-
Notifications
You must be signed in to change notification settings - Fork 36
At the moment one can chose between two resolvers, the JavaScript DNS library and libunbound.
If the Get DNS servers from OS configuration option is enabled, the resolvers will first try to use the DNS servers configured in the OS. If this does not work, the configured DNS name servers in the add-on options are used as fallback.
More than one DNS server can be specified by separating them with a ";".
Note that this resolver can only connect via TCP to the DNS servers, not UDP. So if you use this resolver, make sure your configured DNS servers accept queries over TCP. DNS servers who accept TCP connections are for example the Google Public DNS servers 8.8.8.8 and 8.8.4.4.
The resolver will wait the time specified in DNS connection timeout to try to connect to the DNS server. If establishing the connection fails, the DNS server is marked as being down, and the next DNS Server is tried. At the start of Thunderbird, or the changing of the DNS servers in the option, all DNS servers are marked as alive.
A SOCKS v5 or SOCKS v5 Proxy can be configured to be used for the connection to the DNS servers. The Proxy is only used for the JavaScript DNS library and not for the libunbound resolver.
This resolver does not support DNSSEC. Use the libunbound resolver instead.
If set to true, all DNS servers are set to alive again after a no DNS Server alive error occurs.
Removed in 4.0.0. It will now have the same value as DNS connect timeout
Timeout for sending and receiving data to the DNS server. To enable it, the preference must first be created.
For this resolver to work, you need the libunbound library, and set the correct path to it. See bellow for a few sample configurations for different operation systems.
libunbound supports DNSSEC. Under the advanced options, you can specify how a DKIM key that was not signed by DNSSEC should be treated. You can also mark stored DKIM keys subsequently as being secure.
Important: libunbound accepts only IP4 or IP6 addresses (without port) for the DNS name servers.
For Windows, builds of the libunbound library are provided at https://github.com/lieser/libunbound-builds.
- Download the latest release from https://github.com/lieser/libunbound-builds/releases.
- Make sure you download the same version (32-bit/64-bit) as your Thunderbird installations has. If you are unsure which version of Thunderbird you have, check under Help > About Thunderbird.
- Open the zip file and copy the included
libunbound-8.dllfile to theextensionsfolder in your Thunderbird profile.- You can also chose a different location.
- Open the DKIM_Verifier's Options > General > DNS.
- Select Resolver
libunbound. - Set the path to
extensions/libunbound-8.dll.- Make sure you adapt this and the following step if you have chosen a different location in step 2.
- Enable
Path relative to profile directory.
- Install the libunbound2 package.
- Open the DKIM_Verifier's Options > General > DNS
- Select Resolver
libunbound - Set path to
libunbound.so.2. - Disable
Path relative to profile directory.
Tested under Ubuntu.
- Download and install libunbound from https://www.unbound.net/download.html
- Open the DKIM_Verifier's Options > General > DNS
- Select Resolver
libunbound - If you have also installed the unbound server daemon and want to use it for caching:
- Disable
Get DNS server from OS configuration - Set DNS server to
127.0.0.1:53 - Disable
Path relative to profile directory - Set path to
[your-prefix-here]/lib/libunbound.2.dylib - Restart Thunderbird
Trust anchor to use for DNSSEC. Multiple trust anchors can be specified by seperating them with ;.
Multiple trust anchors supported since version 1.7.0
In 4.x this must still be set via Thunderbird's config editor
Path to a unbound.conf file to be loaded through ub_ctx_config.
In 4.x this must still be set via Thunderbird's config editor
A debug level to be set through ub_ctx_debuglevel.