I switched from BIND 9.20 as caching DNS resolver on my home-made router to Unbound 1.24.1, which comes bundled with FreeBSD 15. Main reason was memory stability.
BIND seemed to consume memory increasingly related to the number of DNS queries:
In contrast, Unbound even returns some memory to the operating system:
Added 2026-06-07: Memory usage since last system boot 17 days ago:
The absolute numbers are not comparable, because:
Updated 2026-06-07:
I ran /usr/sbin/local-unbound, but modified /var/unbound/unbound.conf just with its official documentation at hand:
server: username: unbound directory: /var/unbound chroot: /var/unbound pidfile: /var/run/local_unbound.pid auto-trust-anchor-file: /var/unbound/root.key so-sndbuf: 0 module-config: "respip iterator" interface-automatic: yes access-control: 127.0.0.0/8 allow access-control: 192.168.0.0/16 allow use-syslog: yes log-local-actions: yes log-servfail: yes prefetch: yes num-threads: 4 outgoing-range: 175 # rrset-cache-size: 256m # msg-cache-size: 128m # Updated 2026-06-07: Actual process size is 2 to 2.5 times of rrset+msg-cache-size rrset-cache-size: 64m msg-cache-size: 32m statistics-interval: 0 extended-statistics: yes statistics-cumulative: yes local-zone: 168.192.in-addr.arpa transparent rpz: name: ... zonefile: ... auth-zone: name: ... zonefile: ... auth-zone: name: 168.192.in-addr.arpa zonefile: primary/168.192.in-addr.arpa include: /var/unbound/control.conf # Added 2026-06-07: keep and update local copies of the root and .arpa zones auth-zone: name: . zonefile: secondary/root for-downstream: no fallback-enabled: yes # A.ROOT-SERVERS.NET. primary: 198.41.0.4 # A.ROOT-SERVERS.NET. primary: 2001:503:BA3E::2:30 # B.ROOT-SERVERS.NET. primary: 192.228.79.201 # C.ROOT-SERVERS.NET. primary: 192.33.4.12 # D.ROOT-SERVERS.NET. primary: 128.8.10.90 # E.ROOT-SERVERS.NET. primary: 192.203.230.10 # F.ROOT-SERVERS.NET. primary: 192.5.5.241 # F.ROOT-SERVERS.NET. primary: 2001:500:2F::F # G.ROOT-SERVERS.NET. primary: 192.112.36.4 # H.ROOT-SERVERS.NET. primary: 128.63.2.53 # H.ROOT-SERVERS.NET. primary: 2001:500:1::803F:235 # I.ROOT-SERVERS.NET. primary: 192.36.148.17 # I.ROOT-SERVERS.NET. primary: 2001:7FE::53 # J.ROOT-SERVERS.NET. primary: 192.58.128.30 # J.ROOT-SERVERS.NET. primary: 2001:503:C27::2:30 # K.ROOT-SERVERS.NET. primary: 193.0.14.129 # K.ROOT-SERVERS.NET. primary: 2001:7FD::1 # L.ROOT-SERVERS.NET. primary: 199.7.83.42 # L.ROOT-SERVERS.NET. primary: 2001:500:3::42 # M.ROOT-SERVERS.NET. primary: 202.12.27.33 # M.ROOT-SERVERS.NET. primary: 2001:DC3::35 auth-zone: name: arpa zonefile: secondary/arpa for-downstream: no fallback-enabled: yes # A.ROOT-SERVERS.NET. primary: 198.41.0.4 # A.ROOT-SERVERS.NET. primary: 2001:503:BA3E::2:30 # B.ROOT-SERVERS.NET. primary: 192.228.79.201 # C.ROOT-SERVERS.NET. primary: 192.33.4.12 # D.ROOT-SERVERS.NET. primary: 128.8.10.90 # E.ROOT-SERVERS.NET. primary: 192.203.230.10 # F.ROOT-SERVERS.NET. primary: 192.5.5.241 # F.ROOT-SERVERS.NET. primary: 2001:500:2F::F # G.ROOT-SERVERS.NET. primary: 192.112.36.4 # H.ROOT-SERVERS.NET. primary: 128.63.2.53 # H.ROOT-SERVERS.NET. primary: 2001:500:1::803F:235 # I.ROOT-SERVERS.NET. primary: 192.36.148.17 # I.ROOT-SERVERS.NET. primary: 2001:7FE::53 # J.ROOT-SERVERS.NET. primary: 192.58.128.30 # J.ROOT-SERVERS.NET. primary: 2001:503:C27::2:30 # K.ROOT-SERVERS.NET. primary: 193.0.14.129 # K.ROOT-SERVERS.NET. primary: 2001:7FD::1 # L.ROOT-SERVERS.NET. primary: 199.7.83.42 # L.ROOT-SERVERS.NET. primary: 2001:500:3::42 # M.ROOT-SERVERS.NET. primary: 202.12.27.33 # M.ROOT-SERVERS.NET. primary: 2001:DC3::35
Then I shutdown BIND and started Unbound:
# service named stop # sysrc named_enable=NO # sysrc local_unbound_enable=YES # service local_unbound start