From owner-freebsd-questions@FreeBSD.ORG Wed Mar 18 19:49:37 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A1529B29 for ; Wed, 18 Mar 2015 19:49:37 +0000 (UTC) Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1DDF5FA7 for ; Wed, 18 Mar 2015 19:49:37 +0000 (UTC) Received: by lbblx11 with SMTP id lx11so15582787lbb.3 for ; Wed, 18 Mar 2015 12:49:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=NfhltukSR8tXBvCbVfIy0E6eHlcIrq+bDv5oRw8nouc=; b=jySPYZ9zHGLQJGj+ETk0gFX0b+FtexxUFfQdTP5x1Dx3+9jcCPYp91B3HY/GhnU/1d k/GyOkO6IvKxw4aKPPiJdOhnAICd8Abd1xZrGpWnMOqRB/h2hw6kBMeRpuke7S09G9se x4SQOMQP0sS7Dk54XjGOW7roxTUywoUaYvnqOQARz7nz0Y3pYapsIlNMhWzR1HBHBhAl drWUN1B7KEAQfnDpH+zcRT2v54QtJ1fFgUtjoTYjwXWKK5HLAHFtaKzqmkCLR6SVkub8 hYyrl//2pbu19UU3I/A/Hh7QaHa5iWfBtiB5NF487G0luRPVXAS1gyd1hZW16LiMirpL olKg== MIME-Version: 1.0 X-Received: by 10.112.162.232 with SMTP id yd8mr64797743lbb.41.1426708175016; Wed, 18 Mar 2015 12:49:35 -0700 (PDT) Received: by 10.25.212.1 with HTTP; Wed, 18 Mar 2015 12:49:34 -0700 (PDT) In-Reply-To: References: <5508B8EB.3050907@gmail.com> Date: Wed, 18 Mar 2015 12:49:34 -0700 Message-ID: Subject: Re: FreeBSD recommends not using base unbound for an authoritative server From: Chris Stankevitz To: jungle Boogie Content-Type: text/plain; charset=UTF-8 Cc: freebsd-questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2015 19:49:37 -0000 On Wed, Mar 18, 2015 at 12:00 PM, jungle Boogie wrote: > No, I wouldn't say untrustworthy nor am I referring to trust at all. Thank you for the clarification. > If you install unbound from ports/pkg, you'll have unbound (or > anything else) updated more frequently over what's in freeBSD base. > > From here, we can see how frequently is updated: > https://www.freshports.org/dns/unbound/ > > You may not care about frequent updates, so that's something you'll > need to consider. Got it, thank you. In my original post I described my excitement about using the FreeBSD base packages for a number of reasons: - documented in handbook - security problems are described in FreeBSD announcements - easy updates with freebsd-update - infrequent updates >From the responses here, it seems as if those are valid reasons to prefer using the FreeBSD base packages. I'm still left wondering why the FreeBSD handbook recommends favoring ports over base when running an externally visible unbound server. However, from the response I got here it seems clear that the reason is not "security" or "trust". It's just some other [yet unspecified] reason. Thank you again, Chris