From owner-svn-src-all@FreeBSD.ORG Fri Dec 11 02:32:54 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1AB921065676; Fri, 11 Dec 2009 02:32:54 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 08FA18FC13; Fri, 11 Dec 2009 02:32:54 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id nBB2Wrvs083507; Fri, 11 Dec 2009 02:32:53 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id nBB2WrRO083505; Fri, 11 Dec 2009 02:32:53 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <200912110232.nBB2WrRO083505@svn.freebsd.org> From: Doug Barton Date: Fri, 11 Dec 2009 02:32:53 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org X-SVN-Group: stable-6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r200394 - stable/6/etc/namedb X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2009 02:32:54 -0000 Author: dougb Date: Fri Dec 11 02:32:53 2009 New Revision: 200394 URL: http://svn.freebsd.org/changeset/base/200394 Log: Add a big honkin' warning about not using DNSSEC with this version of BIND. Also point out that it's EOL and give suggestions on upgrading. Modified: stable/6/etc/namedb/named.conf Modified: stable/6/etc/namedb/named.conf ============================================================================== --- stable/6/etc/namedb/named.conf Fri Dec 11 02:23:04 2009 (r200393) +++ stable/6/etc/namedb/named.conf Fri Dec 11 02:32:53 2009 (r200394) @@ -8,6 +8,28 @@ // simple mistakes, you can break connectivity for affected parties, // or cause huge amounts of useless Internet traffic. +/* +************************************************************************* +* _ _____ _____ _____ _ _ _____ ___ ___ _ _ * +* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | * +* / _ \ | | | | | _| | \| | | | | | | | | \| | * +* / ___ \| | | | | |___| |\ | | | | | |_| | |\ | * +* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| * +* * +************************************************************************* + +The version of BIND in the RELENG_6 branch (FreeBSD 6.x) is NOT suitable +for use with DNSSEC, either as a validating resolver or an authoritative +name server. If you plan to use DNSSEC for any purpose you should use a +newer version of BIND, preferably version 9.6.x or higher. + +Additionally, this version of BIND (9.3.x) is beyond its End Of Life (EOL) +date and is no longer supported by ISC. + +Newer versions are available in the ports tree (e.g., /usr/ports/dns/bind96) +or by upgrading your FreeBSD installation to version 8.0 or higher. +*/ + options { // Relative to the chroot directory, if any directory "/etc/namedb";