From owner-freebsd-security@FreeBSD.ORG  Tue Jul  3 20:39:01 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53])
	by hub.freebsd.org (Postfix) with ESMTP id 1EEBF106566C;
	Tue,  3 Jul 2012 20:39:01 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id 75B3D14E213;
	Tue,  3 Jul 2012 20:39:00 +0000 (UTC)
Message-ID: <4FF35864.5030109@FreeBSD.org>
Date: Tue, 03 Jul 2012 13:39:00 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:13.0) Gecko/20120621 Thunderbird/13.0.1
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
References: <CA+QLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com>
	<4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no>
In-Reply-To: <86bojxow6x.fsf@ds4.des.no>
X-Enigmail-Version: 1.4.2
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-hackers@freebsd.org, freebsd-security@freebsd.org
Subject: Re: Pull in upstream before 9.1 code freeze?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2012 20:39:01 -0000

On 07/03/2012 05:39, Dag-Erling Smørgrav wrote:
> Doug Barton <dougb@FreeBSD.org> writes:
>> The correct solution to this problem is to remove BIND from the base
>> altogether, but I have no energy for all the whinging that would happen
>> if I tried (again) to do that.
> 
> I don't think there will be as much whinging as you expect.  Times have
> changed.
> 
> I'm willing to import and maintain unbound (BSD-licensed validating,
> recursive, and caching DNS resolver) if you remove BIND.

You've got a deal!

Unbound requires ldns, which is a good thing. Part of this project would
also be to enable drill so that we have a command-line dns lookup tool
in the base, but that's trivial once you've got ldns imported.

After you get those 3 elements in the base I'm happy to pull BIND out by
the roots.

Doug

-- 

    This .signature sanitized for your protection