From owner-freebsd-questions@FreeBSD.ORG Wed Mar 18 20:18:28 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C9367589 for ; Wed, 18 Mar 2015 20:18:28 +0000 (UTC) Received: from cdptpa-oedge-vip.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.229]) by mx1.freebsd.org (Postfix) with ESMTP id 85BED38A for ; Wed, 18 Mar 2015 20:18:27 +0000 (UTC) Received: from [75.187.32.8] ([75.187.32.8:60528] helo=raspberrypi.bildanet.com) by cdptpa-oedge02 (envelope-from ) (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP id D0/69-23556-39DD9055; Wed, 18 Mar 2015 20:18:27 +0000 Received: from [192.168.1.53] (helo=GangGreene.bildanet.com) by raspberrypi.bildanet.com with esmtp (Exim 4.84) (envelope-from ) id 1YYKQ6-0003lf-Np for freebsd-questions@freebsd.org; Wed, 18 Mar 2015 16:18:26 -0400 Message-ID: <5509DD95.2020604@columbus.rr.com> Date: Wed, 18 Mar 2015 16:18:29 -0400 From: Baho Utot User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 CC: FreeBSD Questions Subject: Re: FreeBSD recommends not using base unbound for an authoritative server References: <20150317192847.5b39d1c8@lapsdeb> <5508CAE2.4060300@columbus.rr.com> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-RR-Connecting-IP: 107.14.168.130:25 X-Cloudmark-Score: 0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2015 20:18:28 -0000 On 03/18/15 15:05, jungle Boogie wrote: > Hi Bato, > On 17 March 2015 at 17:46, Baho Utot wrote: >> >> On 03/17/15 19:28, Stephen R Guglielmo wrote: >>> On Tue, 17 Mar 2015 16:25:09 -0700 >>> Chris Stankevitz wrote: >>>> For the same reasons, I'd like to run the base system's unbound to >>>> authoritatively host my DNS... but FreeBSD is discouraging me in >>>> section 29.7.2 of the manual. Why the discouragement? >>> Unbound is only a validating caching resolver. It *can't* be >>> authoritative. >> >> I am using unbound as an authoritative DNS resolver for my home network, it >> also is the caching resolver. >> It runs on a raspberry pi under FreeBSD 11. > Does that mean you're using it to resolve hostnames on your local > network, or is your raspberry pi actually resolving example.com for > requests? Yes it resolves hostnames within the network using an A record. > If it's the former, that means you're adding A records in unbound.conf > and then setting your clients to raspberry pi IP in /etc/resolv.conf Yes > If it's the latter, hopefully you have a backup NS and it's something > a) outside of your home where the raspberry pi is and b) something > more substantial than the raspberry pi. > > See: > https://unbound.net/pipermail/unbound-users/2008-May/000063.html No it is the only NS for the internal lan and it queries the root servers directly to resolve host names that don't have an A record. IE every day normal browsing and email. I also have A records pointing to localhost for all the ad servers so no one gets all the popup ads, no need for adblock. If you have news groups check the mailing lists there and you will see that it is running leafnode and does the nntp for the Lan as well, also it is the email server for the Lan. The raspberry pi is fine, it has been running 24x7 since the B+ model came out and hasn't missed failed ever. May upgrade it to the raspberry pi 2 when freebsd runs on it.