Maintained by: NLnet Labs

[Unbound-users] Reverse DNS Caching Proxy (was: Unbound as an "authoritative" cache?)

Ville Mattila
Wed Nov 13 09:40:59 CET 2013


Hi,

On 2013-11-13 10:14, Oliver Peter wrote:
> Jan-Piet brought up the discussion a couple of years ago:
>   http://unbound.net/pipermail/unbound-users/2008-February/000021.html
> 
> Background:  We have indeed a slow master nameserver and we were
> thinking about taking advantage of unbounds fast cache.
> 
> 	-- [ Unbound ] --> [ forward-addr: ] --> [ Master ]
> 
> The problem here is that unbound is doing it's job right:
> 	- mark the reply as RA instead of AA
> 	- countdown the cached TTL
> 
> Furthermore the master also allows AXFR and notifies - stuff that's
> obviously not supported by a resolver.
> 
> Does anyone have an idea how to use unbound in front of an
> authoritative nameserver?

Use NSD instead.  It's fast _authoritative_ name server, can provide
AXFR and send/receive NOTIFYs.  Does not support dynamic updates, though.

https://www.nlnetlabs.nl/projects/nsd/

Thanks,
-- 
Ville Mattila, CSC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xF55B661A.asc
Type: application/pgp-keys
Size: 6992 bytes
Desc: not available
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20131113/886f860a/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20131113/886f860a/attachment.sig>