hi, i'm just noticed unbound and getting confused. nlnetlabs develop nsd and unbound too. why? what's more it seems from the mailing list that the same people involved in both projects? so i've got a few querstions: - why are to different name server? - why not merge the two project? i can even image there are pros and cons for each others. i see nsd is authoritative only, while unbound recursive and caching, but still wouldn't it be possible to merge the two project and make these features configurable? thanks in advance. yours. -- Levente "Si vis pacem para bellum!"
unbound is cache nsd is authoritative like unix philosophy, they are two different tools randy
On Wed, May 21, 2008 at 03:27:22PM +0200, Farkas Levente <lfarkas at bppiac.hu> wrote a message of 19 lines which said:> nlnetlabs develop nsd and unbound too. why?Because one is authoritative-only and the other recursive-only.> - why not merge the two project?That would be fun since most BIND users request a separation between the two functions :-)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Farkas Levente wrote: | hi, | i'm just noticed unbound and getting confused. nlnetlabs develop nsd and | unbound too. why? what's more it seems from the mailing list that the | same people involved in both projects? so i've got a few querstions: | - why are to different name server? | - why not merge the two project? | i can even image there are pros and cons for each others. i see nsd is | authoritative only, while unbound recursive and caching, but still | wouldn't it be possible to merge the two project and make these features | configurable? | thanks in advance. | yours. | Hi Farkas, The projects NSD and Unbound are different, in that NSD is authoritative only and Unbound is meant as a 'client' server (a caching validating recursor). You are correct that that is the difference between the two. It is currently discouraged to run servers that are both authoritative and recursive at the same time (IETF dnsop workgroup). This to limit the number of 'open resolvers' out there, that can become accomplices to DoS and so on. Thus it makes sense to split up into two servers, an authoritative and a recursive one. Also, NSD was kept as small as possible for its job. That is a goal for NSD. Unbound however, does support a small amount of authoritative service, for replying to localhost, blocking 10.in-addr.arpa. and so on. Also, the history of both servers is different, NSD from root service, and Unbound from Versign, Nominet, EP.net, Kirei, java-prototype unbound. Summary: the merge idea was discussed, but we felt that merging DNS authority service and recursion service is not a good thing in general, and thus we shouldn't expend a lot of effort to enable it. Best regards, ~ Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkg0MBYACgkQkDLqNwOhpPiuswCfY1SrYULAGkL2Dt+kcUVNpk1x wKMAmgPJ3RgKs934U2Jo0pVUQWy3sbiK =+eDx -----END PGP SIGNATURE-----
Farkas Levente writes:> - why are to different name server? > - why not merge the two project?And why not merge both of them with emacs? Then we could edit our own zone files (emacs), serve our own zone files (nsd), and cache other people's zones (unbound), all using just one program! Seriously, thanks. I have missed a cache that's as good as nsd. Arnt
Stephane Bortzmeyer wrote:> On Wed, May 21, 2008 at 03:27:22PM +0200, > Farkas Levente <lfarkas at bppiac.hu> wrote > a message of 19 lines which said: > >> nlnetlabs develop nsd and unbound too. why? > > Because one is authoritative-only and the other recursive-only. > >> - why not merge the two project? > > That would be fun since most BIND users request a separation between > the two functions :-)ok i didn't look into the code so i don't know (just ask the authors), but for me it seems there are many overlapping code in these projects (dnssec, resolver, lookup etc). now it seems there are 3 separate project nsd, unbound and ldns which have many common part (eg: drill, unbound-host) and still have different source. at least a common lib makes me happy:-) just a very quick look: http://www.nlnetlabs.nl/nsd/svn/trunk/compat/malloc.c http://www.nlnetlabs.nl/ldns/svn/trunk/compat/malloc.c http://unbound.nlnetlabs.nl/svn/trunk/compat/malloc.c ps. just a small note as i already ask it http://www.nlnetlabs.nl/pipermail/nsd-users/2006-November/000593.html none of them has dynamic update:-( -- Levente "Si vis pacem para bellum!"