From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 10 07:28:07 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 60A79106567A for ; Tue, 10 Jul 2012 07:28:07 +0000 (UTC) (envelope-from mwm@mired.org) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 01FE38FC12 for ; Tue, 10 Jul 2012 07:28:06 +0000 (UTC) Received: by qcsg15 with SMTP id g15so8113774qcs.13 for ; Tue, 10 Jul 2012 00:28:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:organization :x-mailer:face:mime-version:content-type:content-transfer-encoding :x-gm-message-state; bh=KzDVuOVMTj/BbIJ9trMOeBVYCMEC7iUHAoB3aiqfkYU=; b=SaM73NtNRPmXeh+FYhLBrcu8kQgr4+DzJX1EfWh2CzaBCiMxudEMormdVFRYahZ21V hE68hqYXOo23YaJLjftidw6EloUHyEXNguzaNKDEOAXvGZIY/Mj2BfqVa/4c8rdL0zly Fqac58pcioHRudnHmQlvNhh5S5kNemu9EyQ/Wp8o/ByXaMgicspSIyPF0yh9VpzDQASs gjZWoU2aFsdLykKxHFn2EUfLJmw2G6FpfQ0OALMEBcMYKEQa5AzEt1CmqW1JF5H5+dX3 W5npkuQ3Y9KY0m7BcfZufJQGjoLa+/g40xtUyNljurWMtSd6Fxy2YP+IuRMn+r+NNqKl mn5A== Received: by 10.229.115.12 with SMTP id g12mr22057300qcq.58.1341905286401; Tue, 10 Jul 2012 00:28:06 -0700 (PDT) Received: from bhuda.mired.org (74-140-201-117.dhcp.insightbb.com. [74.140.201.117]) by mx.google.com with ESMTPS id n2sm64662334qap.10.2012.07.10.00.28.05 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 10 Jul 2012 00:28:06 -0700 (PDT) Date: Tue, 10 Jul 2012 03:28:03 -0400 From: Mike Meyer To: freebsd-hackers@freebsd.org Message-ID: <20120710032803.55d30a7d@bhuda.mired.org> In-Reply-To: <4FFBD5D0.8020306@FreeBSD.org> References: <89AB703D-E075-4AAC-AC1B-B358CC4E4E7F@lists.zabbadoz.net> <4FF8C3A1.9080805@FreeBSD.org> <0AFE3C4A-22DB-4134-949F-4D05BBFC4C6C@lists.zabbadoz.net> <4FF8CA35.7040209@FreeBSD.org> <4FF952FB.10200@FreeBSD.org> <4FFACB51.90001@brodnik.org> <20120709204749.GA88274@server.rulingia.com> <4FFB447F.9020001@FreeBSD.org> <20120710024605.GA90875@server.rulingia.com> <4FFBD5D0.8020306@FreeBSD.org> Organization: Meyer Consulting X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAG1BMVEXguIzRkGnhyaz069mXhW0WHRnbrnR9WCQ6LB0CchNMAAACSUlEQVQ4jV2TQW7jMAxFGaPQOgQEdZaGMsgBrAvUA03dCxj1Uu4U2gfwQD7AGNax51NK07RcxXz6/CSl0Ij450vkPG1jzpIZM1UwDCl/xB14TWnNX8A00Qj5a0mnVFVbVUz4MeErea2HikSRqZzY894zwg9p2+/AtO8LzxFED+tNAUFeU29iFOLRxlZAcdo9A8wi8ZBMV4BKPde82Oxrvs6BTkulQIClte0DLFzzsKk9j1MBex8iUaP00Bd78S/muyFScrTXz6zLkEUxJp+SabQfNOs4f4Jpx5qSZ/304PWwlEWP1cOn/mJQR7EOD+uKhjcBLziuL7xoY5Xm+VFAUSw/LwwwsHEHxihpwV4EJH0xXRkbw1PkRw+X4pEuSJwBggqk+HEYKkiL5/74/nQkogigzQsAFrakxZyfw3wMIEEZPv4AWMfxwqE5GNxGaERjmH+PG8AE0L4/w9g0lsp1raLYAN5azQa+AOoO9NwcpFkTrG2VKNMNEL5UKUUAw34tha0z7onUG0oBoNtczE04GwFE3wCHc0ChezAJ6A1WMV81AtY7wDAJSlXwV+4cwBvsOsrQMRawfQEBz0deEZ7WNpV2szckIKo5VpDHDSDvF1GItwqqAlG01Hh50BGtVhuUkjkasg/14bYFGCgWg1fSWHvmOoJck2xdp9ZvZBHzDVTzX23TkrOn7qe5U2COEw5D4Vx3qEQpFY2Z/3QFnJxzp7YCmSMG19nOUoe869zZfOQb5ywQuWu0yCn5+8gxZz+BE7vG3j4/wbf4D/sXN9Wug1s7AAAAAElFTkSuQmCC Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQmZUGGAxw9QEcbkOuhsXTvyMLWJ5RrL/cc5vuK3f5byDWwvNdWaEQqHJdaoTI3akg9tsQfP Subject: Re: Replacing BIND with unbound 9.1 code freeze?) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 07:28:07 -0000 On Tue, 10 Jul 2012 00:12:16 -0700 Doug Barton wrote: > On 07/09/2012 19:46, Peter Jeremy wrote: > > As I see it, FreeBSD systems fall roughly into 3 categories: > > 1) Client systems that need to lookup external DNS servers only. > > 2) SOHO systems that primarily do external lookups but need to > > be internally authoritative about their local network. > > 3) Systems that are primarily DNS servers. > > > > I think the majority of the remaining unease in this thread comes from > > people who administer systems in the second category. I (and I expect > > lots of other people) use bind for this solely because it is in the > > base system, not because it is the best tool for the job. > > Well that's yet another reason to take it out of the base so that people > can analyze this critically. :) > > Seriously though, "install BIND from ports" is still a good answer to > this use case. I'd argue that BIND 9.[89] is actually the best tool for > the purpose you outlined, but there's no reason you couldn't use a > combination of unbound and nsd. It would just be different than what > people are used to. I suspect that dnsmasq is a lot better tool for that job than BIND, but see below. Unless you've got a really messy SOHO network, anyway. It's simpler to configure, and includes an integrated DHCP server so hosts that get their IP addresses via DHCP show show up in the dns server. I know bind and at least one DHCP server can be setup to do that, but I never could get it to work properly. dnsmasq did it the first time years ago, and I've never looked back. These days, I'm using it on a DDWRT router. I would have suggested it for the base system, but 1) it's still a bit more than case 1 needs, and 2) it's GPL'ed. http://www.mired.org/ Independent Software developer/SCM consultant, email for more information. O< ascii ribbon campaign - stop html mail - www.asciiribbon.org