:: Re: [DNG] Unbound details: was Mozi…
Top Page
Delete this message
Reply to this message
Author: Steve Litt
Date:  
To: dng
Subject: Re: [DNG] Unbound details: was Mozilla and cloudflare to hijack all your DNS requests - for your own good of course
On Mon, 20 Aug 2018 11:15:49 +0100
Simon Hobson <linux@???> wrote:

> wirelessduck@??? wrote:
>


> > What’s the general consensus on a good authoritative server to pair
> > with unbound?
> >
> > I can see both knot and nsd are packaged in devuan, but have no
> > experience with any outside BIND9 and macOS.
>
> Well as you already have experience with BIND9 (and presumably, a
> working config) then it would be logical to stick with that. I would
> suggest just using the one package for both authoritative and
> recursive queries rather than running two packages which would mean
> binding them to different IPs so they don't fight over port 53 on the
> same IP.


There are disadvantages to having the same software do both auth and
cache, and BIND is a big honkin complexity. See the djbdns
documentation for details. I think that's why the OP wanted unbound in
the first place.

The unbound man page mentions nsd as an auth server companion to
unbound.

I couldn't exactly understand the docs, but it sounds to me like you
set up nsd on the machine's IP address and unbound either on 127.0.0.1
or on an alias of your machine's IP address. Then, to unbound.conf, you
add a stub zone that points to your nsd server's address.

SteveT

Steve Litt
September 2018 featured book: Quit Joblessness: Start Your Own Business
http://www.troubleshooters.com/startbiz