Rick Moen wrote:
That would be a perfect application for Unbound. (I helped convince the OpenWRT people to package it.)
Do you have a salespitch for why one should switch a typical SOHO OpenWRT install from dnsmasq to unbound? I investigated it and found it did a noticably better job, but 1. the version I had could bind to a high port, but wouldn't talk to another DNS server on a high port (despite what the documentation claimed). 2. This made it difficult/impossible to continue using dnsmasq for DHCP in such a way that the LAN domain was seeded from DHCP. That is, if you have a DHCP client doing send host-name "agave"; and the LAN domain is .invalid, then other LAN hosts should magically be able to resolve agave.invalid to an IP and back. If I am calculating correctly, the unbound version I tested was 1.4.1. I can't remember if I discovered, or merely hoped, that newer versions fixed (1).