As of a few hours ago, all it takes to set up a local caching resolver in FreeBSD 10 is:

# echo local_unbound_enable=yes >>/etc/rc.conf # service local_unbound start

Yes, it really is that simple—and it works fine with DHCP, too. Hold my beer and watch this:

# pgrep -lf dhclient 1316 dhclient: vtnet0 1265 dhclient: vtnet0 [priv] # cat /etc/resolv.conf # Generated by resolvconf search example.com nameserver 192.0.2.53 # time host www.freebsd.org www.freebsd.org is an alias for wfe0.ysv.freebsd.org. wfe0.ysv.freebsd.org has address 8.8.178.110 wfe0.ysv.freebsd.org has IPv6 address 2001:1900:2254:206a::50:0 wfe0.ysv.freebsd.org mail is handled by 0 . 0.02 real 0.00 user 0.01 sys

As you can see, we’re running DHCP on a VirtIO network interface. Let’s work our magic:

# echo local_unbound_enable=yes >>/etc/rc.conf # service local_unbound start Performing initial setup. Extracting forwarders from /etc/resolv.conf. /var/unbound/forward.conf created /var/unbound/unbound.conf created /etc/resolvconf.conf created original /etc/resolv.conf saved as /etc/resolv.conf.20130923.075319 Starting local_unbound.

And presto:

# pgrep -lf unbound 3799 /usr/sbin/unbound -c/var/unbound/unbound.conf # cat /var/unbound/unbound.conf # Generated by local-unbound-setup server: username: unbound directory: /var/unbound chroot: /var/unbound pidfile: /var/run/local_unbound.pid auto-trust-anchor-file: /var/unbound/root.key include: /var/unbound/forward.conf # cat /var/unbound/forward.conf # Generated by local-unbound-setup forward-zone: name: . forward-addr: 192.0.2.53 # cat /etc/resolv.conf # Generated by resolvconf search example.com # nameserver 192.0.2.53 nameserver 127.0.0.1 options edns0

We can see the cache at work; the first request takes significantly longer than before, but the second is served from cache:

# time host www.freebsd.org www.freebsd.org is an alias for wfe0.ysv.freebsd.org. wfe0.ysv.freebsd.org has address 8.8.178.110 wfe0.ysv.freebsd.org has IPv6 address 2001:1900:2254:206a::50:0 wfe0.ysv.freebsd.org mail is handled by 0 . 0.07 real 0.01 user 0.00 sys # time host www.freebsd.org www.freebsd.org is an alias for wfe0.ysv.freebsd.org. wfe0.ysv.freebsd.org has address 8.8.178.110 wfe0.ysv.freebsd.org has IPv6 address 2001:1900:2254:206a::50:0 wfe0.ysv.freebsd.org mail is handled by 0 . 0.01 real 0.00 user 0.00 sys

Finally, let’s see how this interacts with DHCP:

# resolvconf -u # cat /etc/resolv.conf # Generated by resolvconf search example.com nameserver 127.0.0.1 nameserver 192.0.2.53 options edns0 # cat /var/unbound/forward.conf # Generated by resolvconf forward-zone: name: "example.com" forward-addr: 192.0.2.53 forward-zone: name: "." forward-addr: 192.0.2.53

Note that resolvconf(8) re-added the 192.0.2.53 entry. It doesn’t really matter, as long as 127.0.0.1 comes first.

[ETA: it does matter—see Jakob Schlyter’s comment below and my reply.]

[ETA: see my followup about the motivation for importing Unbound.]