1. local_unbound is executing /usr/sbin/unbound and when the port version of unbound is installed the /usr/sbin/unbound is still being used causing a crossover mixture between local_unbound version of unbound and the ports version of unbound. Solution is to complete the renaming of all the unbound components to be prefixed with "local_" like it should have been done in the first place. IE: man, conf, bin modules, lib modules. Examples; This file /usr/sbin/local-unbound-setup should be renamed to /usr/sbin/local_unbound-setup, and /usr/sbin/unbound renamed to /usr/sbin/local_unbound. 2. The usage of local_unbound is integrated with other OS functions. There is no documentation explaining their interaction. A simple man page explaining the customized local_unbound setup configuration and the interaction between /etc/resolv.conf, /libexec/resolvconf/unbound, /usr/sbin/local-unbound-setup and the resolvconf command would go a long way to make it more user friendly. 3. local_unbound is at version 1.5.10 and the current upstream version available is 1.6.7. Time to upgrade the local_unbound version to be current. 4. As currently configured local_unbound is forced to use the ISP DNS servers retrieved from /etc/resolv.conf. unbound comes with a built-in "root-zone" function which negates the need for a "forward-zone:" section all together. The current local_unbound configuration should be changed to deploy unbound's built-in "root-zone" function.
1. Something to consider for 12, perhaps. 2. There is no documentation for 99% of FreeBSD. Feel free to submit some. 3. Already on my slate. 4. If you want a recursing nameserver, you are free to install and configure one - or work out a way to force local_unbound to act like one - but the purpose of local_unbound is to provide a caching, validating, *forwarding* resolver.
A commit references this bug: Author: des Date: Sat May 12 17:10:39 UTC 2018 New revision: 333573 URL: https://svnweb.freebsd.org/changeset/base/333573 Log: Rename all Unbound binaries and man pages from unbound* to local-unbound*. PR: 222902 Changes: head/ObsoleteFiles.inc head/contrib/unbound/daemon/unbound.c head/contrib/unbound/doc/unbound-checkconf.8.in head/contrib/unbound/smallapp/unbound-anchor.c head/contrib/unbound/smallapp/unbound-checkconf.c head/contrib/unbound/smallapp/unbound-control.c head/etc/rc.d/local_unbound head/tools/build/mk/OptionalObsoleteFiles.inc head/usr.sbin/unbound/Makefile head/usr.sbin/unbound/Makefile.inc head/usr.sbin/unbound/anchor/Makefile head/usr.sbin/unbound/checkconf/Makefile head/usr.sbin/unbound/control/Makefile head/usr.sbin/unbound/daemon/Makefile head/usr.sbin/unbound/local-setup/ head/usr.sbin/unbound/setup/
The first and third item have now been taken care of. I will shelve the second for now. As for the fourth, I had forgotten that you can force local-unbound-setup to configure local-unbound as a recursing resolver by removing all nameserver lines from resolv.conf before running it (you may have to remove /var/unbound/forward.conf if it already exists). I will work on improving this feature.
