On Mon, May 21, 2012 at 03:30:49PM -0400, Geoff Steckel wrote: > My site needs both split horizon and pretty complete authoritative support. > Does anyone have suggestions about BIND replacement(s) for this scenario? > Right now BIND works for me (for some value of "works".) > > One machine serving as: > 1) primary nameserver for multiple domains > 2) secondary nameserver for multiple domains > 3) internal nameserver for domains in (1) with additional records > 4) internal nameserver for internal domains > > If there is a discussion of this in an archive some place I'll look for it. > I didn't see much useful searching for split horizon and unbound.
You would have to run multiple instances of nsd and/or unbound for the equivalent of BIND views. It's pretty flexible, but you might have to get a little creative. For example, in your scenario, one instance of nsd could be used for 1 and 2, and then a second instance for 3 and 4 that serves a different set of zone files with the additional records. You can even toss pf or something into the mix to redirect to the proper instance based on source or destination IP address. unbound also has the ability to serve authoritative data. If in your scenario the internal nameserver is also used for recursive queries, then you can just add the additional records to unbound and have unbound redirect the rest to nsd. In this case, you might only need one instance of unbound and one instance of nsd.
