Thanks for the input Stuart and Bryan, I think the dual-authoritative setup might indeed be overkill. I'll look into unbound local-data options, hadn't considered that.
On Wed, May 27, 2015 at 3:10 PM, Bryan Irvine <sparcta...@gmail.com> wrote: > Additionally to all this good advice, you can create multiple loopback > interfaces if you did want to use divert-to. 'ifconfig create lo1' then you > don't need to use weird ports to accomplish things. > > On Wed, May 27, 2015 at 4:06 AM, Stuart Henderson <s...@spacehopper.org> > wrote: > >> On 2015-05-26, Felipe Scarel <fbsca...@gmail.com> wrote: >> > after reading some documentation on the NSD manpage and online, it >> > seems there's no support for views as offered with BIND. I've gathered >> > that the general suggestion is to run two separate instances (running >> > on 127.0.0.1, for example), and divert traffic from pf depending on >> > the connecting source-address. >> >> What are you using views *for*? >> >> If it's to present some internal-only hosts to a trusted network that >> is also using you as a resolver, just use local-data entries in unbound >> for internal use, and run NSD facing external hosts. Simple setup and >> fairly easy to use. >> >> If it's something more complex (i.e. where you have other resolvers >> querying you and need to present different views to these based on IP >> address etc) then yes you will need two separate authoritative servers >> (or you could keep using BIND for this job of course).
