Hello
I’m looking to replace our Data Centre DNS software, we run our own private domain example.private and use 10. private IP address range so I’d be looking to use NSD for authoritative responses for the domain & IP block and unbound as a general recursive name server.
Wanted your views really, is this the type of setup where people use NSD/unbound? The documentation leans heavily towards ISP/public service name service …
I have a working setup in test, it seems ok.
Thanks
Angus
A scenario similar to this was what led me to first put NSD/unbound into use. In my case, I had a large test network with 50k randomly generated domain names that existed for e-mail performance testing. The egress server for that network had Unbound running on the public IP addresses and NSD running on localhost, so the authoritative zones were only accessible via Unbound itself. I also had a high performance e-mail sinkhole, so none of the traffic could leak out of the private network.
During testing, I could make BIND fall down easily with < 10k QPS, but Unbound/NSD could easily handle 40k QPS.
HTH
John
No issues at all, and being honest that's a very generic/common use
case. DNS software doesn't tend to be so focused into any specific
niche. NSD/Unbound are sufficiently feature rich and perform well and
the design is superior to common enterprise alternatives.