From owner-freebsd-questions@FreeBSD.ORG Wed Mar 18 19:05:23 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CDD30E22 for ; Wed, 18 Mar 2015 19:05:23 +0000 (UTC) Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8CEBCA3D for ; Wed, 18 Mar 2015 19:05:23 +0000 (UTC) Received: by oigv203 with SMTP id v203so44783423oig.3 for ; Wed, 18 Mar 2015 12:05:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ZJxp3+Ddtu5WD8xwcwYPjnYbwY47hMEc93ngMUUYCCQ=; b=MS+UXb/P93PFbngqh3gU93XvNXaIMbY4Wfk6gimqTBCT6mxSRjzmnbzSA2KDAT3GFh OFULoIB8kMe7mwmarTLtg6xw7RegbvS7TDBQknLJeMqdR3WXAn1lyfN8CNVNZGcGWJiy +YPsuf73g5/CjzF2XLRvjRZp+5BFtDSDl0kQhj9KvmsZPStkUO1tfh6/bnQMudFIQuTO Jmyyr7rTXQevBxk416jVMisfiQdy8UBphPXJsZyLb3zRAkKMpCSzx5EzT7PI1XW1f0f/ rYMgfXj7+iAGCf/hI+nHa1nldxYefDcdSmjkZQkKCFsvxhteVLmXdUxNa2TBdTIoZQ4P tmzw== MIME-Version: 1.0 X-Received: by 10.182.60.197 with SMTP id j5mr58542538obr.85.1426705522758; Wed, 18 Mar 2015 12:05:22 -0700 (PDT) Received: by 10.182.247.74 with HTTP; Wed, 18 Mar 2015 12:05:22 -0700 (PDT) In-Reply-To: <5508CAE2.4060300@columbus.rr.com> References: <20150317192847.5b39d1c8@lapsdeb> <5508CAE2.4060300@columbus.rr.com> Date: Wed, 18 Mar 2015 12:05:22 -0700 Message-ID: Subject: Re: FreeBSD recommends not using base unbound for an authoritative server From: jungle Boogie To: Baho Utot Content-Type: text/plain; charset=UTF-8 Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2015 19:05:23 -0000 Hi Bato, On 17 March 2015 at 17:46, Baho Utot wrote: > > > On 03/17/15 19:28, Stephen R Guglielmo wrote: >> >> On Tue, 17 Mar 2015 16:25:09 -0700 >> Chris Stankevitz wrote: >>> >>> For the same reasons, I'd like to run the base system's unbound to >>> authoritatively host my DNS... but FreeBSD is discouraging me in >>> section 29.7.2 of the manual. Why the discouragement? >> >> Unbound is only a validating caching resolver. It *can't* be >> authoritative. > > > I am using unbound as an authoritative DNS resolver for my home network, it > also is the caching resolver. > It runs on a raspberry pi under FreeBSD 11. Does that mean you're using it to resolve hostnames on your local network, or is your raspberry pi actually resolving example.com for requests? If it's the former, that means you're adding A records in unbound.conf and then setting your clients to raspberry pi IP in /etc/resolv.conf If it's the latter, hopefully you have a backup NS and it's something a) outside of your home where the raspberry pi is and b) something more substantial than the raspberry pi. See: https://unbound.net/pipermail/unbound-users/2008-May/000063.html > > > > -- ------- inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp: jungle-boogie@jit.si