[Unbound-users] serving stub-zones authoritatively
David Blacka
davidb at verisign.com
Wed Oct 1 19:11:49 UTC 2008
On Oct 1, 2008, at 2:52 PM, Paul Wouters wrote:
> On Wed, 1 Oct 2008, David Blacka wrote:
>
>> What I think you are getting at is that it should be possible to
>> have unbound and nsd running on a box, and have that box be a
>> resolver for most things or most clients, but actually be
>> authoritative for the stuff running on nsd.
>
> Argh. This is a "too many buttons for people to push" problem. We're
> still seeing
> combined auth/resolver servers because of bind, and it's bad in
> general. Let's
> not try and repeat it using nsd+unbound hacks.
>
> Run them on seperate machine's or IP's as indepdendant services. If
> you want
> unbound to catch up on nsd reloads, script it so that unbound drops
> its cache.
OK, so what do I do if I don't have multiple machines or multiple
IPs? I think you are suggesting that I can't use unbound.
I'll admit that the combined resolver/auth server isn't a good model,
and, indeed, that is why unbound and nsd are strictly one thing or the
other. However, there are people that will want to run in this
combined mode, and some that, arguably, will need to. So, we either
tell those folks to take a hike because they are "wrong", or we find a
way to allow them to use unbound.
Using dnsproxy might be good enough. OTOH, it might also be nice to
not force these people to run *three* separate packages in order to do
what they want.
--
David Blacka <davidb at verisign.com>
Sr. Engineer VeriSign Platform Product Development
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3899 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20081001/faf5c0dd/attachment.bin>
More information about the Unbound-users
mailing list