Hacker News new | past | comments | ask | show | jobs | submit login
Unwind: A privilege-separated DNS recursive nameserver for every laptop [pdf] (openbsd.org)
76 points by Jonhoo 29 days ago | hide | past | web | favorite | 6 comments

https://man.openbsd.org/unwind.8 uses libunbound; it detects whether local DHCP DNS is working, works correctly with captive portals, and supports opportunistic or strict DNSSEC.

This was discussed in https://news.ycombinator.com/item?id=19738313 in April

Is it basically just a stripped down version of Unbound or does it provide any additional functionality?

The blog post gives some hints at what it does differently but makes odd claims about unbound not working with captive portals, which I've never had any problems with. But maybe I've just been on well behaved networks or something. Look forward to this being done and ported.

It depends how your unbound is configured. In my case, I have unbound running on my laptop configured as a recursive resolver; i.e: it will not query the DHCP provided DNS.

In networks with captive portals, the DHCP provided DNS will have a record for a URL where the user has to enter credentials or at the very least agree to the terms and conditions. Very often though, that URL only resolves locally, so in my setup the captive portal setup doesn't work seamlessly.

Mental note: Find the talk where these slides were presented.

BSDCan 2019, in Ottawa happening this week!


Recordings tends to show up YouTube.. later. This talk was also live-streamed earlier today.

Video from previous years: https://www.youtube.com/channel/UCuQhwHMJ0yK2zlfyRr1XZ_Q/vid...

I'm always surprised this conference isn't larger, it always has a wide breadth of low-level technical C/systems talks, with a mix of Unix/networking sysadmin content.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact