Date: Wed, 18 Mar 2015 16:18:29 -0400 From: Baho Utot <baho-utot@columbus.rr.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD recommends not using base unbound for an authoritative server Message-ID: <5509DD95.2020604@columbus.rr.com> In-Reply-To: <CAKE2PDtn5ehgzqWa-kJ7-wfWm%2B3HdSdaGYmXhGSc4oDdrzGeJw@mail.gmail.com> References: <CAPi0pssPrcJgF71AvQ-M1RZt=%2Btv=6FTGtwhi9_bX6-Q-7b7cQ@mail.gmail.com> <20150317192847.5b39d1c8@lapsdeb> <5508CAE2.4060300@columbus.rr.com> <CAKE2PDtn5ehgzqWa-kJ7-wfWm%2B3HdSdaGYmXhGSc4oDdrzGeJw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/18/15 15:05, jungle Boogie wrote: > Hi Bato, > On 17 March 2015 at 17:46, Baho Utot <baho-utot@columbus.rr.com> wrote: >> >> On 03/17/15 19:28, Stephen R Guglielmo wrote: >>> On Tue, 17 Mar 2015 16:25:09 -0700 >>> Chris Stankevitz <chrisstankevitz@gmail.com> wrote: >>>> For the same reasons, I'd like to run the base system's unbound to >>>> authoritatively host my DNS... but FreeBSD is discouraging me in >>>> section 29.7.2 of the manual. Why the discouragement? >>> Unbound is only a validating caching resolver. It *can't* be >>> authoritative. >> >> I am using unbound as an authoritative DNS resolver for my home network, it >> also is the caching resolver. >> It runs on a raspberry pi under FreeBSD 11. > Does that mean you're using it to resolve hostnames on your local > network, or is your raspberry pi actually resolving example.com for > requests? Yes it resolves hostnames within the network using an A record. > If it's the former, that means you're adding A records in unbound.conf > and then setting your clients to raspberry pi IP in /etc/resolv.conf Yes > If it's the latter, hopefully you have a backup NS and it's something > a) outside of your home where the raspberry pi is and b) something > more substantial than the raspberry pi. > > See: > https://unbound.net/pipermail/unbound-users/2008-May/000063.html No it is the only NS for the internal lan and it queries the root servers directly to resolve host names that don't have an A record. IE every day normal browsing and email. I also have A records pointing to localhost for all the ad servers so no one gets all the popup ads, no need for adblock. If you have news groups check the mailing lists there and you will see that it is running leafnode and does the nntp for the Lan as well, also it is the email server for the Lan. The raspberry pi is fine, it has been running 24x7 since the B+ model came out and hasn't missed failed ever. May upgrade it to the raspberry pi 2 when freebsd runs on it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5509DD95.2020604>