From owner-freebsd-hackers@FreeBSD.ORG Wed Jul 4 17:01:07 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 446D5106564A; Wed, 4 Jul 2012 17:01:07 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 1E0DB8FC0A; Wed, 4 Jul 2012 17:01:05 +0000 (UTC) Received: by lbon10 with SMTP id n10so13393464lbo.13 for ; Wed, 04 Jul 2012 10:01:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=aHw47E1E5xZlQ15DCRjENszanWd986Ud1CfkaHytyAg=; b=jXnsiJ5AXGQ/Ro5wq2VRHPjoFZa9zZpo7ebvlmeRACVXmwOKnVSEnYbBBcZuxqVpBr O23irFBEY6HxUKf08bWnJlItHZZZNdANXOfi0bMHY2vPqwznYgblwxOhLg7JPVQOGkOK py28+gQ96DqtPrpVb5Asg9qiRbdD5nnzZg9U2IRzzXyD/jEGnEshH1kIvibN9YdBxaPS FzTWpeG8ctJwl74R5w3e+AhGm7R8Y9YNe6ma5k3yW5cvl4IafCOajfkFbSuQ2ZPCrPI+ 8FfvYKvOvCjjXDl+Ze4L5VBV8ru5sixKrIOh2ne7zf9bRqO8bqOrMmVP99/Qk+KKKAE0 sVnA== MIME-Version: 1.0 Received: by 10.152.48.37 with SMTP id i5mr22441192lan.36.1341421264720; Wed, 04 Jul 2012 10:01:04 -0700 (PDT) Received: by 10.114.37.74 with HTTP; Wed, 4 Jul 2012 10:01:04 -0700 (PDT) In-Reply-To: References: <4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no> <4FF35864.5030109@FreeBSD.org> Date: Wed, 4 Jul 2012 10:01:04 -0700 Message-ID: From: Freddie Cash To: "Simon L. B. Nielsen" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, Doug Barton , freebsd-hackers@freebsd.org, =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= Subject: Re: Pull in upstream before 9.1 code freeze? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jul 2012 17:01:07 -0000 On Wed, Jul 4, 2012 at 9:51 AM, Simon L. B. Nielsen wro= te: > On Tue, Jul 3, 2012 at 9:39 PM, Doug Barton wrote: >> On 07/03/2012 05:39, Dag-Erling Sm=C3=B8rgrav wrote: >>> Doug Barton writes: >>>> The correct solution to this problem is to remove BIND from the base >>>> altogether, but I have no energy for all the whinging that would happe= n >>>> if I tried (again) to do that. >>> >>> I don't think there will be as much whinging as you expect. Times have >>> changed. >>> >>> I'm willing to import and maintain unbound (BSD-licensed validating, >>> recursive, and caching DNS resolver) if you remove BIND. >> >> You've got a deal! >> >> Unbound requires ldns, which is a good thing. Part of this project would > > How's the security support for ldns / unbound? For third party > software sitting in the 'frontline' that part is rather important. > >> also be to enable drill so that we have a command-line dns lookup tool >> in the base, but that's trivial once you've got ldns imported. > > Does that means loosing host(1) ? That would be somewhat annoying. There's a version of host based on unbound. At least, there's an unbound-host package for Debian Linux: http://packages.debian.org/search?keywords=3Dunbound-host --=20 Freddie Cash fjwcash@gmail.com