Am 14.05.2015 um 00:59 schrieb Kris Deugau:
As far as running something other than Bind, I'd run it for many years on my old Mandriva box before it crashed. Once I got it up and running (with some help from the Bind users list) I never had one single problem.*nod* I continue to use it on my own server and as a LAN cache because I'm familiar with it and its minor warts don't cause issue. (And one arguable misfeature makes certain parts of managing my own LAN DNS a little simpler.) About all switching would do is give you minor headaches learning the new configuration, and probably fresh new confusing log entries
well, we operate some hundret doomains using BIND as nameservers, but that don't make it the best caching-only resolver while unbound's "cache-min-ttl" helps to reduce the outgoing dns queries to spamhaus by ignore the very low TTL and the config is just simple, evem a tuned one like below
server: verbosity: 1 statistics-interval: 86400 statistics-cumulative: no extended-statistics: no num-threads: 1 outgoing-range: 1024 num-queries-per-thread: 512 msg-cache-slabs: 8 rrset-cache-slabs: 8 infra-cache-slabs: 8 key-cache-slabs: 8 so-rcvbuf: 4m so-sndbuf: 4m minimal-responses: yes msg-cache-size: 96m neg-cache-size: 96m rrset-cache-size: 192m cache-min-ttl: 600 cache-max-ttl: 10800 interface: 127.0.0.1 access-control: 127.0.0.0/8 allow interface-automatic: no port: 53 do-ip4: yes do-ip6: no do-udp: yes max-udp-size: 1024 edns-buffer-size: 1024 do-tcp: yes do-daemonize: yes username: "unbound" use-syslog: yes log-time-ascii: yes hide-identity: yes hide-version: yes harden-glue: yes harden-dnssec-stripped: no harden-referral-path: no use-caps-for-id: no unwanted-reply-threshold: 10000000 do-not-query-localhost: no prefetch: yes prefetch-key: yes
signature.asc
Description: OpenPGP digital signature