FreeBSD recommends not using base unbound for an authoritative server
baho-utot at columbus.rr.com
Wed Mar 18 20:18:28 UTC 2015
On 03/18/15 15:05, jungle Boogie wrote:
> Hi Bato,
> On 17 March 2015 at 17:46, Baho Utot <baho-utot at columbus.rr.com> wrote:
>> On 03/17/15 19:28, Stephen R Guglielmo wrote:
>>> On Tue, 17 Mar 2015 16:25:09 -0700
>>> Chris Stankevitz <chrisstankevitz at gmail.com> wrote:
>>>> For the same reasons, I'd like to run the base system's unbound to
>>>> authoritatively host my DNS... but FreeBSD is discouraging me in
>>>> section 29.7.2 of the manual. Why the discouragement?
>>> Unbound is only a validating caching resolver. It *can't* be
>> I am using unbound as an authoritative DNS resolver for my home network, it
>> also is the caching resolver.
>> It runs on a raspberry pi under FreeBSD 11.
> Does that mean you're using it to resolve hostnames on your local
> network, or is your raspberry pi actually resolving example.com for
Yes it resolves hostnames within the network using an A record.
> If it's the former, that means you're adding A records in unbound.conf
> and then setting your clients to raspberry pi IP in /etc/resolv.conf
> If it's the latter, hopefully you have a backup NS and it's something
> a) outside of your home where the raspberry pi is and b) something
> more substantial than the raspberry pi.
No it is the only NS for the internal lan and it queries the root
servers directly to resolve host names that don't have an A record. IE
every day normal browsing and email. I also have A records pointing to
localhost for all the ad servers so no one gets all the popup ads, no
need for adblock.
If you have news groups check the mailing lists there and you will see
that it is running leafnode and does the nntp for the Lan as well, also
it is the email server for the Lan.
The raspberry pi is fine, it has been running 24x7 since the B+ model
came out and hasn't missed failed ever. May upgrade it to the raspberry
pi 2 when freebsd runs on it.
More information about the freebsd-questions