Date: Tue, 03 Dec 2013 09:40:45 -0800 From: Michael Sinatra <michael@rancid.berkeley.edu> To: Boris Samorodov <bsam@passap.ru>, stable@freebsd.org Subject: Re: BIND chroot environment in 10-RELEASE...gone? Message-ID: <529E179D.7030701@rancid.berkeley.edu> In-Reply-To: <529DF7FA.7050207@passap.ru> References: <529D9CC5.8060709@rancid.berkeley.edu> <529DF7FA.7050207@passap.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/3/13 7:25 AM, Boris Samorodov wrote: > 03.12.2013 12:56, Michael Sinatra пишет: > >> I am aware of the fact that unbound has "replaced" BIND in the base >> system, starting with 10.0-RELEASE. What surprised me was recent >> commits to ports/dns/bind99 (and presumably other versions) that appears >> to take away the supported chroot capabilities. > > /usr/ports/UPDATING has some info about the matter. > Indeed, I based my original post on the notice in /usr/ports/UPDATING. That's what surprised me, and also leads me to believe that it is not unintentional. Back when this was discussed in 2012 there was no discussion that FreeBSD would be taking away the good support it has for BIND chroot. I interpreted dougb's advice to "just install the port" such that the port will allow the operator of, say, authoritative DNS servers to upgrade to 10.x from 9.x and still maintain a reasonable upgrade path without a lot of file location gyrations. Some impressive work has been done (mainly by des it appears) to integrate unbound with the base FreeBSD system. At the same time, work is currently being done to make the job of BIND-on-FreeBSD sysadmins harder. That doesn't match the neutral vibe that I got the last time that this was discussed publicly. Basically the idea back in 2012 appeared to be that we needed to stop integrating a major DNS server package because, to my understanding, it was a lot of work to maintain. So we integrated a *different* major DNS server package. I guess I don't understand the motivation. (Note also that I have been working with BIND--mostly on FreeBSD--for the past 15 years, and unbound since the 0.6 release, so I pretty much understand the pros and cons between the two.) I am not unhappy with all of the work that has been done to make unbound work, but I am unhappy that BIND has been crippled in a certain way. I am going to put as many of the bits together as I can to see if I can recreate the chroot environment via a port on 10.0-RELEASE. I'll also submit a PR. But I agree with the others that this is not a good idea, and if I had known that the port would remove support for chroot, I would have vigorously protested the switch to unbound. michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?529E179D.7030701>