FreeBSD 10 ships with unbound as a local DNS resolver instead of BIND. There are many reasons for this and overall, it seems like a good move in the name of simplicity. BIND is a critical piece of the Internet and has frequent security updates, which is painful to maintain when all you need is DNS resolution, let alone the release engineering nightmare for the FreeBSD foundation trying to maintain a release schedule. You can still add BIND from the ports and keep it up to date on your own.

All that said, it’s quite easy to enable unbound in /etc/rc.conf or (as I prefer) /etc/rc.conf.d/local_unbound:

local_unbound_enable=“YES”

That’s it.  Either reboot or start up unbound with:

# /etc/rc.d/local_unbound start

unbound will automatically set up a configuration in /var/unbound/unbound.conf that allows for resolution on the localhost. If you need to answer queries on a local network, you can add a few lines to this file. For me, it looked like this:

interface: 127.0.0.1

interface: 10.0.0.254

access-control: 10.0.0.0/24 allow

Obviously, use your own local IP and correct subnet. If you don’t explicitly add 127.0.0.1, unbound will no longer listen to the localhost. However, you don’t need add an access-control entry for localhost, as that’s allowed by default.