From owner-freebsd-stable@FreeBSD.ORG Wed Jul 31 01:04:48 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 5B3C3471 for ; Wed, 31 Jul 2013 01:04:48 +0000 (UTC) (envelope-from bsd-lists@1command.com) Received: from udns.ultimateDNS.NET (ultimatedns.net [209.180.214.225]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 0AEC32268 for ; Wed, 31 Jul 2013 01:04:47 +0000 (UTC) Received: from udns.ultimateDNS.NET (localhost [127.0.0.1]) by udns.ultimateDNS.NET (8.14.5/8.14.5) with ESMTP id r6V0kE06095743 for ; Tue, 30 Jul 2013 17:46:20 -0700 (PDT) (envelope-from bsd-lists@1command.com) Received: (from www@localhost) by udns.ultimateDNS.NET (8.14.5/8.14.5/Submit) id r6V0k91v095740; Tue, 30 Jul 2013 17:46:09 -0700 (PDT) (envelope-from bsd-lists@1command.com) Received: from udns.ultimatedns.net ([209.180.214.225]) (UDNSMS authenticated user chrish) by ultimatedns.net with HTTP; Tue, 30 Jul 2013 17:46:09 -0700 (PDT) Message-ID: <5cbefcc0e4be0fb6d0f654d8378108b6.authenticated@ultimatedns.net> In-Reply-To: <1375193086.25610.3260371.08421FD0@webmail.messagingengine.com> References: <1375186900.23467.3223791.24CB348A@webmail.messagingengine.com> <51F7B5C7.6050008@digsys.bg> <51F7C07C.9060606@digsys.bg> <1375193086.25610.3260371.08421FD0@webmail.messagingengine.com> Date: Tue, 30 Jul 2013 17:46:09 -0700 (PDT) Subject: Re: Bind in FreeBSD, security advisories From: "Chris H" To: freebsd-stable@freebsd.org User-Agent: UDNSMS/2.0.3 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2013 01:04:48 -0000 > On Tue, Jul 30, 2013, at 8:32, Daniel Kalchev wrote: >> >> >> This is very much an situation like replacing gcc with clang/llvm. >> However, in the case of BIND we have no licensing problems, stability >> problems, performance problems etc --- just concerns that BIND generates >> many SAs -- which might be actually good indicator, as it demonstrates >> that BIND is worked on. >> > > There's a man with a name whose initials match DJB that would strongly > disagree. Now he's not always the best person to reference, but he's > made a succinct point with his own software, whether or not you like > using it. > > Unbound/NSD are suitable replacements if we really need something in > base, and they have been picked up by OpenBSD for a good reason -- > clean, secure, readable, maintainable codebases and their use across the > internet and on the ROOT servers is growing. > >> I personally see no reason to remove BIND from base. If someone does not >> want BIND in their system, they could always use the WITHOUT_BIND build >> switch. > > I'd be inclined to agree if it wasn't such a wholly insecure chunk of > code. You don't see people whining about Sendmail in base when they > prefer Postfix or Exim, but Sendmail doesn't have a new exploit every > week. You do tend to need an MTA for getting messages off the system > more than you need a local recursor/cache, but at least it's not causing > you maintenance headaches. If you consider the possibility that a large > enough percentage of users really desire a local recursor/cache it > should be our duty to give them the best option available. +1 Sorry to do that. But I simply couldn't have expressed it better, myself. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >