On Tue, Nov 22, 2011 at 9:16 AM, Nick Holland <[email protected]> wrote: > On 11/22/11 10:31, Claer wrote: >> On Tue, Nov 22 2011 at 13:16, Jan Stary wrote: >>> On Nov 22 08:16:21, Nick Holland wrote: >>> > Long term, BIND is done. >>> > Long term, unbound will probably be replacing it in OpenBSD. >>> > >>> > IF you are doing anything beyond a simple resolver, I'd agree >>> > completely...take the time to learn unbound/nsd (or djbdns or ...) >>> > >>> > However, right now, unbound is a package requiring separate install and >>> > maintenance. >>> >>> Nick, would you please clarify: >>> >>> nsd(8) is in base, unbound is a package; >>> yet it is unbound who's gonna be the default resolver? >>> What is the status of nsd then? (I am just about to try >>> it on one of my resolvers). >> >> NSD is just an autoritative name server that doesn't do cache and does not >> answer recursive queries. >> nsd and unbound are complementary. >> >> Claer > > right... > BIND lumps these two functions together, with the effect of confusing > people, but they are really two separate tasks... BE the authoritative > source for DNS information about certain zones (nsd, tinydns, etc.) OR > find the correct resolution information by checking with other DNS > servers, which ARE authoritative (a resolver, like unbound, dnscache, etc.).
Unless I'm misreading you, what you say doesn't make much sense. It has its use-case, fine; when you just need the resolver. e.g., typical home user where s/he doesn't host domains. But at this point you might as well use your ISP's DNS service -- it's not reliable? that's a different issue and not one you and should set out to solve for every one out there. But for a small "business" where they have their own domain, running an authoritative DNS server, and local users using the intertubes, that service needs to also do the recursive lookups. The setup you suggest is more involved. Two servers: one resolving, and the other dealing w/the authoritative responses. --patrick > In the case where you think you want both (i.e., you want resolution of > internal names AND external names), it's still easy -- run your > authoritative on localhost and your resolver on the external IP, and > tell your resolver to consult with your authoritative server for the > appropriate subdomains. > > Really, it works better this way. > > Nick.
