From owner-freebsd-net@FreeBSD.ORG  Mon Aug  4 18:46:22 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7DAA51065674
	for <freebsd-net@freebsd.org>; Mon,  4 Aug 2008 18:46:22 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from mail2.fluidhosting.com (mx23.fluidhosting.com [204.14.89.6])
	by mx1.freebsd.org (Postfix) with ESMTP id 0A1AA8FC15
	for <freebsd-net@freebsd.org>; Mon,  4 Aug 2008 18:46:21 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: (qmail 30181 invoked by uid 399); 4 Aug 2008 18:46:21 -0000
Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1)
	by localhost with ESMTPAM; 4 Aug 2008 18:46:21 -0000
X-Originating-IP: 127.0.0.1
X-Sender: dougb@dougbarton.us
Message-ID: <48974E7B.5050401@FreeBSD.org>
Date: Mon, 04 Aug 2008 11:46:19 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://www.FreeBSD.org/
User-Agent: Thunderbird 2.0.0.16 (X11/20080726)
MIME-Version: 1.0
To: Randy Bush <randy@psg.com>
References: <20080803073803.GA10321@grosbein.pp.ru>	<4895EB57.2000801@FreeBSD.org>	<20080803183346.GA53252@svzserv.kemerovo.su>	<4896997D.8060001@FreeBSD.org>	<20080804060658.GA19639@svzserv.kemerovo.su>	<4896A416.80602@FreeBSD.org>	<20080804075510.GA28531@svzserv.kemerovo.su>	<a64aff337658fe18eb43cf6f459641d1.squirrel@galain.elvandar.org>
	<20080804084833.GA35267@svzserv.kemerovo.su> <4896C374.803@psg.com>
In-Reply-To: <4896C374.803@psg.com>
X-Enigmail-Version: 0.95.6
OpenPGP: id=D5B2F0FB
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org, Eugene Grosbein <eugen@kuzbass.ru>
Subject: Re: permissions on /etc/namedb
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Aug 2008 18:46:22 -0000

Randy Bush wrote:
> my fix to all this has been
>    /usr/ports/dns/unbound  (cache only)
> or
>    /usr/ports/dns/nsd      (auth only)
> 
> and the developers/porters are constructive and friendly

Oddly enough I think of myself as constructive and friendly. :) 
However I can't make a default configuration that fits everyone's 
needs. I can only do what I can to make it safe by default.

Of course the two alternatives you listed are good ones, and I 
encourage my clients to investigate them for their environments even 
if they continue using BIND since IMO diversity is a good thing, helps 
improve resilience, etc.

Doug

-- 

     This .signature sanitized for your protection