Maintained by: NLnet Labs

[Unbound-users] DNS multiplexer?

Carsten Strotmann
Wed Aug 11 16:30:33 CEST 2010


 On 8/11/10 2:59 PM, João Damas wrote:
> Does anyone know of any code that will let one to run Unbound and NSD on the same IP address and still use port 53 for listening on both?
>
> Something like a DNS multiplexer front end, so that the recursive server and the authoritative server are kept separate but the front-end directs queries to one or the other (either based on the RD bit, a locally configured list of zones, e.g. from NSD config, or some other way). Something that is lightweight but avoids having to burn additional IP addresses.
>
> Thanks
> Joao
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Hello Joao,

I'm not aware of an stand-alone multiplexer. I was looking for a similar
solution in the past to be able to run unbound and BIND (authoritative
only, with dynamic DNS zones) on the same physical machine in my home
network. First I had a setup similar to what Patrik is suggesting
(unbound on port 53, forwarding local zones to a BIND DNS running on
port 15353).

forward-zone:
        name: "home.strotmann.de"
        forward-addr: 192.168.1.2:15353

However that did not work well with dynamic updates, because there is no
way (to my knowledge) to forward dynamic updates from unbound to a
different server/port.

In my current setup I have two IP Addresses on the same NIC on the
server machine, have unbound listen on the 1st (192.168.1.2) and BIND on
the 2nd (192.168.1.5). Unbound is forwarding all request for local
domains to the 2nd IP address on the same physical server box.

forward-zone:
        name: "home.strotmann.de"
        forward-addr: 192.168.1.5

So unbound works like kind of a multiplexer based on the dns name in the
query.

However this is not a recommended setup in a production environment, but
works fine in my little home network.

-- Carsten