Maintained by: NLnet Labs

[Unbound-users] stub zone and authoritative answers

Ondřej Surý
Thu Oct 8 13:45:32 CEST 2009


>>> Ok. But i needn't another authoritative server I have a such one - bind.
>>> I just want that unbound set AA flag in the answer packages for my dns
>>> zones.
>>>
>>
>> Why? More specific: Why you need recursive server to return
>> authoritative answer instead of using authoritative server?
>>
>> Ondrej
>>
>
> I dont want to show my authoritative server (bind) to external
> network(internet), because it's heavier
> and slower than unbound. Therefore I want that unbound will answer all dns
> requests, _cache_ them and
> make "bind" life easier.  I regard unbound as a cache layer before
> authoritative server.
>
> internet
>    |
> cache layer (unbound)
>    |
> authoritative servers (bind)
>
> What do you think about such idea? :-)

That it's very bad idea. Use nsd if you want faster and lighter
authoritative DNS server.

You can still have bind as a master, just setup nsd as slave.

Ondrej
-- 
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/