Maintained by: NLnet Labs

[Unbound-users] unbound views

W.C.A. Wijngaards
Tue Aug 11 15:28:21 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Artis, Attila,

On 08/11/2009 01:55 PM, Artis Caune wrote:
> 2009/8/11 W.C.A. Wijngaards <wouter at nlnetlabs.nl>:
>> Easier to deploy two servers, one for internal, one external.
>> Changing the code to have two unbounds internally that it chooses
>> from based on source IP would be bloat I think.
>>
>> Who needs different resolving for internal and external?
>> Names on the internet are names on the internet, right?

Apologies, this seems to be not very unconfusing from me.
I meant with the above: the problem seems to be the static,
authoritative information that is returned.  With views you
maybe not so interested in actual different recursive resolution
of names on the internet, and this is more about a different
view on the local organisation than a different view on the
internet.  And then I tried to combine this with unbound's
goal of doing recursive lookups in a small and pretty way.

> We also used bind views, but now we use two instances of unbound.
> Views don't really differ from two servers, every view eats it's own
> memory and act just like two separate servers but two servers gives
> you more flexibility.
> We don't have to touch unbound just to change internal/external acl's,
> just change firewall tables and you're done. :)

Cool, that is one solution that provides everything :-)

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkqBcfUACgkQkDLqNwOhpPgIFgCfUKZ15CJXro6SpRw6xCAW4pFc
ce8An3E8jx6WLiwUIUr0ZI/3EMHxOnDp
=JHjs
-----END PGP SIGNATURE-----