also sprach Robert Edmonds <edmo...@debian.org> [2010.02.01.1338 +1300]: > > I want to use unbound locally to be able to use e.g. local-data, > > and to stub some zones. > > ah, so you have some sort of split horizon DNS setup? in the past > i've seen this done with dnscache, dnsmasq, and i believe it's in > fact built into the macosx stub resolver. of course unbound and > bind can do it too.
I just provide some local zones for kvm/vserver instances, and I override some data (e.g. googleanalytics.com IN A 127.0.0.2) > > Obviously I don't need to tell it about the resolvers because it > > can do it itself (using the root zones), but that's not really > > how DNS was designed: it should ask the resolvers rather than > > the root servers. > > well, no, in fact this is just one possible configuration. Of course it works the other way, but if everyone out there hammered the root-servers, then they'd have a huge problem. > (by root servers, i think you meant content servers, btw.) No, I meant the root-servers, i.e. the servers responsible for the '.' zone. > in principle if everyone switched to the first diagram in 1035 2.2 > there would be global DNS scalability issues, but i don't see any > harm in debian users running unbound in full service mode. they > may even prefer it to avoid censorship and NXDOMAIN rewriting by > ISP resolvers which is unfortunately becoming quite common. Yes, of course. Note that my patch does not turn on recursive resolution by default, it just makes it easier. > well, i am philosophically opposed to the latter configuration. > but i will merge this patch anyway since it seems like useful > functionality to have. Thanks! -- .''`. martin f. krafft <madd...@d.o> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems "men always want to be a woman's first love. women have a more subtle instinct: what they like is to be a man's last romance." -- oscar wilde
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
