On Fri, Sep 16, 2016 at 03:27:38PM -0700, Rick Moen wrote:
> > good page that, i've read it before but not for some time. IMO a
> > useful addition to it would be a list of authoritative servers that
> > use bind9 RFC-1034 zonefiles.
> You know, they kind of _could_ have called that format the RFC-1034
> file

typo. i actually meant to type 1035 there, and thought i did.

> Anyway, yes, good idea -- and I actually do document RFC 1035 support
> where I know about it.

yep, saw that which is what gave me the idea for a summary list.

> Here's a creative solution from one of the NLnet Labs guys:
> https://www.nlnetlabs.nl/pipermail/nsd-users/2014-August/001998.html

I saw that last night.  It made me realise that probably the best option
for me would be to have NSD listen on while Unbound listens
on (I run both private and public subnets on my LAN so
I can have both private and public hosts and VMs).  Then all I'd have
to do is configure my LAN hosts and VMs to use as the
resolver. Easy.

Unbound seems to have all the features I need, including being able to
forward requests for specific domains to specific servers (useful, e.g.,
for resolving private DNS views over a VPN).

> Other solutions might beckon if the host is multihomed, e.g., bind NSD
> to the public-facing real IP, and bind Unbound to the private RFC1918
> address.

err, yes. exactly that.

> I'm tempted to react 'Fine, let us know when you're done playing
> standards gods, and I'll start paying attention.'

I mostly just leave things alone and then every 2 or 5 years or so go on
a binge of updating everything to the latest standards.

Unless I'm bored, or have a particular reason to make changes.


craig sanders <c...@taz.net.au>
luv-main mailing list

Reply via email to