Date: Sun, 08 Jul 2012 16:41:22 +0200 From: Dan Lukes <dan@obluda.cz> To: freebsd-security@freebsd.org Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Replacing BIND with unbound (Was: Re: Pull in upstream before 9.1 code freeze?) Message-ID: <4FF99C12.8070004@obluda.cz> In-Reply-To: <alpine.BSF.2.00.1207081130540.2035@wojtek.tensor.gdynia.pl> References: <CA%2BQLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com> <4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no> <89AB703D-E075-4AAC-AC1B-B358CC4E4E7F@lists.zabbadoz.net> <4FF8C3A1.9080805@FreeBSD.org> <0AFE3C4A-22DB-4134-949F-4D05BBFC4C6C@lists.zabbadoz.net> <4FF8CA35.7040209@FreeBSD.org> <CA%2BtpaK1R1miXTJv8YJUMZWQcKFk7RPDePDBiCEMdWHZX=qksSQ@mail.gmail.com> <4FF952FB.10200@FreeBSD.org> <alpine.BSF.2.00.1207081130540.2035@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
> The ideal, long-term solution is to re-think what "The Base" is, and > give users more flexibility at install time. Flexibility is double-edged sword. Feel free to replace one resolver with another resolver (but don't do it so often, please). Applications can be patched to fit new API, scripts can be modified to use other command-line utilities. It is OK for me, as long as it is rare big bang. But "right to select one from N resolvers at install time" sounds like way to hell for me. FreeBSD is known to be fast and reliable network server. Resolver is critical component. There should be ONE resolver in the base which is guaranteed to work with all other baseline utilities and script. Also, network related ports should compile against selected base resolver. No problem if someone will replace system's resolver with another one from ports, but such administrator is just on it's own. He must be ready to resolve issues related to compatibility and reliability by self. Can we maintain three (or so) resolvers to be perfectly compatible with all utilities and scripts in the base ? I don't think so. I suspect that port maintainers will not maintain their ports compatible with all "recommended" resolvers as well. I'm definitely not interested to make decisions like ... "if I will select resolver A at install time, then utility X will not work correctly with them - it work with resolver B only, unfortunately, port P can't be compiled against resolver B because it's maintainer is using A only" ... in the future. Just my $0.02 Dan P.S. English is not my native language, so look for ideas, not for grammar.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FF99C12.8070004>