-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jiri,
On 02/10/2014 10:41 PM, Joe Abley wrote: > > On 2014-02-10, at 16:17, Jiri Bohac <[email protected]> wrote: > >> I'm trying to replace my bind server with unbound + nsd. My DNS >> server works both as authoritative for a few zones and also as a >> recursive resolver for a few subnets. > > How about planning to run unbound and NSD independently, each bound > to different addresses? You'll need to renumber your nameserver in > the appropriate registries, but if there are only a few zones > involved, that seems unlikely to be difficult. > > Your life will get easier in the long run if you treat recursive > and authoritative DNS as separate, independent services. The options are called deny_non_local and refuse_non_local. They differ in what you want them to do with the disallowed non-authoritative queries (drop or refuse, refuse is nicer and is more like a regular authority server). The version with this patch has not yet been released, you'll have to wait for the next release or get the source from the svn (trunk). Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJS+eFDAAoJEJ9vHC1+BF+NqQgQAIvxrlJhGlevzduJaXILFZlr eUVUbAlvOHnOdaxXdrWX2oA6qBdwumlOyVeRNY+V+4aGBK/JZMdEC0XF92pX/Lr8 9Mq+nFMoPQY5Gtxad/SHzxxmPzWAPepZ/PMhMfEbj0ni2be7wlcfO1jwVR7M1lzp 35QJdeTYAwD/bUVcOE42rV/HzVPEHtYh7djuxmxxcPJ35BHTraBFLqQ/u4Dm8zup 73ewk/dQdLcpT1r/JMyG/ylFlKZDnSgCOX/Tgy/8C9qpBaPTW99Sgdk13bUfjinB BZZt5YlpRhqEF06TMoHIFlOSUVlqauUT2oZRFtTP4QaFbXAYSKgRXlyknTp8OFnW g4yGqib/iuK727rplCAH6c52eEpQiPLn54MeyK3oW71X11N8Mnqj2sOvxQRIEv8w SARN7tqVzQ9tqyGbV6eTKB84n8H75grbaN+LlWlZ7pK0B/J82OgSV4xRYkbR7WT1 FiVblcko7sC5KRM4DGF59KuPfGN6ZEWsxcas8hwiZ4LY//y9dI7rbDJmE96O9QEG 9db3uju8cuTHzF9/nZnp72mMjMxXKxH/2SNF96SRRejW4Hfzgobe9DUt7PVJqhqW jTQtIlamoGN995wF1W4x676ekMv+rmtN5831BcNq5bb47+e57qc35hvnTix79+8+ e8NZ3nv7H1UfzI0idNdR =SnOf -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
