Date: Tue, 30 Jul 2013 17:46:09 -0700 (PDT) From: "Chris H" <bsd-lists@1command.com> To: freebsd-stable@freebsd.org Subject: Re: Bind in FreeBSD, security advisories Message-ID: <5cbefcc0e4be0fb6d0f654d8378108b6.authenticated@ultimatedns.net> In-Reply-To: <1375193086.25610.3260371.08421FD0@webmail.messagingengine.com> References: <CAO%2BPfDctepQY0mGH7H%2BgOSm4HJwhe-RCND%2BmxAArnRxpWiCsjg@mail.gmail.com> <1375186900.23467.3223791.24CB348A@webmail.messagingengine.com> <51F7B5C7.6050008@digsys.bg> <CAOgwaMt4G02yhU0cbiq_EEwhi4=mgt2kLGJf0Rgb8t9wECsGJA@mail.gmail.com> <51F7C07C.9060606@digsys.bg> <1375193086.25610.3260371.08421FD0@webmail.messagingengine.com>
index | next in thread | previous in thread | raw e-mail
> On Tue, Jul 30, 2013, at 8:32, Daniel Kalchev wrote: >> >> >> This is very much an situation like replacing gcc with clang/llvm. >> However, in the case of BIND we have no licensing problems, stability >> problems, performance problems etc --- just concerns that BIND generates >> many SAs -- which might be actually good indicator, as it demonstrates >> that BIND is worked on. >> > > There's a man with a name whose initials match DJB that would strongly > disagree. Now he's not always the best person to reference, but he's > made a succinct point with his own software, whether or not you like > using it. > > Unbound/NSD are suitable replacements if we really need something in > base, and they have been picked up by OpenBSD for a good reason -- > clean, secure, readable, maintainable codebases and their use across the > internet and on the ROOT servers is growing. > >> I personally see no reason to remove BIND from base. If someone does not >> want BIND in their system, they could always use the WITHOUT_BIND build >> switch. > > I'd be inclined to agree if it wasn't such a wholly insecure chunk of > code. You don't see people whining about Sendmail in base when they > prefer Postfix or Exim, but Sendmail doesn't have a new exploit every > week. You do tend to need an MTA for getting messages off the system > more than you need a local recursor/cache, but at least it's not causing > you maintenance headaches. If you consider the possibility that a large > enough percentage of users really desire a local recursor/cache it > should be our duty to give them the best option available. +1 Sorry to do that. But I simply couldn't have expressed it better, myself. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5cbefcc0e4be0fb6d0f654d8378108b6.authenticated>