From owner-freebsd-security@FreeBSD.ORG  Mon Jul  9 19:00:32 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7F0DB106564A
	for <freebsd-security@freebsd.org>;
	Mon,  9 Jul 2012 19:00:32 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
	by mx1.freebsd.org (Postfix) with ESMTP id 3C1A68FC17
	for <freebsd-security@freebsd.org>;
	Mon,  9 Jul 2012 19:00:32 +0000 (UTC)
Received: from ds4.des.no (smtp.des.no [194.63.250.102])
	by smtp.des.no (Postfix) with ESMTP id E6AE867EB;
	Mon,  9 Jul 2012 19:00:30 +0000 (UTC)
Received: by ds4.des.no (Postfix, from userid 1001)
	id B06D7879E; Mon,  9 Jul 2012 21:00:30 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Mark Felder <feld@feld.me>
References: <CA+QLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com>
	<4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no>
	<89AB703D-E075-4AAC-AC1B-B358CC4E4E7F@lists.zabbadoz.net>
	<4FF8C3A1.9080805@FreeBSD.org> <4FF9ECB5.5090507@FreeBSD.org>
	<863951nrpy.fsf@ds4.des.no> <op.wg6p18uh34t2sn@tech304>
Date: Mon, 09 Jul 2012 21:00:30 +0200
In-Reply-To: <op.wg6p18uh34t2sn@tech304> (Mark Felder's message of "Mon, 9 Jul
	2012 10:16:46 -0500")
Message-ID: <86pq84n4j5.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org
Subject: Re: Replacing BIND with unbound
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2012 19:00:32 -0000

Mark Felder <feld@feld.me> writes:
> Dag-Erling Sm=C3=B8rgrav <des@des.no> writes:
> > What sort of benchmarks do you envision?  Unlike named, unbound is
> > intended to serve only one client (localhost) or a small number of
> > clients (a SOHO).
> Highly disagree; we use it (ISP) as our resolving nameserver for all
> of our customers.

Good for you.  From what I've read, I should think it works just fine,
but I have no personal experience running unbound on large networks.
I'd love to try it out on the UiO network, but I doubt they'd let me...

My basis for stating that it is intended primarily for localhost and
SOHO is its feature set, which seems particularly well suited to that
kind of use.  Organizations with large networks generally need
authoritative nameservers as well, but they can of course have both
outward-facing BIND or NSD servers and inward-facing unbound servers, or
have their registrar handle the authoritative side.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no