A commit references this bug: Author: des Date: Sat May 12 18:07:53 UTC 2018 New revision: 333574 URL: https://svnweb.freebsd.org/changeset/base/333574 Log: If the sole non-option command line argument is "none", remove any pre-existing forwarder configuration and set Unbound up to recurse. PR: 222902 MFC after: 1 week Changes: head/usr.sbin/unbound/setup/local-unbound-setup.sh
A commit references this bug: Author: des Date: Tue Oct 9 20:29:05 UTC 2018 New revision: 339268 URL: https://svnweb.freebsd.org/changeset/base/339268 Log: MFH (r333574): fully support acting as a recursing resolver. PR: 222902 Changes: _U stable/11/ stable/11/usr.sbin/unbound/local-setup/local-unbound-setup.sh
A commit references this bug: Author: cy Date: Sat Jan 4 01:09:35 UTC 2020 New revision: 356345 URL: https://svnweb.freebsd.org/changeset/base/356345 Log: MFC r333552,333558-333568,333573,338568-338569,339275,339278,339294,340037, r349720,356228: r333552 (des): Upgrade Unbound to 1.6.0. More to follow. r333558 (des): Upgrade Unbound to 1.6.1. More to follow. r333559 (des): Upgrade Unbound to 1.6.2. More to follow. r333560 (des): Upgrade Unbound to 1.6.3. More to follow. r333561 (des): Upgrade Unbound to 1.6.4. More to follow. r333562 (des): Upgrade Unbound to 1.6.5. More to follow. r333563 (des): Upgrade Unbound to 1.6.6. More to follow. r333564 (des): Upgrade Unbound to 1.6.7. More to follow. r333565 (des): No reason to keep this around. r333566 (des): Upgrade Unbound to 1.6.8. More to follow. r333567 (des): Upgrade Unbound to 1.7.0. More to follow. r333568 (des): Upgrade Unbound to 1.7.1. r333573 (des): Rename all Unbound binaries and man pages from unbound* to local-unbound*. PR: 222902 r338568 (des): Upgrade Unbound to 1.7.2. More to follow. r338569 (des): Upgrade Unbound to 1.7.3. More to follow. r339275 (des): Upgrade Unbound to 1.8.0. More to follow. r339278 (des): Upgrade to 1.8.1. r339294 (des): Try harder to sanitize the environment before running configure. Remove a workaround for older Unbound versions that used sbrk. r340037 (des): Merge upstream r4932: turn so-reuseport option off by default. r349720 (des): Upgrade Unbound to 1.9.2. MFC r356228 (cy): MFV r356143: Update unbound 1.9.2 --> 1.9.6. Security: CVE-2017-15105 (fixed by 1.6.7) CVE-2019-18934 (fixed by 1.9.5) Changes: _U stable/11/ stable/11/ObsoleteFiles.inc stable/11/contrib/ldns/freebsd-configure.sh stable/11/contrib/unbound/.gitattributes stable/11/contrib/unbound/.travis.yml stable/11/contrib/unbound/Makefile.in stable/11/contrib/unbound/README.md stable/11/contrib/unbound/ac_pkg_swig.m4 stable/11/contrib/unbound/aclocal.m4 stable/11/contrib/unbound/acx_nlnetlabs.m4 stable/11/contrib/unbound/acx_python.m4 stable/11/contrib/unbound/cachedb/cachedb.c stable/11/contrib/unbound/cachedb/cachedb.h stable/11/contrib/unbound/cachedb/redis.c stable/11/contrib/unbound/cachedb/redis.h stable/11/contrib/unbound/compat/arc4_lock.c stable/11/contrib/unbound/compat/arc4random.c stable/11/contrib/unbound/compat/ctime_r.c stable/11/contrib/unbound/compat/getentropy_freebsd.c stable/11/contrib/unbound/compat/getentropy_linux.c stable/11/contrib/unbound/compat/getentropy_osx.c stable/11/contrib/unbound/compat/getentropy_solaris.c stable/11/contrib/unbound/compat/getentropy_win.c _U stable/11/contrib/unbound/compat/isblank.c stable/11/contrib/unbound/compat/malloc.c stable/11/contrib/unbound/compat/snprintf.c _U stable/11/contrib/unbound/compat/strsep.c stable/11/contrib/unbound/config.guess stable/11/contrib/unbound/config.h stable/11/contrib/unbound/config.h.in stable/11/contrib/unbound/config.sub stable/11/contrib/unbound/configure stable/11/contrib/unbound/configure.ac stable/11/contrib/unbound/contrib/README stable/11/contrib/unbound/contrib/aaaa-filter-iterator.patch stable/11/contrib/unbound/contrib/create_unbound_ad_servers.sh stable/11/contrib/unbound/contrib/drop-tld.diff stable/11/contrib/unbound/contrib/fastrpz.patch stable/11/contrib/unbound/contrib/libunbound.pc.in stable/11/contrib/unbound/contrib/libunbound.so.conf stable/11/contrib/unbound/contrib/parseunbound.pl stable/11/contrib/unbound/contrib/redirect-bogus.patch stable/11/contrib/unbound/contrib/unbound-fuzzers.tar.bz2 stable/11/contrib/unbound/contrib/unbound-fuzzme.patch stable/11/contrib/unbound/contrib/unbound-querycachedb.py stable/11/contrib/unbound/contrib/unbound.init stable/11/contrib/unbound/contrib/unbound.init_fedora stable/11/contrib/unbound/contrib/unbound.service.in stable/11/contrib/unbound/contrib/unbound.socket.in stable/11/contrib/unbound/contrib/unbound_munin_ stable/11/contrib/unbound/daemon/acl_list.c stable/11/contrib/unbound/daemon/acl_list.h stable/11/contrib/unbound/daemon/cachedump.c stable/11/contrib/unbound/daemon/cachedump.h stable/11/contrib/unbound/daemon/daemon.c stable/11/contrib/unbound/daemon/daemon.h stable/11/contrib/unbound/daemon/remote.c stable/11/contrib/unbound/daemon/remote.h stable/11/contrib/unbound/daemon/stats.c stable/11/contrib/unbound/daemon/stats.h stable/11/contrib/unbound/daemon/unbound.c stable/11/contrib/unbound/daemon/worker.c stable/11/contrib/unbound/daemon/worker.h stable/11/contrib/unbound/dns64/dns64.c stable/11/contrib/unbound/dnscrypt/ stable/11/contrib/unbound/dnscrypt/cert.h stable/11/contrib/unbound/dnscrypt/dnscrypt.c stable/11/contrib/unbound/dnscrypt/dnscrypt.h stable/11/contrib/unbound/dnscrypt/dnscrypt.m4 stable/11/contrib/unbound/dnscrypt/dnscrypt_config.h stable/11/contrib/unbound/dnstap/dnstap.c stable/11/contrib/unbound/dnstap/dnstap.proto stable/11/contrib/unbound/doc/CNAME-basedRedirectionDesignNotes.pdf stable/11/contrib/unbound/doc/Changelog stable/11/contrib/unbound/doc/IP-BasedActions.pdf stable/11/contrib/unbound/doc/README stable/11/contrib/unbound/doc/README.ipset.md stable/11/contrib/unbound/doc/TODO stable/11/contrib/unbound/doc/example.conf stable/11/contrib/unbound/doc/example.conf.in stable/11/contrib/unbound/doc/libunbound.3 stable/11/contrib/unbound/doc/libunbound.3.in stable/11/contrib/unbound/doc/requirements.txt stable/11/contrib/unbound/doc/unbound-anchor.8 stable/11/contrib/unbound/doc/unbound-anchor.8.in stable/11/contrib/unbound/doc/unbound-checkconf.8 stable/11/contrib/unbound/doc/unbound-checkconf.8.in stable/11/contrib/unbound/doc/unbound-control.8 stable/11/contrib/unbound/doc/unbound-control.8.in stable/11/contrib/unbound/doc/unbound-host.1 stable/11/contrib/unbound/doc/unbound-host.1.in stable/11/contrib/unbound/doc/unbound.8 stable/11/contrib/unbound/doc/unbound.8.in stable/11/contrib/unbound/doc/unbound.conf.5 stable/11/contrib/unbound/doc/unbound.conf.5.in stable/11/contrib/unbound/doc/unbound.doxygen stable/11/contrib/unbound/edns-subnet/ stable/11/contrib/unbound/edns-subnet/addrtree.c stable/11/contrib/unbound/edns-subnet/addrtree.h stable/11/contrib/unbound/edns-subnet/subnet-whitelist.c stable/11/contrib/unbound/edns-subnet/subnet-whitelist.h stable/11/contrib/unbound/edns-subnet/subnetmod.c stable/11/contrib/unbound/edns-subnet/subnetmod.h stable/11/contrib/unbound/freebsd-configure.sh stable/11/contrib/unbound/install-sh stable/11/contrib/unbound/ipsecmod/ stable/11/contrib/unbound/ipsecmod/ipsecmod.c stable/11/contrib/unbound/ipset/ stable/11/contrib/unbound/iterator/iter_delegpt.c stable/11/contrib/unbound/iterator/iter_delegpt.h stable/11/contrib/unbound/iterator/iter_donotq.h stable/11/contrib/unbound/iterator/iter_fwd.c stable/11/contrib/unbound/iterator/iter_fwd.h stable/11/contrib/unbound/iterator/iter_hints.c stable/11/contrib/unbound/iterator/iter_hints.h stable/11/contrib/unbound/iterator/iter_priv.h stable/11/contrib/unbound/iterator/iter_scrub.c stable/11/contrib/unbound/iterator/iter_utils.c stable/11/contrib/unbound/iterator/iter_utils.h stable/11/contrib/unbound/iterator/iterator.c stable/11/contrib/unbound/iterator/iterator.h stable/11/contrib/unbound/libunbound/context.c stable/11/contrib/unbound/libunbound/context.h stable/11/contrib/unbound/libunbound/libunbound.c stable/11/contrib/unbound/libunbound/libworker.c stable/11/contrib/unbound/libunbound/libworker.h stable/11/contrib/unbound/libunbound/python/ stable/11/contrib/unbound/libunbound/ubsyms.def stable/11/contrib/unbound/libunbound/unbound-event.h stable/11/contrib/unbound/libunbound/unbound.h stable/11/contrib/unbound/libunbound/worker.h stable/11/contrib/unbound/ltmain.sh stable/11/contrib/unbound/respip/ stable/11/contrib/unbound/respip/respip.c stable/11/contrib/unbound/services/authzone.c stable/11/contrib/unbound/services/authzone.h stable/11/contrib/unbound/services/cache/dns.c stable/11/contrib/unbound/services/cache/dns.h stable/11/contrib/unbound/services/cache/infra.c stable/11/contrib/unbound/services/cache/infra.h stable/11/contrib/unbound/services/cache/rrset.c stable/11/contrib/unbound/services/cache/rrset.h stable/11/contrib/unbound/services/listen_dnsport.c stable/11/contrib/unbound/services/listen_dnsport.h stable/11/contrib/unbound/services/localzone.c stable/11/contrib/unbound/services/localzone.h stable/11/contrib/unbound/services/mesh.c stable/11/contrib/unbound/services/mesh.h stable/11/contrib/unbound/services/modstack.c stable/11/contrib/unbound/services/modstack.h stable/11/contrib/unbound/services/outside_network.c stable/11/contrib/unbound/services/outside_network.h stable/11/contrib/unbound/services/view.c stable/11/contrib/unbound/services/view.h stable/11/contrib/unbound/sldns/keyraw.c stable/11/contrib/unbound/sldns/keyraw.h stable/11/contrib/unbound/sldns/parse.c stable/11/contrib/unbound/sldns/parse.h stable/11/contrib/unbound/sldns/parseutil.c stable/11/contrib/unbound/sldns/parseutil.h stable/11/contrib/unbound/sldns/rrdef.c stable/11/contrib/unbound/sldns/rrdef.h stable/11/contrib/unbound/sldns/sbuffer.c stable/11/contrib/unbound/sldns/sbuffer.h stable/11/contrib/unbound/sldns/str2wire.c stable/11/contrib/unbound/sldns/str2wire.h stable/11/contrib/unbound/sldns/wire2str.c stable/11/contrib/unbound/sldns/wire2str.h stable/11/contrib/unbound/smallapp/unbound-anchor.c stable/11/contrib/unbound/smallapp/unbound-checkconf.c stable/11/contrib/unbound/smallapp/unbound-control-setup.sh stable/11/contrib/unbound/smallapp/unbound-control-setup.sh.in stable/11/contrib/unbound/smallapp/unbound-control.c stable/11/contrib/unbound/smallapp/unbound-host.c stable/11/contrib/unbound/smallapp/worker_cb.c stable/11/contrib/unbound/systemd.m4 stable/11/contrib/unbound/util/alloc.c stable/11/contrib/unbound/util/alloc.h stable/11/contrib/unbound/util/config_file.c stable/11/contrib/unbound/util/config_file.h stable/11/contrib/unbound/util/configlexer.lex stable/11/contrib/unbound/util/configparser.y stable/11/contrib/unbound/util/data/dname.c stable/11/contrib/unbound/util/data/dname.h stable/11/contrib/unbound/util/data/msgencode.c