parent
6768cd493d
commit
79b7552cce
|
@ -0,0 +1,50 @@
|
||||||
|
---
|
||||||
|
layout: post
|
||||||
|
comments: true
|
||||||
|
title: "dnssec-trigger on Ubuntu (MATE 16.04)"
|
||||||
|
category: [english]
|
||||||
|
tags: [IPv6, english]
|
||||||
|
---
|
||||||
|
|
||||||
|
*I haven't ever gotten dnssec-trigger to work, but today based on IRC
|
||||||
|
discussion, I finally understood what was wrong.*
|
||||||
|
|
||||||
|
It's very simple.
|
||||||
|
|
||||||
|
```
|
||||||
|
# Check for updates to the repos & install dnssec-trigger and unbound
|
||||||
|
sudo apt-get update && sudo apt-get install unbound dnssec-trigger
|
||||||
|
```
|
||||||
|
|
||||||
|
And this is the farthest I have gotten before. But today at IRC there
|
||||||
|
was talk on DNS proxies which Ubuntu and Fedora use, Ubuntu uses dnsmasq
|
||||||
|
and Fedora unbound. That made me *read the fine manual* of
|
||||||
|
NetworkManager.conf...
|
||||||
|
|
||||||
|
|
||||||
|
```man
|
||||||
|
dns
|
||||||
|
Set the DNS (resolv.conf) processing mode.
|
||||||
|
|
||||||
|
default: The default if the key is not specified. NetworkManager
|
||||||
|
will update resolv.conf to reflect the nameservers provided by
|
||||||
|
currently active connections.
|
||||||
|
|
||||||
|
dnsmasq: NetworkManager will run dnsmasq as a local caching
|
||||||
|
nameserver, using a "split DNS" configuration if you are connected
|
||||||
|
to a VPN, and then update resolv.conf to point to the local
|
||||||
|
nameserver.
|
||||||
|
|
||||||
|
unbound: NetworkManager will talk to unbound and dnssec-triggerd,
|
||||||
|
providing a "split DNS" configuration with DNSSEC support. The
|
||||||
|
/etc/resolv.conf will be managed by dnssec-trigger daemon.
|
||||||
|
|
||||||
|
none: NetworkManager will not modify resolv.conf.
|
||||||
|
```
|
||||||
|
|
||||||
|
And there is the solution, unbound. The third line of NetworkManager.conf
|
||||||
|
is usually `dns=dnsmasq`, just change it to `dns=unbound` or add the line
|
||||||
|
if it doesn't exist and restart networkmanager with `sudo systemctl restart NetworkManager.service` and your dnssec-trigger should now work.
|
||||||
|
|
||||||
|
And when you `sudo reboot` you should see new dnssec-trigger tray icon in
|
||||||
|
your tray bar or whatever it was called as.
|
Loading…
Reference in New Issue