Very occasionally a tool or software package stands-out to me on the pure virtue of being the right solution at the right time. If it happens to do exactly what you need RIGHT NOW, and other, perhaps more traditional, mature or well-known tools cannot, the best fit becomes clear. Unbound is exactly this kind of fit. Self-described as “a validating, recursive, and caching DNS resolver”, it’s utility boiled down to one particular line in the config (and the comments that describe it):
# Enable or disable whether the upstream queries use TCP only
# for transport. Default is no. Useful in tunneling scenarios.
The reason why that particular ability…being able to force upstream DNS queries to go over TCP (instead of the default of going over UDP)…was important to me today is dumb, but the whole story is a useful example of network fun under the thumb of an ISP that can sometimes do really stoopid things, so I’ll go further and explain. Continue reading