|
_Edit_: Arch users do remember do `systemctl enable dnssec-triggerd` and
|
2016-01-16 09:29:20 +01:00
|
|
|
`systemctl enable unbound`.
|