[nsd-users] [Unbound-users] unbound vs nsd
wouter at NLnetLabs.nl
Wed May 21 14:22:14 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Farkas Levente wrote:
| i'm just noticed unbound and getting confused. nlnetlabs develop nsd and
| unbound too. why? what's more it seems from the mailing list that the
| same people involved in both projects? so i've got a few querstions:
| - why are to different name server?
| - why not merge the two project?
| i can even image there are pros and cons for each others. i see nsd is
| authoritative only, while unbound recursive and caching, but still
| wouldn't it be possible to merge the two project and make these features
| thanks in advance.
The projects NSD and Unbound are different, in that NSD is authoritative
only and Unbound is meant as a 'client' server (a caching validating
recursor). You are correct that that is the difference between the two.
It is currently discouraged to run servers that are both authoritative
and recursive at the same time (IETF dnsop workgroup). This to limit the
number of 'open resolvers' out there, that can become accomplices to DoS
and so on.
Thus it makes sense to split up into two servers, an authoritative and a
Also, NSD was kept as small as possible for its job. That is a goal for
NSD. Unbound however, does support a small amount of authoritative
service, for replying to localhost, blocking 10.in-addr.arpa. and so on.
Also, the history of both servers is different, NSD from root service,
and Unbound from Versign, Nominet, EP.net, Kirei, java-prototype unbound.
Summary: the merge idea was discussed, but we felt that merging DNS
authority service and recursion service is not a good thing in general,
and thus we shouldn't expend a lot of effort to enable it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the nsd-users