On Thu, Sep 26, 2013, at 4:26, O. Hartmann wrote: > > I try my first steps with "unbound" on most recent current and snealing > through the web I find interesting things and howto's. But I realise if > I'd like to replace my office's DNS server (based on BIND as it was > part of the FreeBSD world) I run into a serious problem regarding the > zone- and authorative files keeping all the PTR and A records. As I can > see in the unbound.conf, the statements of those files (address to name > resolution, name to address resolution) is now somehow hard coded into > unbound.conf via those appropriate config tags like local-zone and > local-data. Since I have some larger files defining a local domain, > I'd expect having a data file to be loaded. > Unbound exists as a project to be a very fast, lightweight, and secure DNS *recursor*. It is not meant to be authoritative for DNS zones; it's for caching lookups only. However, they did include the ability for you to manually configure zones/records in its config file but it's not very robust. I use it to set a single static record on my LAN, but it is of no use to the outside world. If I opened it to the outside world I'd just end up with an open DNS resolver which is a very bad idea. (openresolvers.org) BIND functioned as both roles. The lack of separation is often why it is criticized. DJB made the separation of roles famous when he released DJBDNS which includes two daemons: dnscache and tinydns. The complementary daemon by the Unbound authors (NLNet Labs) is called nsd. This is probably what you're looking for. Please keep in mind you cannot run both nsd and unbound on the same IP as they both cannot listen on the same port (53).Received on Mon Sep 30 2013 - 10:28:37 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:42 UTC