[Unbound-users] Unbound and Bind Views

Jan Komissar (jkomissa) jkomissa at cisco.com
Mon Oct 25 14:30:46 UTC 2010


Hi Bruce,

Unbound is primarily a caching server, and even though it does support local zones, that is not its main purpose. Bind (and other dns servers) allows a server to be both recursive and authoritative, but it is not really a clean way of operating (IMHO).

If you want a public server, it should only expose public authoritative information. Internally, you should separate recursive and authoritative services, using unbound only as a recursive server, using a stub zone to refer to internal authoritative information, which could be in an internal view on the same server as the public authoritative information. If you only have a handful of RRs for the internal zone, you could use unbound's local zone, but I think it would be more convenient to manage all the authoritative data in one location, rather than two.

If you have to run them on the same server, you should make unbound only respond to an internal interface; the authoritative server should only respond to an external interface, using the internal view if a request comes from the server host itself.

Just my two cents,

Jan

-----Original Message-----
From: unbound-users-bounces at NLnetLabs.nl [mailto:unbound-users-bounces at NLnetLabs.nl] On Behalf Of Hayward, Bruce
Sent: Thursday, October 21, 2010 9:33 AM
To: unbound-users at unbound.net
Subject: [Unbound-users] Unbound and Bind Views


One area of Bind that we use is views to direct traffic.

Before we can switch to Unbound, we would need a means of emulating
views.

In researching this (on Google) I came across a thread discussing this:
http://www.mail-archive.com/unbound-users@unbound.net/msg00337.html 

Has anyone documented steps to accomplish this?

Thanks

Bruce

Bruce Hayward, MTS Allstream Inc., (p) 204-958-1983 (e)
bruce.hayward at mtsallstream.com 


 
 
Is it really necessary to print this email?
 
MTS ALLSTREAM INC. CONFIDENTIALITY WARNING: This email message is confidential and intended only for the named recipient(s).  If you are not the intended recipient, or an agent responsible for delivering it to the intended recipient, or if this message has been sent to you in error, you are hereby notified that any review, use, dissemination, distribution or copying of this message or its contents is strictly prohibited.   If you have received this message in error, please notify the sender immediately and delete the original message.  If there is an agreement attached with this message, such agreement will not be binding until it is signed by all parties named therein.

_______________________________________________
Unbound-users mailing list
Unbound-users at unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users




More information about the Unbound-users mailing list