diff --git a/_posts/2016-01-14-dnssec-trigger_ubuntu.md b/_posts/2016-01-14-dnssec-trigger_ubuntu.md new file mode 100644 index 0000000..f985387 --- /dev/null +++ b/_posts/2016-01-14-dnssec-trigger_ubuntu.md @@ -0,0 +1,50 @@ +--- +layout: post +comments: true +title: "dnssec-trigger on Ubuntu (MATE 16.04)" +category: [english] +tags: [IPv6, english] +--- + +*I haven't ever gotten dnssec-trigger to work, but today based on IRC + discussion, I finally understood what was wrong.* + +It's very simple. + +``` +# Check for updates to the repos & install dnssec-trigger and unbound +sudo apt-get update && sudo apt-get install unbound dnssec-trigger +``` + +And this is the farthest I have gotten before. But today at IRC there +was talk on DNS proxies which Ubuntu and Fedora use, Ubuntu uses dnsmasq +and Fedora unbound. That made me *read the fine manual* of +NetworkManager.conf... + + +```man + dns + Set the DNS (resolv.conf) processing mode. + + default: The default if the key is not specified. NetworkManager + will update resolv.conf to reflect the nameservers provided by + currently active connections. + + dnsmasq: NetworkManager will run dnsmasq as a local caching + nameserver, using a "split DNS" configuration if you are connected + to a VPN, and then update resolv.conf to point to the local + nameserver. + + unbound: NetworkManager will talk to unbound and dnssec-triggerd, + providing a "split DNS" configuration with DNSSEC support. The + /etc/resolv.conf will be managed by dnssec-trigger daemon. + + none: NetworkManager will not modify resolv.conf. +``` + +And there is the solution, unbound. The third line of NetworkManager.conf +is usually `dns=dnsmasq`, just change it to `dns=unbound` or add the line +if it doesn't exist and restart networkmanager with `sudo systemctl restart NetworkManager.service` and your dnssec-trigger should now work. + +And when you `sudo reboot` you should see new dnssec-trigger tray icon in +your tray bar or whatever it was called as.