[Unbound-users] DNS multiplexer?

Alexander Clouter alex at digriz.org.uk
Wed Aug 11 14:20:25 UTC 2010

João Damas <joao at bondis.org> wrote:
> Does anyone know of any code that will let one to run Unbound and NSD 
> on the same IP address and still use port 53 for listening on both?
> Something like a DNS multiplexer front end, so that the recursive 
> server and the authoritative server are kept separate but the 
> front-end directs queries to one or the other (either based on the RD 
> bit, a locally configured list of zones, e.g. from NSD config, or some 
> other way). Something that is lightweight but avoids having to burn 
> additional IP addresses.
You could probably use the iptables u32 match to pick out the RD bit and 
then REDIRECT to where unbound is listening; whilst NSD is 
on the public routable address.  Remember to make sure your unbound 
ACL's for who you are willing to do recursion for are in place.


Alexander Clouter
.sigmonster says: BOFH excuse #101:
                  Collapsed Backbone

More information about the Unbound-users mailing list