On 2015-11-23, Alessandro Baggi <alessandro.ba...@gmail.com> wrote: > Hi list, > I've switched from Obsd 5.3 from Pfsense to try it. Now I want come back > to Obsd. I prefer it. > > Today, the last version is 5.8 and from 5.6 named was replaced from nsd > and unbound. > > The first is only authoritative and the other is
Yes, NSD is authoritative only. > recursive/forwarder/caching/validating/authoritative. No, Unbound is *not* authoritative. For simple use cases Unbound can serve local data - but only for answering queries from standard clients, not from other nameservers. > In my last valid OBSD config, I used named for my lan (not exposed on > internet) only for lan dns serving, not exposed, with recursion and > forwarder. You can do this with just Unbound (local-zone / local-data). You can also do this with a combination of NSD and Unbound if you prefer (configuring Unbound to pass the local zone requests to NSD), but you don't need to. > Now today I've nsd and unbound that I can use on my firewall. > I don't need authoritative server, and I should use unbound. > nsd and unbound have similar syntax and I reading from web I can resolve > dns with each of them. > > Now I'm confused...who use? Correct me if I'm wrong: > > 1) I must use only nsd for authoritative server (internet exposed) for > my ipotetic zone (I can use it in my lan for dns resolver?). > > 2) I can use only unbound for lan dns resolving/caching/validating with > zones if not needed an authoritative domain. > > 3) I can use nsd for authoritative server (internet exposed) and for lan > use unbound as recursive/cache dns with the authoritative server. > > 4) I can use unbound as authoritative server and for recursing and other. > > 5) NSD is the best for authoritative and unbound for other things. You must use an authoritative server (e.g. NSD) to answer external queries (i.e. if your machine is listed as an NS),
