1.8 KiB
I haven’t ever gotten dnssec-trigger to work, but today based on IRC discussion, I finally understood what was wrong.
It’s very simple.
# Check for updates to the repos & install dnssec-trigger and unbound
sudo apt-get update && sudo apt-get install unbound dnssec-trigger
And this is the farthest I have gotten before. But today at IRC there was talk on DNS proxies which Ubuntu and Fedora use, Ubuntu uses dnsmasq and Fedora unbound. That made me read the fine manual of NetworkManager.conf…
dns
Set the DNS (resolv.conf) processing mode.
default: The default if the key is not specified. NetworkManager
will update resolv.conf to reflect the nameservers provided by
currently active connections.
dnsmasq: NetworkManager will run dnsmasq as a local caching
nameserver, using a "split DNS" configuration if you are connected
to a VPN, and then update resolv.conf to point to the local
nameserver.
unbound: NetworkManager will talk to unbound and dnssec-triggerd,
providing a "split DNS" configuration with DNSSEC support. The
/etc/resolv.conf will be managed by dnssec-trigger daemon.
none: NetworkManager will not modify resolv.conf.
And there is the solution, unbound. The third line of
NetworkManager.conf is usually dns=dnsmasq
, just change it
to dns=unbound
or add the line if it doesn’t exist and
restart networkmanager with
sudo systemctl restart NetworkManager.service
and your
dnssec-trigger should now work.
And when you sudo reboot
you should see new
dnssec-trigger tray icon in your tray bar or whatever it was called
as.