On 14/01/15 02:33, Jason Adams wrote:
On 01/13/2015 01:26 PM, sven falempin wrote:
Dear OpenBSD users,
Recently unbound made his way in base, pushing the complex bind/named
out for our own good.
I would like to internally and externally solve some domain names
differently (so some service are accessible from inside and outside
without some fancy NAT or worse), I found out 'some' call this setup a
'split-dns', often use for internal mail server.
I also found out BIND got a feature for this and internet gossip
<<
Unbound doesn't support split-horizon DNS. It's primarily meant as a
recursive and caching nameserver, and has only limited support for
serving authoritative answers.
Of course i imagine ran two unbound with two different IP address binding ....
I feel like I am missing something.
If I want to manage my domain , shall I use bind on the 'main' server ?
Best regards.
Split DNS is a very good reason for using bind, and its not that hard to set up.
I could private email you an example.
If unbound doesn't do this, it is missing one of the main reasons people and
institutions
run their own dns servers (whether or not they are behind nat).
I don't agree with the comment above.
Bind combines split-horizon in one process but it's not the recommended
way to do it.
Ideally you need 3 types of DNS servers
1) External/Public authoritative DNS server serving your public zones to
the internet
2) Internal/Private authoritative DNS server serving your intra zones to
the internal network.
Can have the same zones as in 1) but with different NS records and
probably with different entries inside.
3) Internal/Private caching/recursive DNS server for your internal
clients. These servers should query type 2 servers for local zones
Type 2 and 3 should NOT be accessed from the internet.
In advance an authoritative server should NOT be doing recursive queries
cause you're subject to DNS poisoning attacks.
G
ps. in addition one can add a type 4 which would be a hidden
authoritative master to push the zones to rest authoritative servers.
