From owner-freebsd-current@FreeBSD.ORG Mon Sep 30 12:28:37 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id E52F79E8 for ; Mon, 30 Sep 2013 12:28:37 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B99932224 for ; Mon, 30 Sep 2013 12:28:37 +0000 (UTC) Received: from compute6.internal (compute6.nyi.mail.srv.osa [10.202.2.46]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 7EA5021A44 for ; Mon, 30 Sep 2013 08:28:36 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute6.internal (MEProxy); Mon, 30 Sep 2013 08:28:36 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:in-reply-to:references :subject:date; s=smtpout; bh=CNt0FBNB9g2Vq1ePgw+VMzp9eLA=; b=VTZ zCvVZdonecqySMdqwndEFFONCM44JbJ2gh7JsUNng5JdXLxOA719eevlYAlBWFGD QLDDSkIkTzTBN4NCrubhyE0D+Di8D+uZ/TsB0rwXLShqvxOwzH9I8zXB3LVr7ovR lstjKKKJNrRH/FywjPlJVstDKwPx7gMXzvm0qegU= Received: by web3.nyi.mail.srv.osa (Postfix, from userid 99) id 5D94AB01EC1; Mon, 30 Sep 2013 08:28:36 -0400 (EDT) Message-Id: <1380544116.4383.28120017.649D5F99@webmail.messagingengine.com> X-Sasl-Enc: Hy6VuRzCp7eQuMs43wcrGzI28szxZmVrI6+dkNPorS81 1380544116 From: Mark Felder To: freebsd-current@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-ce174988 In-Reply-To: <20130926112648.00422d7a@thor.walstatt.dyndns.org> References: <20130926112648.00422d7a@thor.walstatt.dyndns.org> Subject: Re: [CURRENT] unbound: zonefiles? Date: Mon, 30 Sep 2013 07:28:36 -0500 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Sep 2013 12:28:38 -0000 On Thu, Sep 26, 2013, at 4:26, O. Hartmann wrote: > > I try my first steps with "unbound" on most recent current and snealing > through the web I find interesting things and howto's. But I realise if > I'd like to replace my office's DNS server (based on BIND as it was > part of the FreeBSD world) I run into a serious problem regarding the > zone- and authorative files keeping all the PTR and A records. As I can > see in the unbound.conf, the statements of those files (address to name > resolution, name to address resolution) is now somehow hard coded into > unbound.conf via those appropriate config tags like local-zone and > local-data. Since I have some larger files defining a local domain, > I'd expect having a data file to be loaded. > Unbound exists as a project to be a very fast, lightweight, and secure DNS *recursor*. It is not meant to be authoritative for DNS zones; it's for caching lookups only. However, they did include the ability for you to manually configure zones/records in its config file but it's not very robust. I use it to set a single static record on my LAN, but it is of no use to the outside world. If I opened it to the outside world I'd just end up with an open DNS resolver which is a very bad idea. (openresolvers.org) BIND functioned as both roles. The lack of separation is often why it is criticized. DJB made the separation of roles famous when he released DJBDNS which includes two daemons: dnscache and tinydns. The complementary daemon by the Unbound authors (NLNet Labs) is called nsd. This is probably what you're looking for. Please keep in mind you cannot run both nsd and unbound on the same IP as they both cannot listen on the same port (53).