From owner-freebsd-security@FreeBSD.ORG Wed Jul 4 16:51:53 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE76D1065670 for ; Wed, 4 Jul 2012 16:51:53 +0000 (UTC) (envelope-from simon@qxnitro.org) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6708A8FC08 for ; Wed, 4 Jul 2012 16:51:52 +0000 (UTC) Received: by yenl8 with SMTP id l8so7828867yen.13 for ; Wed, 04 Jul 2012 09:51:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qxnitro.org; s=google; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=6CyPwBbCn5BorhtyovamEMpDQiFfjXdap5yjb9FMBNA=; b=Kkj+uIchxG3/2a0rJUkvLXaburA2C++XBQYIkhTn9RfF4nPB1SraiSBZ5o30nyck7h afXGUNMzOjXs7FGzf0DGP0wj6iRoZscM56rpPt7eA8yqjDp4Zf24XGFn6yHLiXMcSBGy iyj9i+boDb+E3khCA5m8eW+x5A9txNZMRawcg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=6CyPwBbCn5BorhtyovamEMpDQiFfjXdap5yjb9FMBNA=; b=Kg079Fm/+lASEvES/vix7s3ozcriPc6YibElI8QrTBmBttdoUksm/jzcoC93a6+eQv BL6gZ1arKVq5bz04SBdDfxDrwlGMDviteqiuxJLO+5zLbHugF6t6+fhrXNq/lH64EyNl jVrxGHMvqzQLNLF08416tAi7VAQoq/SmU82mGvkyK+AqHb6aq2cSp4UAAbq9alXlTwoZ oSc+/V6ie7yUeU3SdlwEFqtorf3gmFPSh8zZeRPwaGH/xp/vphRC6Rztf8+lPoltLrCZ hli15Y1Ch/kGZ4yFnyaT3mPARz9LcABV2F77F5r2QKP3NaYhA9nmWqeOxrQWoIElINRA u6FQ== MIME-Version: 1.0 Received: by 10.50.153.161 with SMTP id vh1mr13834319igb.3.1341420712341; Wed, 04 Jul 2012 09:51:52 -0700 (PDT) Sender: simon@qxnitro.org Received: by 10.64.18.206 with HTTP; Wed, 4 Jul 2012 09:51:52 -0700 (PDT) X-Originating-IP: [2620:0:1040:201:6d04:4bfa:a90:43d6] In-Reply-To: <4FF35864.5030109@FreeBSD.org> References: <4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no> <4FF35864.5030109@FreeBSD.org> Date: Wed, 4 Jul 2012 17:51:52 +0100 X-Google-Sender-Auth: f6TMIXHKUy4GJL00uXKAxQ20aIc Message-ID: From: "Simon L. B. Nielsen" To: Doug Barton Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQkE8xZJmuq8Xh9QcZWIUhqSHllqQemC1ncQwdlF6K92w0/HxsnJ9YnyTdq8nfAAnVlXgbsN Cc: freebsd-security@freebsd.org, =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= , freebsd-hackers@freebsd.org Subject: Re: Pull in upstream before 9.1 code freeze? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jul 2012 16:51:53 -0000 On Tue, Jul 3, 2012 at 9:39 PM, Doug Barton wrote: > On 07/03/2012 05:39, Dag-Erling Sm=C3=B8rgrav wrote: >> Doug Barton writes: >>> The correct solution to this problem is to remove BIND from the base >>> altogether, but I have no energy for all the whinging that would happen >>> if I tried (again) to do that. >> >> I don't think there will be as much whinging as you expect. Times have >> changed. >> >> I'm willing to import and maintain unbound (BSD-licensed validating, >> recursive, and caching DNS resolver) if you remove BIND. > > You've got a deal! > > Unbound requires ldns, which is a good thing. Part of this project would How's the security support for ldns / unbound? For third party software sitting in the 'frontline' that part is rather important. > also be to enable drill so that we have a command-line dns lookup tool > in the base, but that's trivial once you've got ldns imported. Does that means loosing host(1) ? That would be somewhat annoying. --=20 Simon