Russell Coker <russell@coker.com.au> writes:
On Thu, 10 Sep 2015 11:52:31 AM Trent W. Buck wrote:
Have you considered nsd3 + unbound instead?
Last time I tried NSD it required a utility from the BIND source tree to copy a zone to a secondary server.
I don't know what you mean by that. I transfer zones between my nsd3 and zonedit using AXFR/IXFR. Some zones I'm the primary, some zones zoneedit is the primary.
It was also annoying to setup. Has it improved in that regard?
The "let <IP> ask you about <zone>" needs two lines per IP, where named needs only one. Other than that, for simple usage, I don't know what you mean. PS: also nsd didn't integrate cleanly with upstart, because "reload" &c causes a PID change.
Apart from being annoying it seemed like a reasonable option. A minimal code base designed to be secure.
For me, the advantage is explicit separation between I'm server zone X to the internet! (nsd3) and I'm a caching proxy for my LAN to get zones from the internet! (unbound) With named wearing both hats, I always worry that in any given setup, I haven't fully removed the unwanted hat.