On 11/22/11 10:31, Claer wrote: > On Tue, Nov 22 2011 at 13:16, Jan Stary wrote: >> On Nov 22 08:16:21, Nick Holland wrote: >> > Long term, BIND is done. >> > Long term, unbound will probably be replacing it in OpenBSD. >> > >> > IF you are doing anything beyond a simple resolver, I'd agree >> > completely...take the time to learn unbound/nsd (or djbdns or ...) >> > >> > However, right now, unbound is a package requiring separate install and >> > maintenance. >> >> Nick, would you please clarify: >> >> nsd(8) is in base, unbound is a package; >> yet it is unbound who's gonna be the default resolver? >> What is the status of nsd then? (I am just about to try >> it on one of my resolvers). > > NSD is just an autoritative name server that doesn't do cache and does not > answer recursive queries. > nsd and unbound are complementary. > > Claer
right... BIND lumps these two functions together, with the effect of confusing people, but they are really two separate tasks... BE the authoritative source for DNS information about certain zones (nsd, tinydns, etc.) OR find the correct resolution information by checking with other DNS servers, which ARE authoritative (a resolver, like unbound, dnscache, etc.). In the case where you think you want both (i.e., you want resolution of internal names AND external names), it's still easy -- run your authoritative on localhost and your resolver on the external IP, and tell your resolver to consult with your authoritative server for the appropriate subdomains. Really, it works better this way. Nick.
