From owner-freebsd-questions@FreeBSD.ORG Tue Mar 17 23:31:50 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A029B8A0 for ; Tue, 17 Mar 2015 23:31:50 +0000 (UTC) Received: from mail-pd0-x231.google.com (mail-pd0-x231.google.com [IPv6:2607:f8b0:400e:c02::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 71D9C6C for ; Tue, 17 Mar 2015 23:31:50 +0000 (UTC) Received: by pdbop1 with SMTP id op1so23697593pdb.2 for ; Tue, 17 Mar 2015 16:31:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=vRiu+IrT2k8i4f4utqKrkEwyLQP1QUcvafwTk96uSH8=; b=Sl7vua4DKAsLGTLqh1fHyXDFmkE5PD56CTAHQD+F1DTYoVBD28BV+tU8DehojCzxOo 37XLftNlBbbh5ZGY1Yx9xjImRHUc/yDOCV5vDxDPuMh7C2zAE3Ar1ap6cNdEWoviDrT0 E5+HHrr9JJm/oO/cTyxiwVzmoa7KtUS7b3X1123LVFwdcqK6+XtQmXJvDIJYZdaiPmHq FhzbZ3UgPl1p07YFhVRg/ad35KMyrWo46fdnHkexInyAKPBIIyk32KcnpRY9OTdhLnLB jiM0m4l0K7aeUe0d3Uq18PtmIMy2swYzWVEYz5dSv27qmji0Yl+sgl6/YArr/q80aU4P 7fOA== X-Received: by 10.70.88.172 with SMTP id bh12mr136552864pdb.52.1426635110064; Tue, 17 Mar 2015 16:31:50 -0700 (PDT) Received: from [192.168.1.34] ([209.12.167.61]) by mx.google.com with ESMTPSA id y1sm24186945pdb.74.2015.03.17.16.31.49 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Mar 2015 16:31:49 -0700 (PDT) Message-ID: <5508B8EB.3050907@gmail.com> Date: Tue, 17 Mar 2015 16:29:47 -0700 From: Jungle Boogie User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: FreeBSD recommends not using base unbound for an authoritative server References: In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Mar 2015 23:31:50 -0000 Dear Chris, -------------------------------------------- From: Chris Stankevitz Sent: Tue, 17 Mar 2015 16:25:09 -0700 To: freebsd-questions@freebsd.org Subject: FreeBSD recommends not using base unbound for an authoritative server > Hello, > > I use the base system sendmail instead of ports procmail because: > - documented in manual > - security problems are described in FreeBSD announcements > - easy updates with freebsd-update > - infrequent updates > > For the same reasons, I'd like to run the base system's unbound to > authoritatively host my DNS... but FreeBSD is discouraging me in > section 29.7.2 of the manual. Why the discouragement? > I use unbound from base _only_ at home for recursive DNS stuff. If I were to make it authoritative for a domain, I'd use ports or packages because they are updated more frequently over what's it base. If you're going to actually to authoritatively resolve for your domain, I think you want NSD: https://en.wikipedia.org/wiki/NSD > Thank you, > > Chris -- inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp: jungle-boogie@jit.si