[Unbound-users] NOTIFY implementation to unbound
Greg A. Woods
woods at planix.ca
Tue Oct 13 18:53:24 UTC 2009
At Thu, 8 Oct 2009 10:41:20 -0400 (EDT), Paul Wouters <paul at xelerance.com> wrote:
Subject: Re: [Unbound-users] NOTIFY implementation to unbound
>
> On Thu, 8 Oct 2009, Marcus Alves Grando wrote:
>
> > The main idea is create one way to recursive server keep all my zones
> > freshly, without update all process or less as possible.
>
> Would using a forward zone address this?
>
> # Forward zones
> # Create entries like below, to make all queries for 'example.com' and
> # 'example.org' go to the given list of servers. These servers have to handle
> # recursion to other nameservers. List zero or more nameservers by hostname
> # or by ipaddress. Use an entry with name "." to forward all queries.
> # forward-zone:
> # name: "example.com"
> # forward-addr: 192.0.2.68
> # forward-addr: 192.0.2.73 at 5355 # forward to port 5355.
>
> The description does not make it clear whether or not the responses are
> always forwarded, or whether they are cached.
I've been wondering the same thing for a long time now. I think based
on my experience with one site where I've set up unbound using
forward-addr they are cached, which would-be/is (IMHO) wrong.
Ultimately though I like the NOTIFY solution best.
Sites converting from BIND will already be using NOTIFY.
The so-called "security" issue for NOTIFY is a bunch of FUD-mongering.
There are several ways to make sure unauthorised NOTIFY messages don't
cause any harm.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods at robohack.ca>
Planix, Inc. <woods at planix.com> Secrets of the Weird <woods at weird.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20091013/f8eb3f13/attachment.bin>
More information about the Unbound-users
mailing list