From owner-freebsd-hackers@FreeBSD.ORG Wed Jul 4 18:51:10 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 584931065672 for ; Wed, 4 Jul 2012 18:51:10 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-gg0-f182.google.com (mail-gg0-f182.google.com [209.85.161.182]) by mx1.freebsd.org (Postfix) with ESMTP id A3C1E8FC17 for ; Wed, 4 Jul 2012 18:51:09 +0000 (UTC) Received: by ggnm2 with SMTP id m2so7905489ggn.13 for ; Wed, 04 Jul 2012 11:51:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to; bh=0Toe4k1uoeShD/JW9NkD4QVxqlXqZxN17UX8zFSryrE=; b=PIBFcCSnKy7pIG/+8HI4ocBa/mYqMyM9V+q79hkUrdj4Ivdcdcr93XRQkELl4RKuo8 TUcA/B+K1IjY+WkP+Ya/gKdpusnm2N3uNIfcMkQs6YuTXCP/AhQS524R2XFT34txWK29 9moQHRJ3ygYR8tlexraN0wPHS2ylFsQDHJ9wU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to:x-gm-message-state; bh=0Toe4k1uoeShD/JW9NkD4QVxqlXqZxN17UX8zFSryrE=; b=AqDgxwqDybeGuu62mQmVkyznO8Doi43kLQA95p5IGcGXXPIy3mt69LMIfk/kbK0FL7 648KOU7sNh30LyFKmtRkjrtEbIKtd5Gn2NzkQq3K3FaJkvg0INFxjc90eBWmIeS1z2gB PZsqJTPe0AmwVsNJy2uanPkkFoKMW7Fp8P8R6HksvvfnFkrNmA4tGUFF2yqN6tTWxTvP NHEDlOIWfsPMWvsU99bAIOT7cNA+sZfKQf1eMegXhIXuZnU20o1canw3fCo4wy2LYqIS nYI+JsAoq4+KTWVEYmlr8Bl9GR7/p22DcZQkn04220CtnI5XiUx0K+izpZdwo4LXTi1l T3MA== Received: by 10.42.140.4 with SMTP id i4mr5103318icu.18.1341427868890; Wed, 04 Jul 2012 11:51:08 -0700 (PDT) Received: from DataIX.net (adsl-108-195-138-67.dsl.klmzmi.sbcglobal.net. [108.195.138.67]) by mx.google.com with ESMTPS id v17sm30973163igv.7.2012.07.04.11.51.07 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 04 Jul 2012 11:51:08 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q64Ip5sZ059550 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 4 Jul 2012 14:51:05 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q64Ip4ct059549; Wed, 4 Jul 2012 14:51:04 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Wed, 4 Jul 2012 14:51:04 -0400 From: Jason Hellenthal To: Freddie Cash Message-ID: <20120704185104.GA42355@DataIX.net> References: <4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no> <4FF35864.5030109@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Gm-Message-State: ALoCoQlnG1ToKjdbq9SZaAz0Xyh/JrJj6XtZNxLg/9TaMiENfLo6PTFFiR4ispbgdNh4RIkWqSJn Cc: freebsd-security@freebsd.org, Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , Doug Barton , "Simon L. B. Nielsen" , freebsd-hackers@freebsd.org Subject: Re: Pull in upstream before 9.1 code freeze? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jul 2012 18:51:10 -0000 On Wed, Jul 04, 2012 at 10:01:04AM -0700, Freddie Cash wrote: > On Wed, Jul 4, 2012 at 9:51 AM, Simon L. B. Nielsen wrote: > > On Tue, Jul 3, 2012 at 9:39 PM, Doug Barton wrote: > >> On 07/03/2012 05:39, Dag-Erling Smørgrav wrote: > >>> Doug Barton writes: > >>>> The correct solution to this problem is to remove BIND from the base > >>>> altogether, but I have no energy for all the whinging that would happen > >>>> if I tried (again) to do that. > >>> > >>> I don't think there will be as much whinging as you expect. Times have > >>> changed. > >>> > >>> I'm willing to import and maintain unbound (BSD-licensed validating, > >>> recursive, and caching DNS resolver) if you remove BIND. > >> > >> You've got a deal! > >> > >> Unbound requires ldns, which is a good thing. Part of this project would > > > > How's the security support for ldns / unbound? For third party > > software sitting in the 'frontline' that part is rather important. > > > >> also be to enable drill so that we have a command-line dns lookup tool > >> in the base, but that's trivial once you've got ldns imported. > > > > Does that means loosing host(1) ? That would be somewhat annoying. > > There's a version of host based on unbound. At least, there's an > unbound-host package for Debian Linux: > > http://packages.debian.org/search?keywords=unbound-host > What would be really nice here is a command wrapper hooked into the shell so that when you type a command and it does not exist it presents you with a question for suggestions to install somewhat like Fedora has done. You type nmap in the root shell and it will ask you if you would like to install it. With that said, given this is FreeBSD, it could offer ... Would you like to install base package [y/N] ?: N Would you like to install ports package [y/N] ?: N Would you like to compile this from ports [y/N] ?: Y You have these options available: 1) BIND 2) LDNS 3) DJBDNS Which would you like [0-3]: I entirely dislike the idea of including something other than bind-tools within base that are installed, but fully support the idea of providing a way to allow the user to install a "base package" one that is meant to install into the base system and have as many as are seen suited to support the community. I currently buildworld WITHOUT_BIND and use bind from ports and cannot justify the time to go through learning/using another instance or at least at this time when BIND has been perfect for everything I needed to do. -- - (2^(N-1))