Quoting wirelessd...@gmail.com (wirelessd...@gmail.com): > I want to switch from macOS Server to unbound for a local LAN DNS as > its DNS features will be deprecated soon, but my reading tells me that > unbound only acts as a recursive nameserver, not authoritative. > > What’s the general consensus on a good authoritative server to pair > with unbound?
NSD, from the same authors. IMO. If you can run those distinct functions (authoritative and recursive) on different IPs, good, and that's recommended security practice in any event. (The recursive server logically should be an inside machine and well protected.) If you cannot, then there are a couple of different ways of running both daemons on the same IP. My favourite at the moment is to use dnsproxy. But.... You said 'local LAN DNS'. This leaves me wondering whether you really need a full-blown authoritative server for that use-case. In case you were unaware, Unbound does do "stub-zones", which might be enough for your local-LAN needs. > I can see both knot and nsd are packaged in devuan, but have no > experience with any outside BIND9 and macOS. I respect Knot DNS, but have no direct experience with it. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
