From owner-freebsd-questions@FreeBSD.ORG Wed Mar 18 19:00:04 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 51A70B87 for ; Wed, 18 Mar 2015 19:00:04 +0000 (UTC) Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0F8BD93F for ; Wed, 18 Mar 2015 19:00:04 +0000 (UTC) Received: by obbgg8 with SMTP id gg8so39250235obb.1 for ; Wed, 18 Mar 2015 12:00:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=IyTS7+0bssn68i6S+tCLXS4aeNmX6qNqyr7udlPh2yc=; b=voJuUb3AR9ob0kjl9lzspxh8buMe5vznzEBBjz1ejJkGzLaSjdCHAIbSp8B9jcysK6 3zD+NJAZbM3vfGNWtRhuhSb3k5oWHRCwtsNHLzFFYNs1Yd16VR0gRVdvwJ1W+x9qnMO6 gXXkjRu8p4A0FepIsmfTaLFcMTFGUOWTA9nLcuxR2cGW3ENS38V6gW2LQIRFKQbiJsUy 7UMpij8fz4FUg04kjuavELTk4gwASNHdgH3ZC66dYuo4t5t8Og8DhTubE2C+4cDW3W4R cN4w3ARw0weLro+3i4Od9LshjvM55rELhaSxwslmRnIUYopnl5gmTr1vd7WvO/IERchm 4GIA== MIME-Version: 1.0 X-Received: by 10.182.181.72 with SMTP id du8mr22091627obc.71.1426705203326; Wed, 18 Mar 2015 12:00:03 -0700 (PDT) Received: by 10.182.247.74 with HTTP; Wed, 18 Mar 2015 12:00:03 -0700 (PDT) In-Reply-To: References: <5508B8EB.3050907@gmail.com> Date: Wed, 18 Mar 2015 12:00:03 -0700 Message-ID: Subject: Re: FreeBSD recommends not using base unbound for an authoritative server From: jungle Boogie To: Chris Stankevitz Content-Type: text/plain; charset=UTF-8 Cc: freebsd-questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2015 19:00:04 -0000 Hi Chris, On 18 March 2015 at 08:32, Chris Stankevitz wrote: > On Tue, Mar 17, 2015 at 4:29 PM, Jungle Boogie wrote: >> I use unbound from base _only_ at home for recursive DNS stuff. If I were to >> make it authoritative for a domain, I'd use ports or packages because they >> are updated more frequently over what's it base. > > Mr. Boogie, > > Thank you for your reply. Are you referring to security? Is this the > is a correct interpretation of what you are saying: > > "In general, the FreeBSD base software is untrustworthy because it is > infrequently updated. Someone who is interested in security should > avoid the FreeBSD base packages and use ports wherever possible." > No, I wouldn't say untrustworthy nor am I referring to trust at all. If you install unbound from ports/pkg, you'll have unbound (or anything else) updated more frequently over what's in freeBSD base. >From here, we can see how frequently is updated: https://www.freshports.org/dns/unbound/ You may not care about frequent updates, so that's something you'll need to consider. > Thank you, > > Chris -- ------- inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp: jungle-boogie@jit.si