I finally got around to installing DNSSEC-trigger on my own workstation, and I'm delighted. I wrote about automating Unbound on your workstation recently, and since NLnetLabs meanwhile provides a disk image (DMG) containing DNSSEC-trigger and a bundled Unbound server, I thought I'd have a go at it.
Carsten Strotmann donated the installer proper, which sets up
an Unbound server with binaries in
/usr/sbin and configuration
(There's a small glitch in the installer at the moment:
it indicates installation failed, but it hasn't: the daemons are started,
but the GUI component isn't. Either launch that manually, logout and back in, or just reboot if
you need the GUI..)
Part of the package is a GUI widget thingy which sets itself up in the status bar.
From here, I can force a re-probe (if necessary; re-probing occurs automatically when the OS detects a change in my network configuration) and view the results of the probe, in other words, which DNS servers Unbound is currently using:
I've merged my local
unbound.conf changes into the new
daemon running on the local interfaces, and all is well.
A very nice bit of work by our friends at NLnet Labs. Thank you.
More background to DNSSEC-trigger here.