NSD/Unbound for private internal use

John Peacock jpeacock at messagesystems.com
Fri Aug 31 11:27:36 UTC 2018

A scenario similar to this was what led me to first put NSD/unbound into
use.  In my case, I had a large test network with 50k randomly generated
domain names that existed for e-mail performance testing. The egress server
for that network had Unbound running on the public IP addresses and NSD
running on localhost, so the authoritative zones were only accessible via
Unbound itself. I also had a high performance e-mail sinkhole, so none of
the traffic could leak out of the private network.

During testing, I could make BIND fall down easily with < 10k QPS, but
Unbound/NSD could easily handle 40k QPS.



On Fri, Aug 31, 2018 at 6:40 AM, Angus Clarke via Unbound-users <
unbound-users at nlnetlabs.nl> wrote:

> Hello
> I'm looking to replace our Data Centre DNS software, we run our own
> private domain example.private and use 10. private IP address range so I'd
> be looking to use NSD for authoritative responses for the domain & IP block
> and unbound as a general recursive name server.
> Wanted your views really, is this the type of setup where people use
> NSD/unbound? The documentation leans heavily towards ISP/public service
> name service ...
> I have a working setup in test, it seems ok.
> Thanks
> Angus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180831/d700a1b2/attachment.htm>

More information about the Unbound-users mailing list