[Unbound-users] unbound views
Attila Nagy
bra at fsn.hu
Tue Aug 11 19:12:55 UTC 2009
Artis Caune wrote:
> 2009/8/11 W.C.A. Wijngaards <wouter at nlnetlabs.nl>:
>
>> Easier to deploy two servers, one for internal, one external.
>> Changing the code to have two unbounds internally that it chooses
>> from based on source IP would be bloat I think.
>>
>> Who needs different resolving for internal and external?
>> Names on the internet are names on the internet, right?
>>
>
> We also used bind views, but now we use two instances of unbound.
> Views don't really differ from two servers, every view eats it's own
> memory and act just like two separate servers but two servers gives
> you more flexibility.
> We don't have to touch unbound just to change internal/external acl's,
> just change firewall tables and you're done. :)
>
The problem here is that we would need 100s of unbound and their primary
role is not to act as an authoritative server, but as a recursive.
So divide the currently used 8/16GiB of cache with 100s and you will
start to get the point (not talking about the increased complexity of
starting, configuring unbounds and the packet filter).
It is a lot more efficient and simpler to change back to bind then...
This is not an internal/external stuff.
More information about the Unbound-users
mailing list