Bug 16271

Summary: unbound, a validating, recursive, and caching DNS resolver
Product: Mageia Reporter: Olivier Delaune <olivier.delaune>
Component: New RPM package requestAssignee: Chris Denice <eatdirt>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: Normal CC: makowski.mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://unbound.net/index.html
Whiteboard:
Source RPM: CVE:
Status comment:

Description Olivier Delaune 2015-07-02 00:08:38 CEST 
Hello, could you package unbound. This is a validating, recursive, and caching DNS resolver. The source code is under a BSD License.
Sources are available here: https://unbound.net/download.html
Thank you in advance

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-07-02 16:46:34 CEST 
All DNS server implementations have security issues, and we already have BIND, dnsmasq, pdns, pdns-recursor, and maradns (the latter currently only in Mageia 4, but still).  I think we have enough.  At the very least, we don't need anyone drive-by-importing this one.  If it would have a dedicated maintainer then it would be OK.  What value would yet another DNS server bring us?
Comment 2 Philippe Makowski 2015-08-05 15:14:58 CEST 
Unbound is easy to setup (lot easier than Bind) and become popular.
it is a lightweight and easy to configure validating, recursive, and caching DNS resolver, it support DNSSEC.
so it is a real alternative to Bind, OpenBSD use it by default now instead of Bind (http://undeadly.org/cgi?action=article&sid=20140823064850).

But I agree, it need a dedicated maintainer.

Just in case :
Opensuse : https://build.opensuse.org/package/show/openSUSE:Factory/unbound
Fedora : http://pkgs.fedoraproject.org/cgit/unbound.git/

CC: (none) => makowski.mageia

Comment 3 Philippe Makowski 2015-08-06 09:19:46 CEST 
forgot to say that :
Dnsmasq is a DNS forwarder. Unbound is a DNS resolver. Unbound 
actually does the work of accepting recursive queries and then 
performing the iterative queries to find the answer.
Comment 4 David Walser 2015-10-23 04:15:34 CEST 
This was imported by Chris Denice :o(

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-10-23 04:15:45 CEST

Version: 5 => Cauldron

David Walser 2015-10-27 14:39:41 CET

Assignee: bugsquad => dirteat

Comment 5 Chris Denice 2015-10-27 14:55:00 CET 
Sorry guys, I was not aware of this bug :)

Sorry David too, you're fundamentally right, we don't need extra security holes, but I'll take charge of unbound seriously.

It is very easy to configure indeed, and I imported it because it is very well suited associated with dnscrypt-proxy; which is super cool in terms of privacy. 

The dnscrypt-proxy's doc recommend to associated it with a caching dns server, and unbound is the recommended one. On cauldron, I set the two to work out-of-the box, unbound caches dns queries, forward them to dnscrypt-proxy that encrypt dns queries to an encrypted server.

Let me know if you find any issues for both packages!

Cheers,
Chris.

PS: so, at the end, I solved that bug :)