Artis Caune wrote: > 2009/8/11 W.C.A. Wijngaards <wouter at nlnetlabs.nl>: > >> Easier to deploy two servers, one for internal, one external. >> Changing the code to have two unbounds internally that it chooses >> from based on source IP would be bloat I think. >> >> Who needs different resolving for internal and external? >> Names on the internet are names on the internet, right? >> > > We also used bind views, but now we use two instances of unbound. > Views don't really differ from two servers, every view eats it's own > memory and act just like two separate servers but two servers gives > you more flexibility. > We don't have to touch unbound just to change internal/external acl's, > just change firewall tables and you're done. :) > The problem here is that we would need 100s of unbound and their primary role is not to act as an authoritative server, but as a recursive. So divide the currently used 8/16GiB of cache with 100s and you will start to get the point (not talking about the increased complexity of starting, configuring unbounds and the packet filter). It is a lot more efficient and simpler to change back to bind then... This is not an internal/external stuff.