Maintained by: NLnet Labs

[Unbound-users] unbound views

Attila Nagy
Tue Aug 11 21:12:55 CEST 2009


Artis Caune wrote:
> 2009/8/11 W.C.A. Wijngaards <wouter at nlnetlabs.nl>:
>   
>> Easier to deploy two servers, one for internal, one external.
>> Changing the code to have two unbounds internally that it chooses
>> from based on source IP would be bloat I think.
>>
>> Who needs different resolving for internal and external?
>> Names on the internet are names on the internet, right?
>>     
>
> We also used bind views, but now we use two instances of unbound.
> Views don't really differ from two servers, every view eats it's own
> memory and act just like two separate servers but two servers gives
> you more flexibility.
> We don't have to touch unbound just to change internal/external acl's,
> just change firewall tables and you're done. :)
>   
The problem here is that we would need 100s of unbound and their primary 
role is not to act as an authoritative server, but as a recursive.
So divide the currently used 8/16GiB of cache with 100s and you will 
start to get the point (not talking about the increased complexity of 
starting, configuring unbounds and the packet filter).
It is a lot more efficient and simpler to change back to bind then...

This is not an internal/external stuff.