Date: Wed, 4 Jul 2012 14:51:04 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: Freddie Cash <fjwcash@gmail.com> Cc: freebsd-security@freebsd.org, Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>, Doug Barton <dougb@freebsd.org>, "Simon L. B. Nielsen" <simon@freebsd.org>, freebsd-hackers@freebsd.org Subject: Re: Pull in upstream before 9.1 code freeze? Message-ID: <20120704185104.GA42355@DataIX.net> In-Reply-To: <CAOjFWZ5ikPz_yDhEQutiXVG354qRHYJTn-M_S4Cx-=YRgFP7eQ@mail.gmail.com> References: <CA%2BQLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com> <4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no> <4FF35864.5030109@FreeBSD.org> <CAC8HS2Hx%2BqV1zYSzyM6wYzbyA6BStd3HEwc-VDhv40DHM=qCvw@mail.gmail.com> <CAOjFWZ5ikPz_yDhEQutiXVG354qRHYJTn-M_S4Cx-=YRgFP7eQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 04, 2012 at 10:01:04AM -0700, Freddie Cash wrote: > On Wed, Jul 4, 2012 at 9:51 AM, Simon L. B. Nielsen <simon@freebsd.org> wrote: > > On Tue, Jul 3, 2012 at 9:39 PM, Doug Barton <dougb@freebsd.org> wrote: > >> On 07/03/2012 05:39, Dag-Erling Smørgrav wrote: > >>> Doug Barton <dougb@FreeBSD.org> writes: > >>>> The correct solution to this problem is to remove BIND from the base > >>>> altogether, but I have no energy for all the whinging that would happen > >>>> if I tried (again) to do that. > >>> > >>> I don't think there will be as much whinging as you expect. Times have > >>> changed. > >>> > >>> I'm willing to import and maintain unbound (BSD-licensed validating, > >>> recursive, and caching DNS resolver) if you remove BIND. > >> > >> You've got a deal! > >> > >> Unbound requires ldns, which is a good thing. Part of this project would > > > > How's the security support for ldns / unbound? For third party > > software sitting in the 'frontline' that part is rather important. > > > >> also be to enable drill so that we have a command-line dns lookup tool > >> in the base, but that's trivial once you've got ldns imported. > > > > Does that means loosing host(1) ? That would be somewhat annoying. > > There's a version of host based on unbound. At least, there's an > unbound-host package for Debian Linux: > > http://packages.debian.org/search?keywords=unbound-host > What would be really nice here is a command wrapper hooked into the shell so that when you type a command and it does not exist it presents you with a question for suggestions to install somewhat like Fedora has done. You type nmap in the root shell and it will ask you if you would like to install it. With that said, given this is FreeBSD, it could offer ... Would you like to install base package [y/N] ?: N Would you like to install ports package [y/N] ?: N Would you like to compile this from ports [y/N] ?: Y You have these options available: 1) BIND 2) LDNS 3) DJBDNS Which would you like [0-3]: I entirely dislike the idea of including something other than bind-tools within base that are installed, but fully support the idea of providing a way to allow the user to install a "base package" one that is meant to install into the base system and have as many as are seen suited to support the community. I currently buildworld WITHOUT_BIND and use bind from ports and cannot justify the time to go through learning/using another instance or at least at this time when BIND has been perfect for everything I needed to do. -- - (2^(N-1))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120704185104.GA42355>