I finally got around to installing DNSSEC-trigger on my own workstation, and I’m delighted. I wrote about automating Unbound on your workstation recently, and since NLnetLabs meanwhile provides a disk image (DMG) containing DNSSEC-trigger and a bundled Unbound server, I thought I’d have a go at it.

Carsten Strotmann donated the installer proper, which sets up an Unbound server with binaries in /usr/sbin and configuration files in /etc/unbound. (There’s a small glitch in the installer at the moment: it indicates installation failed, but it hasn’t: the daemons are started, but the GUI component isn’t. Either launch that manually, logout and back in, or just reboot if you need the GUI..)

Part of the package is a GUI widget thingy which sets itself up in the status bar.

From here, I can force a re-probe (if necessary; re-probing occurs automatically when the OS detects a change in my network configuration) and view the results of the probe, in other words, which DNS servers Unbound is currently using:

I’ve merged my local unbound.conf changes into the new daemon running on the local interfaces, and all is well.

A very nice bit of work by our friends at NLnet Labs. Thank you.

More background to DNSSEC-trigger here.