Maintained by: NLnet Labs

[Unbound-users] DNS multiplexer?

João Damas
Wed Aug 11 16:35:08 CEST 2010


that uses 2 IP addresses though, so why not just give one to the authoritative server and the second one (or vice versa) to the resolver and let each do their thing?

I guess what I was looking for is a bit like a standalone implementation of whatever logic BIND uses to decide whether to answer queries from the authoritative data it has or the cache (and go recurse if necessary), except it would talk to two different processes (unbound and NSD) instead of being contained in a single binary (BIND)

Joao

On 11 Aug 2010, at 16:30, Carsten Strotmann wrote:

> On 8/11/10 2:59 PM, João Damas wrote:
>> Does anyone know of any code that will let one to run Unbound and NSD on the same IP address and still use port 53 for listening on both?
>> 
>> Something like a DNS multiplexer front end, so that the recursive server and the authoritative server are kept separate but the front-end directs queries to one or the other (either based on the RD bit, a locally configured list of zones, e.g. from NSD config, or some other way). Something that is lightweight but avoids having to burn additional IP addresses.
>> 
>> Thanks
>> Joao
>> _______________________________________________
>> Unbound-users mailing list
>> Unbound-users at unbound.net
>> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> Hello Joao,
> 
> I'm not aware of an stand-alone multiplexer. I was looking for a similar
> solution in the past to be able to run unbound and BIND (authoritative
> only, with dynamic DNS zones) on the same physical machine in my home
> network. First I had a setup similar to what Patrik is suggesting
> (unbound on port 53, forwarding local zones to a BIND DNS running on
> port 15353).
> 
> forward-zone:
>        name: "home.strotmann.de"
>        forward-addr: 192.168.1.2:15353
> 
> However that did not work well with dynamic updates, because there is no
> way (to my knowledge) to forward dynamic updates from unbound to a
> different server/port.
> 
> In my current setup I have two IP Addresses on the same NIC on the
> server machine, have unbound listen on the 1st (192.168.1.2) and BIND on
> the 2nd (192.168.1.5). Unbound is forwarding all request for local
> domains to the 2nd IP address on the same physical server box.
> 
> forward-zone:
>        name: "home.strotmann.de"
>        forward-addr: 192.168.1.5
> 
> So unbound works like kind of a multiplexer based on the dns name in the
> query.
> 
> However this is not a recommended setup in a production environment, but
> works fine in my little home network.
> 
> -- Carsten
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users