On Wed, 23 Nov 2011 10:44:38 +0000 (UTC) Stuart Henderson <s...@spacehopper.org> wrote:
> >> BIND lumps these two functions together, with the effect of > >> confusing people, but they are really two separate tasks... > > It allows you to lump these two functions together (not sure if this > is still true about BIND 10), but it is still recommended to split > them. > > > Unless I'm misreading you, what you say doesn't make much sense. It > > has its use-case, fine; when you just need the resolver. e.g., > > typical home user where s/he doesn't host domains. But at this > > point you might as well use your ISP's DNS service -- it's not > > reliable? that's a different issue and not one you and should set > > out to solve for every one out there. > > > > But for a small "business" where they have their own domain, running > > an authoritative DNS server, and local users using the intertubes, > > that service needs to also do the recursive lookups. > > > > The setup you suggest is more involved. Two servers: one resolving, > > and the other dealing w/the authoritative responses. > > For anything other than hosting your *own* domains on, it really is > better to split. Otherwise what happens is domains get transferred > away, NS changes made, etc, and you end up with out-of-date zone data. > Lots of ISPs used to do this and it was a really big problem. > Separating authoritative + resolving nameserver instances has long > been the recommended practice. > > For serving just a few records (like local servers on a home or small > business network), then unbound is perfectly useful on its own, you > can add these with "local-zone" and "local-data" lines in the > configuration. This is a good compromise; it's actually easier to > setup in the simple case, but a bit unwieldy in the case with large > amounts of data which encourages you to configure a separate daemon > (which is a good thing). > so when unbound is going to hit the base? -- With best regards, Gregory Edigarov