Is it not possible to run both a caching lookup server using Unbound (in FreeBSD 10) and an authoritative server using NSD (installed from ports) on the same box?
BIND used to perform both functions as I remember, provided you configured it as such. Does NSD also do caching?
We have a /27 so I could configure one or the other to listen on a different IP, but only if I really have to.
I got: service local_unbound start Performing initial setup.
Extracting forwarders from /etc/resolv.conf. /var/unbound/forward.conf created /var/unbound/unbound.conf created /etc/resolvconf.conf created original /etc/resolv.conf saved as /etc/resolv.conf.20140805.185119
Starting local_unbound. [1407279079] unbound[7957:0] error: bind: address already in use [1407279079] unbound[7957:0] fatal error: could not open ports /etc/rc.d/local_unbound: WARNING: failed to start local_unbound
Is it not possible to run both a caching lookup server using Unbound (in
FreeBSD 10) and an authoritative server using NSD (installed from ports) on
the same box?
It is possible, but not using the same address+port of course. One
solution is to have NSD only listen on localhost while unbound listens
on the external adress. You can then use stub-zone configuration in
unbound to make it use the localhost adress for lookups in any zone you
are serving from NSD.
This is what i do for my home network, for a production setup I would
rather keep authorative and caching DNS services fully separated.
BIND used to perform both functions as I remember, provided you configured
it as such. Does NSD also do caching?
Just to be clear: this method works fine when providing data for a
private zone. If you are supposed to publish the server as a source of
authorative data via NS records then this is not an appropriate
solution since the answers will not have the AA bit set etc.
Is it not possible to run both a caching lookup server using Unbound
(in FreeBSD 10) and an authoritative server using NSD (installed from
ports) on the same box?
I run both unbound and nsd in the very same jail.
Nsd as authoritative nameserver listens at public-IPv4:53 natted to that
jail's internal IPv4 *and* public-IPv6 directly bound to that specific
jail.
Unbound listens to some other local-IPv4:53 bound to that jail.
resolv.conf will guide all local sevices running at host or in all other
available jails to that local-IP:53 of the listening unbound server.
Thanks for the tip. I'm running this on an all-in-one hobby server. Now you have me thinking that when I had dual-use going on BIND that I had the same faulty setup in regards to AA bits.
My guess is that you did not have that problem, since BIND would know if
the query was for a zone it was authorative for or not. When using the
setup I described you are never talking to the authorative service
directly.