pemensik
commented
7 months ago I am not sure we want to prevent iterative resolution from root servers. If that is what user wants, it should be possible. In some cases due to query minimization, it might be a bit better from privacy side. It does not send all queries to single place, but spreads them among authoritative servers of different domains. Of course network operator still can record queries flying over his network, but no queries are targetted. It cannot reuse already filled cache of network operator of course for faster responses this way.
It should be possible to configure what exactly user means by not providing server address. This should be at least configurable from configuration file, tuning what is meant by that. We may treat a special way for example addresses 0.0.0.0 and ::, which behave the same way as localhost addresses from client side. Some network manager flag or priority value or something similar would be nice to define meaning of this.
If no configuration was supplied through DBUS interface then Unbound by default tries to resolve queries by forwarding them to root servers. This should be forbidden at least by default.