On 11/22/11 02:50, Manuel Ravasio wrote: > Chris, > why would you suggest unbound instead of bind? > Which advantages do you > see? > > Thanks, > Manuel
My answer, Chris's may vary... Long term, BIND is done. Long term, unbound will probably be replacing it in OpenBSD. IF you are doing anything beyond a simple resolver, I'd agree completely...take the time to learn unbound/nsd (or djbdns or ...) However, right now, unbound is a package requiring separate install and maintenance. BIND is pre-configured to be a resolver in OpenBSD, it's chrooted properly...using it is as simple as adding a line in rc.conf.local and pointing /etc/resolv.conf at localhost (this is not true in most other OSs!). Routine OpenBSD upgrades will update named, too. Very minimal effort, and if you aren't a master of DNS, it's a fairly safe config (there are two kinds of Internet service which I really think people should need a license to run -- e-mail and DNS, as when done poorly, both have the ability to hurt others, not just yourself. Assuming any ol' OS's default BIND config is "safe" is not a good idea). My assumption is, if you are ready to punch in someone else's DNS resolver because it is easy, you want the easy way... so I'm recommending OpenBSD's BIND. If you want a good DNS solution...anything BUT BIND, and unbound/nsd would be a good call. Nick.
