Date: Mon, 30 Sep 2013 09:14:25 -0500 From: Mark Felder <feld@FreeBSD.org> To: freebsd-current@freebsd.org Subject: Re: [CURRENT] unbound: zonefiles? Message-ID: <1380550465.17242.28169493.7A4EA8EE@webmail.messagingengine.com> In-Reply-To: <34A20ABE-8490-44E4-9DC5-74B686B09AEC@FreeBSD.org> References: <20130926112648.00422d7a@thor.walstatt.dyndns.org> <1380544116.4383.28120017.649D5F99@webmail.messagingengine.com> <34A20ABE-8490-44E4-9DC5-74B686B09AEC@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 30, 2013, at 8:53, Dimitry Andric wrote: > On Sep 30, 2013, at 14:28, Mark Felder <feld@freebsd.org> wrote: > ... > > BIND functioned as both roles. The lack of separation is often why it is > > criticized. DJB made the separation of roles famous when he released > > DJBDNS which includes two daemons: dnscache and tinydns. > > > > The complementary daemon by the Unbound authors (NLNet Labs) is called > > nsd. This is probably what you're looking for. Please keep in mind you > > cannot run both nsd and unbound on the same IP as they both cannot > > listen on the same port (53). > > Yes, and there is the rub for most 'SOHO' users, who do not win anything > by separating these roles. In such cases, setting up a separate IP > and/or port just to split up authoritative and recursive DNS is rather > inconvenient... > We should update the handbook to point people to the version of BIND in ports. We can't keep BIND 9 in base forever, and BIND 10 would require we import Python... We don't have a lot of options at this point and DES pointed out in his blog that the future of DNS is in base is being reworked for FreeBSD 11. This is just a stopgap.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1380550465.17242.28169493.7A4EA8EE>