From owner-freebsd-current@FreeBSD.ORG Mon Sep 30 13:53:34 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 7174FD54; Mon, 30 Sep 2013 13:53:34 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from tensor.andric.com (tensor.andric.com [87.251.56.140]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 31618286A; Mon, 30 Sep 2013 13:53:33 +0000 (UTC) Received: from coleburn.avinity.tv (host-229-161-243.77.avinity.tv [77.243.161.229]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id B8A6E5C44; Mon, 30 Sep 2013 15:53:25 +0200 (CEST) Content-Type: multipart/signed; boundary="Apple-Mail=_09407B71-A1DC-4E25-A526-3E1284452C9C"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: [CURRENT] unbound: zonefiles? From: Dimitry Andric In-Reply-To: <1380544116.4383.28120017.649D5F99@webmail.messagingengine.com> Date: Mon, 30 Sep 2013 15:53:15 +0200 Message-Id: <34A20ABE-8490-44E4-9DC5-74B686B09AEC@FreeBSD.org> References: <20130926112648.00422d7a@thor.walstatt.dyndns.org> <1380544116.4383.28120017.649D5F99@webmail.messagingengine.com> To: Mark Felder X-Mailer: Apple Mail (2.1510) Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Sep 2013 13:53:34 -0000 --Apple-Mail=_09407B71-A1DC-4E25-A526-3E1284452C9C Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii On Sep 30, 2013, at 14:28, Mark Felder wrote: ... > BIND functioned as both roles. The lack of separation is often why it is > criticized. DJB made the separation of roles famous when he released > DJBDNS which includes two daemons: dnscache and tinydns. > > The complementary daemon by the Unbound authors (NLNet Labs) is called > nsd. This is probably what you're looking for. Please keep in mind you > cannot run both nsd and unbound on the same IP as they both cannot > listen on the same port (53). Yes, and there is the rub for most 'SOHO' users, who do not win anything by separating these roles. In such cases, setting up a separate IP and/or port just to split up authoritative and recursive DNS is rather inconvenient... -Dimitry --Apple-Mail=_09407B71-A1DC-4E25-A526-3E1284452C9C Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iEYEARECAAYFAlJJglQACgkQsF6jCi4glqN6igCg36Re4yggXVkyWcOK3tgVose8 W/oAnR5w3b3VSrzH9gTugui574WfOfgL =rrP7 -----END PGP SIGNATURE----- --Apple-Mail=_09407B71-A1DC-4E25-A526-3E1284452C9C--