hi,
i'm just noticed unbound and getting confused. nlnetlabs develop nsd and unbound too. why? what's more it seems from the mailing list that the same people involved in both projects? so i've got a few querstions:
- why are to different name server?
- why not merge the two project?
i can even image there are pros and cons for each others. i see nsd is authoritative only, while unbound recursive and caching, but still wouldn't it be possible to merge the two project and make these features configurable?
thanks in advance.
yours.
unbound is cache
nsd is authoritative
like unix philosophy, they are two different tools
randy
a message of 19 lines which said:
nlnetlabs develop nsd and unbound too. why?
Because one is authoritative-only and the other recursive-only.
- why not merge the two project?
That would be fun since most BIND users request a separation between
the two functions 
nlnetlabs develop nsd and unbound too. why?
It seems you've answered your own question:
> i see nsd is
> authoritative only, while unbound recursive and caching
- why not merge the two project?
Believe it or not, there are people who *don't want* authoritative and
caching services in one binary, configurable or not. BIND has both
features rolled into one (you configure it to behave auth and/or
caching), whereas NSD is authoritative-only and Unbound is caching-only.
-JP
Farkas Levente wrote:
hi,
i'm just noticed unbound and getting confused. nlnetlabs develop nsd and
unbound too. why? what's more it seems from the mailing list that the
same people involved in both projects? so i've got a few querstions:
- why are to different name server?
- why not merge the two project?
i can even image there are pros and cons for each others. i see nsd is
authoritative only, while unbound recursive and caching, but still
wouldn't it be possible to merge the two project and make these features
configurable?
thanks in advance.
yours.
Hi Farkas,
The projects NSD and Unbound are different, in that NSD is authoritative
only and Unbound is meant as a 'client' server (a caching validating
recursor). You are correct that that is the difference between the two.
It is currently discouraged to run servers that are both authoritative
and recursive at the same time (IETF dnsop workgroup). This to limit the
number of 'open resolvers' out there, that can become accomplices to DoS
and so on.
Thus it makes sense to split up into two servers, an authoritative and a
recursive one.
Also, NSD was kept as small as possible for its job. That is a goal for
NSD. Unbound however, does support a small amount of authoritative
service, for replying to localhost, blocking 10.in-addr.arpa. and so on.
Also, the history of both servers is different, NSD from root service,
and Unbound from Versign, Nominet, EP.net, Kirei, java-prototype unbound.
Summary: the merge idea was discussed, but we felt that merging DNS
authority service and recursion service is not a good thing in general,
and thus we shouldn't expend a lot of effort to enable it.
Best regards,
~ Wouter
Farkas Levente writes:
- why are to different name server?
- why not merge the two project?
And why not merge both of them with emacs? Then we could edit our own zone files (emacs), serve our own zone files (nsd), and cache other people's zones (unbound), all using just one program!
Seriously, thanks. I have missed a cache that's as good as nsd.
Arnt
Stephane Bortzmeyer wrote:
a message of 19 lines which said:
nlnetlabs develop nsd and unbound too. why?
Because one is authoritative-only and the other recursive-only.
- why not merge the two project?
That would be fun since most BIND users request a separation between
the two functions
ok i didn't look into the code so i don't know (just ask the authors), but for me it seems there are many overlapping code in these projects (dnssec, resolver, lookup etc). now it seems there are 3 separate project nsd, unbound and ldns which have many common part (eg: drill, unbound-host) and still have different source. at least a common lib makes me happy:-)
just a very quick look:
http://www.nlnetlabs.nl/nsd/svn/trunk/compat/malloc.c
http://www.nlnetlabs.nl/ldns/svn/trunk/compat/malloc.c
http://unbound.nlnetlabs.nl/svn/trunk/compat/malloc.c
ps. just a small note as i already ask it
http://www.nlnetlabs.nl/pipermail/nsd-users/2006-November/000593.html
none of them has dynamic update:-(
Farkas Levente píše v St 21. 05. 2008 v 16:42 +0200:
Stephane Bortzmeyer wrote:
> a message of 19 lines which said:
>
>> nlnetlabs develop nsd and unbound too. why?
>
> Because one is authoritative-only and the other recursive-only.
>
>> - why not merge the two project?
>
> That would be fun since most BIND users request a separation between
> the two functionsok i didn't look into the code so i don't know (just ask the authors),
but for me it seems there are many overlapping code in these projects
(dnssec, resolver, lookup etc). now it seems there are 3 separate
project nsd, unbound and ldns which have many common part (eg: drill,
unbound-host) and still have different source.
drill and unbound-host are really different tools. bind9 has host and
dig as well and they're used for different purposes.
at least a common lib makes me happy:-)
Unbound uses ldns library. AFAIK NSD doesn't need ldns since it's not
a _client_ only a server. And only function it uses from DNSSEC is
TSIG.
just a very quick look:
http://www.nlnetlabs.nl/nsd/svn/trunk/compat/malloc.c
http://www.nlnetlabs.nl/ldns/svn/trunk/compat/malloc.c
http://unbound.nlnetlabs.nl/svn/trunk/compat/malloc.c
You picked wrong example. Those are just _compat_ functions to support
different platforms.
And unbound uses ldns library.
ps. just a small note as i already ask it
http://www.nlnetlabs.nl/pipermail/nsd-users/2006-November/000593.html
none of them has dynamic update:-(
And Wouter gave you perfect reasoning why NSD doesn't have dynamic
updates.
Ondrej.
Farkas Levente wrote:
(dnssec, resolver, lookup etc). now it seems there are 3 separate
project nsd, unbound and ldns which have many common part (eg: drill,
unbound-host) and still have different source. at least a common lib
makes me happy:-)
just a very quick look:
http://www.nlnetlabs.nl/nsd/svn/trunk/compat/malloc.c
http://www.nlnetlabs.nl/ldns/svn/trunk/compat/malloc.c
http://unbound.nlnetlabs.nl/svn/trunk/compat/malloc.c
one additional little piece of recent history regarding that third
project, ldns; back in the day when unbound wasn't in the picture yet,
we chose to keep anything but the most basic things (like malloc and
buffers) separate for NSD and ldns, for a few reasons.
One of which was the goal of having separate code bases for the two
projects in itself, so we could test both, and the RFCs they were based
on, for interoperability, and regression (the NSD release cycle includes
a suite of tests, amongst which quite a few that use ldns)
Unbound does use and rely on ldns, and ldns has had quite a few
improvements from unbounds' use of it, which are slated for release.
But there still is a lot of overlap in functionality both their code
bases. The reason for this is partly the same as the one above, but
mostly that the 'non-functional' requirements are quite different:
unbound is meant to be 'lean and mean', more efficient than a hungry
school of piranha's, and optimized and designed purely for resolving and
validating, while ldns is a general library (and by now, a general dns
toolkit), where speed and efficiency are less important than general
functionality and ease of use for developers.
Unbound and NSD are, as said before, two different beasts, who happen to
be able to talk to each other.
Jelte