Apologies... I found a set of how-tos on the web. They suggest the "use a separate address for the internal nsd". I will change my setup accordingly.
On 11/04/15 09:31, gwes wrote:
Will unbound and nsd be restricted to port 53 only? Restricting unbound and nsd to port 53 would be a flag day for me. I am simulating bind's views for my split horizon by using two copies of nsd, one of which serves external queries and one which unbound queries for internal zones. They share some zone files. The internal and external views are split into separate zone files by a script when one or the other changes. The internal nsd serves from port 10053 so that it isn't visible to random programs expecting a recursive server. Note that port options are explicit in release versions of man unbound.conf and nsd.conf. I am using stub-zone in unbound pointing to my internal nsd on port 10053. Using local-data is both ugly and impractical since my internal zone changes frequently. The solutions I see are: Ideally, implement views in nsd. There is no mention of "split horizon" or "views" in the nsd archive. I haven't looked at their repository to see if there is WIP. My probable solution: add a loopback interface on (say) 127.0.1.1 make unbound and nsd communicate there on port 53 Ugly and philosophically bad: generate unbound.conf from zone files or modify unbound to read zone files Comments? Geoff Steckel
