Re: Replacing bind by unbound

[christos%astron.com@localhost (Christos Zoulas)]

In article <20121031100233.GI14656%mail.duskware.de@localhost>,
Martin Husemann  <martin%duskware.de@localhost> wrote:
>It seems the next major version of bind will not realy be suitable for
>inclusion in the NetBSD base system any more, as it is rumoured to depend
>on boost-libs.
>
>We probably want to have a simple, recursing resolver daemon in base, but
>we certainly do not need anything that is able to be a primary name server
>(we have lots of options for those in pkgsrc).
>
>One obvious candidate to replace bind is unbound (pkgsrc/net/unbound).
>
>I haven't used it much, configuration is very different to bind, but it
>looked good to me (and configuration different to bind is not realy a
>negative point).
>
>What it can not do (easilay/apparently - I didn't dig too deep), which
>I do with bind a lot, is serve a local view of a zone to the inside
>net, that differs from the official outside view. It can be told to use
>a different primary server for such a case though, which would have
>meant for me to run nsd as well on a different port and have unbound
>forward queries there - while with bind I can do this with a single
>daemon.
>
>What do you think?

I think that we should not rush into this. Aside from the different
configuration issues, there are also the administration issues
specially when it comes to DNSSEC. I think that we should import
unbound in the tree, and then provide it as a non-default alternative
to bind. Once we've gained experience with it we can swap the
default and eventually retire bind.

christos