[Unbound-users] unbound + nsd: acl to only allow non-recursive requests?

Joe Abley jabley at hopcount.ca
Mon Feb 10 21:41:49 UTC 2014


On 2014-02-10, at 16:17, Jiri Bohac <jiri at boha.cz> wrote:

> I'm trying to replace my bind server with unbound + nsd.
> My DNS server works both as authoritative for a few zones and
> also as a recursive resolver for a few subnets.

How about planning to run unbound and NSD independently, each bound to different addresses? You'll need to renumber your nameserver in the appropriate registries, but if there are only a few zones involved, that seems unlikely to be difficult.

Your life will get easier in the long run if you treat recursive and authoritative DNS as separate, independent services.


Joe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20140210/2c8ba395/attachment.bin>


More information about the Unbound-users mailing list