[Unbound-users] DNS multiplexer?
alex at digriz.org.uk
Wed Aug 11 14:20:25 UTC 2010
João Damas <joao at bondis.org> wrote:
> Does anyone know of any code that will let one to run Unbound and NSD
> on the same IP address and still use port 53 for listening on both?
> Something like a DNS multiplexer front end, so that the recursive
> server and the authoritative server are kept separate but the
> front-end directs queries to one or the other (either based on the RD
> bit, a locally configured list of zones, e.g. from NSD config, or some
> other way). Something that is lightweight but avoids having to burn
> additional IP addresses.
You could probably use the iptables u32 match to pick out the RD bit and
then REDIRECT to 127.0.0.1:53 where unbound is listening; whilst NSD is
on the public routable address. Remember to make sure your unbound
ACL's for who you are willing to do recursion for are in place.
.sigmonster says: BOFH excuse #101:
More information about the Unbound-users