stable/11/contrib/unbound/util/data/msgencode.h stable/11/contrib/unbound/util/data/msgparse.c stable/11/contrib/unbound/util/data/msgparse.h stable/11/contrib/unbound/util/data/msgreply.c stable/11/contrib/unbound/util/data/msgreply.h stable/11/contrib/unbound/util/data/packed_rrset.c stable/11/contrib/unbound/util/data/packed_rrset.h stable/11/contrib/unbound/util/edns.c stable/11/contrib/unbound/util/edns.h stable/11/contrib/unbound/util/fptr_wlist.c stable/11/contrib/unbound/util/fptr_wlist.h stable/11/contrib/unbound/util/iana_ports.inc stable/11/contrib/unbound/util/locks.c stable/11/contrib/unbound/util/locks.h stable/11/contrib/unbound/util/log.c stable/11/contrib/unbound/util/log.h stable/11/contrib/unbound/util/mini_event.c stable/11/contrib/unbound/util/mini_event.h stable/11/contrib/unbound/util/module.c stable/11/contrib/unbound/util/module.h stable/11/contrib/unbound/util/net_help.c stable/11/contrib/unbound/util/net_help.h stable/11/contrib/unbound/util/netevent.c stable/11/contrib/unbound/util/netevent.h stable/11/contrib/unbound/util/random.c stable/11/contrib/unbound/util/random.h stable/11/contrib/unbound/util/rbtree.c stable/11/contrib/unbound/util/rbtree.h stable/11/contrib/unbound/util/regional.c stable/11/contrib/unbound/util/rtt.c stable/11/contrib/unbound/util/shm_side/ stable/11/contrib/unbound/util/shm_side/shm_main.c stable/11/contrib/unbound/util/shm_side/shm_main.h stable/11/contrib/unbound/util/storage/dnstree.c stable/11/contrib/unbound/util/storage/dnstree.h stable/11/contrib/unbound/util/storage/lookup3.c stable/11/contrib/unbound/util/storage/lruhash.c stable/11/contrib/unbound/util/storage/lruhash.h stable/11/contrib/unbound/util/storage/slabhash.c stable/11/contrib/unbound/util/storage/slabhash.h stable/11/contrib/unbound/util/tcp_conn_limit.c stable/11/contrib/unbound/util/tcp_conn_limit.h stable/11/contrib/unbound/util/timehist.c stable/11/contrib/unbound/util/timehist.h stable/11/contrib/unbound/util/tube.c stable/11/contrib/unbound/util/tube.h stable/11/contrib/unbound/util/ub_event.c stable/11/contrib/unbound/util/ub_event.h stable/11/contrib/unbound/util/ub_event_pluggable.c stable/11/contrib/unbound/util/winsock_event.c stable/11/contrib/unbound/util/winsock_event.h stable/11/contrib/unbound/validator/autotrust.c stable/11/contrib/unbound/validator/autotrust.h stable/11/contrib/unbound/validator/val_anchor.c stable/11/contrib/unbound/validator/val_anchor.h stable/11/contrib/unbound/validator/val_kcache.c stable/11/contrib/unbound/validator/val_neg.c stable/11/contrib/unbound/validator/val_neg.h stable/11/contrib/unbound/validator/val_nsec.c stable/11/contrib/unbound/validator/val_nsec.h stable/11/contrib/unbound/validator/val_nsec3.c stable/11/contrib/unbound/validator/val_nsec3.h stable/11/contrib/unbound/validator/val_secalgo.c stable/11/contrib/unbound/validator/val_sigcrypt.c stable/11/contrib/unbound/validator/val_sigcrypt.h stable/11/contrib/unbound/validator/val_utils.c stable/11/contrib/unbound/validator/val_utils.h stable/11/contrib/unbound/validator/validator.c stable/11/contrib/unbound/validator/validator.h stable/11/crypto/openssh/freebsd-configure.sh stable/11/etc/rc.d/local_unbound stable/11/lib/libunbound/Makefile stable/11/tools/build/mk/OptionalObsoleteFiles.inc stable/11/usr.sbin/unbound/Makefile stable/11/usr.sbin/unbound/Makefile.inc stable/11/usr.sbin/unbound/anchor/Makefile stable/11/usr.sbin/unbound/checkconf/Makefile stable/11/usr.sbin/unbound/control/Makefile stable/11/usr.sbin/unbound/daemon/Makefile stable/11/usr.sbin/unbound/local-setup/ stable/11/usr.sbin/unbound/setup/