On Fri, Sep 16, 2016 at 03:27:38PM -0700, Rick Moen wrote:
good page that, i've read it before but not for some time. IMO a useful addition to it would be a list of authoritative servers that use bind9 RFC-1034 zonefiles.
You know, they kind of _could_ have called that format the RFC-1034 file
typo. i actually meant to type 1035 there, and thought i did.
Anyway, yes, good idea -- and I actually do document RFC 1035 support where I know about it.
yep, saw that which is what gave me the idea for a summary list.
Here's a creative solution from one of the NLnet Labs guys: https://www.nlnetlabs.nl/pipermail/nsd-users/2014-August/001998.html
I saw that last night. It made me realise that probably the best option for me would be to have NSD listen on 203.16.167.1 while Unbound listens on 192.168.10.1 (I run both private and public subnets on my LAN so I can have both private and public hosts and VMs). Then all I'd have to do is configure my LAN hosts and VMs to use 192.168.10.1 as the resolver. Easy. Unbound seems to have all the features I need, including being able to forward requests for specific domains to specific servers (useful, e.g., for resolving private DNS views over a VPN).
Other solutions might beckon if the host is multihomed, e.g., bind NSD to the public-facing real IP, and bind Unbound to the private RFC1918 address.
err, yes. exactly that.
I'm tempted to react 'Fine, let us know when you're done playing standards gods, and I'll start paying attention.'
I mostly just leave things alone and then every 2 or 5 years or so go on a binge of updating everything to the latest standards. Unless I'm bored, or have a particular reason to make changes. craig -- craig sanders <cas@taz.net.au>