On Tue, Aug 11, 2009 at 02:55:45PM +0300, Artis Caune wrote: > 2009/8/11 W.C.A. Wijngaards <wouter at nlnetlabs.nl>: > > Easier to deploy two servers, one for internal, one external. > > Changing the code to have two unbounds internally that it chooses > > from based on source IP would be bloat I think. > > > > Who needs different resolving for internal and external? > > Names on the internet are names on the internet, right? > > We also used bind views, but now we use two instances of unbound. > Views don't really differ from two servers, every view eats it's own > memory and act just like two separate servers but two servers gives > you more flexibility. > We don't have to touch unbound just to change internal/external acl's, > just change firewall tables and you're done. :) > (I didn't read the whole discussion) Maybe it's a good idea to have the one for external be the forwarder for the one for internal, that safes on queries to the internet. We do something similair.