>> BIND lumps these two functions together, with the effect of confusing >> people, but they are really two separate tasks...
It allows you to lump these two functions together (not sure if this is still true about BIND 10), but it is still recommended to split them. > Unless I'm misreading you, what you say doesn't make much sense. It > has its use-case, fine; when you just need the resolver. e.g., typical > home user where s/he doesn't host domains. But at this point you might > as well use your ISP's DNS service -- it's not reliable? that's a > different issue and not one you and should set out to solve for every > one out there. > > But for a small "business" where they have their own domain, running > an authoritative DNS server, and local users using the intertubes, > that service needs to also do the recursive lookups. > > The setup you suggest is more involved. Two servers: one resolving, > and the other dealing w/the authoritative responses. For anything other than hosting your *own* domains on, it really is better to split. Otherwise what happens is domains get transferred away, NS changes made, etc, and you end up with out-of-date zone data. Lots of ISPs used to do this and it was a really big problem. Separating authoritative + resolving nameserver instances has long been the recommended practice. For serving just a few records (like local servers on a home or small business network), then unbound is perfectly useful on its own, you can add these with "local-zone" and "local-data" lines in the configuration. This is a good compromise; it's actually easier to setup in the simple case, but a bit unwieldy in the case with large amounts of data which encourages you to configure a separate daemon (which is a good thing).
