From owner-freebsd-stable@FreeBSD.ORG  Tue Dec  3 08:56:45 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9E73A722
 for <stable@freebsd.org>; Tue,  3 Dec 2013 08:56:45 +0000 (UTC)
Received: from burnttofu.net (burnttofu.net [IPv6:2607:fc50:1:9d00::9977])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 642D210EB
 for <stable@freebsd.org>; Tue,  3 Dec 2013 08:56:45 +0000 (UTC)
Received: from sponge.es.net ([IPv6:2601:9:2c80:35::2222])
 (authenticated bits=0)
 by burnttofu.net (8.14.7/8.14.5) with ESMTP id rB38ugNH013911
 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT)
 for <stable@freebsd.org>; Tue, 3 Dec 2013 03:56:43 -0500 (EST)
 (envelope-from michael@rancid.berkeley.edu)
Message-ID: <529D9CC5.8060709@rancid.berkeley.edu>
Date: Tue, 03 Dec 2013 00:56:37 -0800
From: Michael Sinatra <michael@rancid.berkeley.edu>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: stable@freebsd.org
Subject: BIND chroot environment in 10-RELEASE...gone?
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3
 (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]);
 Tue, 03 Dec 2013 03:56:43 -0500 (EST)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2013 08:56:45 -0000

I am aware of the fact that unbound has "replaced" BIND in the base
system, starting with 10.0-RELEASE.  What surprised me was recent
commits to ports/dns/bind99 (and presumably other versions) that appears
to take away the supported chroot capabilities.  OTOH, it appears that
unbound has been given these capabilities.

I have no issues with removing BIND from base, but taking away the very
robust chroot support that FreeBSD had for BIND is something I would
oppose.  I like the idea of leveling the playing field for users of
other systems, but the way things have been implemented thus far--taking
away functionality from BIND while preferring unbound--seems
counter-productive.  It doesn't really level the playing field, it just
turns it the other way.

It seems like it would be pretty easy to preserve the /etc/rc.d/named
startup script and BIND.chroot.dist from 9.x and add them to the BIND
ports, so that people who need to run a full-blown BIND installation can
"just install the port" as was advised back in 2012 when the
BIND/unbound change was first being discussed on -hackers.  What are the
obstacles to doing something like this?

michael