Artis Caune wrote:
2009/8/11 W.C.A. Wijngaards <[email protected]>:
Easier to deploy two servers, one for internal, one external.
Changing the code to have two unbounds internally that it chooses
from based on source IP would be bloat I think.
Who needs different resolving for internal and external?
Names on the internet are names on the internet, right?
We also used bind views, but now we use two instances of unbound.
Views don't really differ from two servers, every view eats it's own
memory and act just like two separate servers but two servers gives
you more flexibility.
We don't have to touch unbound just to change internal/external acl's,
just change firewall tables and you're done. :)
The problem here is that we would need 100s of unbound and their primary
role is not to act as an authoritative server, but as a recursive.
So divide the currently used 8/16GiB of cache with 100s and you will
start to get the point (not talking about the increased complexity of
starting, configuring unbounds and the packet filter).
It is a lot more efficient and simpler to change back to bind then...
This is not an internal/external stuff.
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
