From owner-freebsd-stable@FreeBSD.ORG Tue Dec 3 19:27:58 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8DB38C69; Tue, 3 Dec 2013 19:27:58 +0000 (UTC) Received: from burnttofu.net (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 30F091B71; Tue, 3 Dec 2013 19:27:58 +0000 (UTC) Received: from schuylkill.es.net ([IPv6:2001:400:14:1:e4a6:c53b:b46e:a1a8]) (authenticated bits=0) by burnttofu.net (8.14.7/8.14.5) with ESMTP id rB3JRtU0015416 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Tue, 3 Dec 2013 14:27:56 -0500 (EST) (envelope-from michael@rancid.berkeley.edu) Message-ID: <529E30BA.8080709@rancid.berkeley.edu> Date: Tue, 03 Dec 2013 11:27:54 -0800 From: Michael Sinatra User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 MIME-Version: 1.0 To: Mark Felder , freebsd-stable@freebsd.org Subject: Re: BIND chroot environment in 10-RELEASE...gone? References: <529D9CC5.8060709@rancid.berkeley.edu> <529DF7FA.7050207@passap.ru> <529E179D.7030701@rancid.berkeley.edu> <1386093454.2626.55043181.26E90FA5@webmail.messagingengine.com> In-Reply-To: <1386093454.2626.55043181.26E90FA5@webmail.messagingengine.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]); Tue, 03 Dec 2013 14:27:57 -0500 (EST) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Dec 2013 19:27:58 -0000 On 12/3/13 9:57 AM, Mark Felder wrote: > On Tue, Dec 3, 2013, at 11:40, Michael Sinatra wrote: >> >> I am going to put as many of the bits together as I can to see if I can >> recreate the chroot environment via a port on 10.0-RELEASE. I'll also >> submit a PR. But I agree with the others that this is not a good idea, >> and if I had known that the port would remove support for chroot, I >> would have vigorously protested the switch to unbound. >> > > There was no alternative; we couldn't keep BIND in base. BIND 9 will > certainly have a EoL before the EoL of FreeBSD 10.x, and we can't use > BIND 10 because it requires importing Python to base. > > Keep in mind that Unbound is not planned to be a permanent addition to > base either. It's merely a stop-gap until Capser is complete, which will > then provide the DNS services in base. > > http://blog.des.no/2013/09/dns-again-a-clarification/ Yes, I read the blog post. I assume that dougb believed back in 2012 that BIND 9.x would be EOL before FreeBSD 10.x, but, based on every indication I have had from ISC, I doubt that will be the case. Has ISC made a public statement about the support for BIND 9.x? All I know publicly is that 9.9-ESV will be supported until late 2017, and BIND 9.10 is about to be released. Both trains are under active development, and I doubt that ISC will even stop *developing* BIND 9 until will into the midpoint of 10.x's lifecycle. But if the FreeBSD developers have had conversations with ISC that I am not aware, you may have different interpretations. But that's water under the bridge. A lot of work was put into BIND 9 integration and a lot of work was put into unbound integration. We should be preserving the former and not throwing it away at the expense of functionality. Again, I didn't have a quibble with FreeBSD's decision until the chroot functionality support was removed from the port. I also think that this is something that's fixable in the port and will see what I can do to make it work. michael