On Sep 30, 2013, at 14:28, Mark Felder <f...@freebsd.org> wrote: ... > BIND functioned as both roles. The lack of separation is often why it is > criticized. DJB made the separation of roles famous when he released > DJBDNS which includes two daemons: dnscache and tinydns. > > The complementary daemon by the Unbound authors (NLNet Labs) is called > nsd. This is probably what you're looking for. Please keep in mind you > cannot run both nsd and unbound on the same IP as they both cannot > listen on the same port (53).
Yes, and there is the rub for most 'SOHO' users, who do not win anything by separating these roles. In such cases, setting up a separate IP and/or port just to split up authoritative and recursive DNS is rather inconvenient... -Dimitry
signature.asc
Description: Message signed with OpenPGP using GPGMail
