On Wed, 23 Nov 2011 10:44:38 +0000 (UTC)
Stuart Henderson <s...@spacehopper.org> wrote:
> >> BIND lumps these two functions together, with the effect of
> >> confusing people, but they are really two separate tasks...
>
> It allows you to lump these two functions together (not sure if this
> is still true about BIND 10), but it is still recommended to split
> them.
>
> > Unless I'm misreading you, what you say doesn't make much sense. It
> > has its use-case, fine; when you just need the resolver. e.g.,
> > typical home user where s/he doesn't host domains. But at this
> > point you might as well use your ISP's DNS service -- it's not
> > reliable? that's a different issue and not one you and should set
> > out to solve for every one out there.
> >
> > But for a small "business" where they have their own domain, running
> > an authoritative DNS server, and local users using the intertubes,
> > that service needs to also do the recursive lookups.
> >
> > The setup you suggest is more involved. Two servers: one resolving,
> > and the other dealing w/the authoritative responses.
>
> For anything other than hosting your *own* domains on, it really is
> better to split. Otherwise what happens is domains get transferred
> away, NS changes made, etc, and you end up with out-of-date zone data.
> Lots of ISPs used to do this and it was a really big problem.
> Separating authoritative + resolving nameserver instances has long
> been the recommended practice.
>
> For serving just a few records (like local servers on a home or small
> business network), then unbound is perfectly useful on its own, you
> can add these with "local-zone" and "local-data" lines in the
> configuration. This is a good compromise; it's actually easier to
> setup in the simple case, but a bit unwieldy in the case with large
> amounts of data which encourages you to configure a separate daemon
> (which is a good thing).
>
so when unbound is going to hit the base?
--
With best regards,
Gregory Edigarov
