From owner-freebsd-questions@FreeBSD.ORG  Tue Mar 17 23:25:11 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E8D316FA
 for <freebsd-questions@freebsd.org>; Tue, 17 Mar 2015 23:25:11 +0000 (UTC)
Received: from mail-la0-x22c.google.com (mail-la0-x22c.google.com
 [IPv6:2a00:1450:4010:c03::22c])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6A689F2C
 for <freebsd-questions@freebsd.org>; Tue, 17 Mar 2015 23:25:11 +0000 (UTC)
Received: by lagg8 with SMTP id g8so22224951lag.1
 for <freebsd-questions@freebsd.org>; Tue, 17 Mar 2015 16:25:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=yHxFp2abcQF3RbebjL2gahyKK/eU+AQDkSWGyhsY5fA=;
 b=DiUQR4FisFz1UW+fzblIeIIXPOCVAfKk7SgGF1yxQTllNBHmKtGiTU8yNoMJewVvvg
 yD28M95shtqLkOEiGzZv87YimMkAoDoEfTYpqf3L8JGAB2fekPvKacPlsw7z3zNb+E/l
 QN08BUhSj7VCDqr9ZNYtc4Lxunv7LGjIPmfhGo7CPmlQx2fzXJ9QABCYJ5w6ZlBS+sP+
 7VNtnAA49yynmOt5z+4YYnfBm56WWZQJPtGHS1KPs08bPTp89wxx7iNa+7O0//8T1q5j
 rAwrY+b5dYrkQS9qOMhtnbn902qjUtpgH3lu0bBs70ig1yrV/sgckogYIaPadE/CtybZ
 IQwg==
MIME-Version: 1.0
X-Received: by 10.152.22.1 with SMTP id z1mr50244237lae.114.1426634709171;
 Tue, 17 Mar 2015 16:25:09 -0700 (PDT)
Received: by 10.25.212.1 with HTTP; Tue, 17 Mar 2015 16:25:09 -0700 (PDT)
Date: Tue, 17 Mar 2015 16:25:09 -0700
Message-ID: <CAPi0pssPrcJgF71AvQ-M1RZt=+tv=6FTGtwhi9_bX6-Q-7b7cQ@mail.gmail.com>
Subject: FreeBSD recommends not using base unbound for an authoritative server
From: Chris Stankevitz <chrisstankevitz@gmail.com>
To: freebsd-questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 23:25:12 -0000

Hello,

I use the base system sendmail instead of ports procmail because:
- documented in manual
- security problems are described in FreeBSD announcements
- easy updates with freebsd-update
- infrequent updates

For the same reasons, I'd like to run the base system's unbound to
authoritatively host my DNS... but FreeBSD is discouraging me in
section 29.7.2 of the manual.  Why the discouragement?

===

https://www.freebsd.org/doc/handbook/network-dns.html

Section 29.7.2

While the base system package can be configured to provide resolution
services beyond the local machine, it is recommended that such
requirements be addressed by installing Unbound from the FreeBSD Ports
Collection.

===

Thank you,

Chris