Maintained by: NLnet Labs

[Unbound-users] DNS multiplexer?

Alexander Clouter
Wed Aug 11 16:20:25 CEST 2010


João Damas <joao at bondis.org> wrote:
>
> Does anyone know of any code that will let one to run Unbound and NSD 
> on the same IP address and still use port 53 for listening on both?
> 
> Something like a DNS multiplexer front end, so that the recursive 
> server and the authoritative server are kept separate but the 
> front-end directs queries to one or the other (either based on the RD 
> bit, a locally configured list of zones, e.g. from NSD config, or some 
> other way). Something that is lightweight but avoids having to burn 
> additional IP addresses.
>
You could probably use the iptables u32 match to pick out the RD bit and 
then REDIRECT to 127.0.0.1:53 where unbound is listening; whilst NSD is 
on the public routable address.  Remember to make sure your unbound 
ACL's for who you are willing to do recursion for are in place.

Cheers

-- 
Alexander Clouter
.sigmonster says: BOFH excuse #101:
                  Collapsed Backbone