newbie question: Allowing recursion
Tuomo Soini
tis at foobar.fi
Tue Feb 21 13:12:30 UTC 2023
On Mon, 20 Feb 2023 11:20:56 -0800
David Newman via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
> Hi Yorgos,
>
> Thanks very much. Logging and debugging was a very good idea. It
> showed that the unbound config is fine, and that the issue is
> something I neglected to mention: This system also runs NSD as an
> authoritative-only name server, and NSD had already bound to UDP port
> 53.
>
> This may be a question for the openbsd-misc list instead, but if
> anyone here has examples of how to run an authoritative and recursive
> server on the same box using unbound and NSD please let me know. I
> previously used bind, which didn't have this issue because one server
> handled both authoritative and recursive queries.
Simple answer: don't.
If this is publicly available dns server which is visible to internet
you absolutely don't want to run authoritative and resolving dns
servers on same ip.
If this is home network, solution is to move nsd to other port and add
stub zone configs for unbound so it queries nsd.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
More information about the Unbound-users
mailing list