Date: Wed, 04 Jul 2012 14:14:49 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Freddie Cash <fjwcash@gmail.com> Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org, "Simon L. B. Nielsen" <simon@freebsd.org>, =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no> Subject: Re: Pull in upstream before 9.1 code freeze? Message-ID: <4FF4B249.4010107@FreeBSD.org> In-Reply-To: <CAOjFWZ5ikPz_yDhEQutiXVG354qRHYJTn-M_S4Cx-=YRgFP7eQ@mail.gmail.com> References: <CA%2BQLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com> <4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no> <4FF35864.5030109@FreeBSD.org> <CAC8HS2Hx%2BqV1zYSzyM6wYzbyA6BStd3HEwc-VDhv40DHM=qCvw@mail.gmail.com> <CAOjFWZ5ikPz_yDhEQutiXVG354qRHYJTn-M_S4Cx-=YRgFP7eQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/04/2012 10:01, Freddie Cash wrote:
> On Wed, Jul 4, 2012 at 9:51 AM, Simon L. B. Nielsen <simon@freebsd.org> wrote:
>> On Tue, Jul 3, 2012 at 9:39 PM, Doug Barton <dougb@freebsd.org> wrote:
>>> On 07/03/2012 05:39, Dag-Erling Smørgrav wrote:
>>>> Doug Barton <dougb@FreeBSD.org> writes:
>>>>> The correct solution to this problem is to remove BIND from the base
>>>>> altogether, but I have no energy for all the whinging that would happen
>>>>> if I tried (again) to do that.
>>>>
>>>> I don't think there will be as much whinging as you expect. Times have
>>>> changed.
>>>>
>>>> I'm willing to import and maintain unbound (BSD-licensed validating,
>>>> recursive, and caching DNS resolver) if you remove BIND.
>>>
>>> You've got a deal!
>>>
>>> Unbound requires ldns, which is a good thing. Part of this project would
>>
>> How's the security support for ldns / unbound? For third party
>> software sitting in the 'frontline' that part is rather important.
Other than my followup where I expressed total confidence in the folks
that produce these tools, I'll leave the advocacy to Dag-Erling.
>>> also be to enable drill so that we have a command-line dns lookup tool
>>> in the base, but that's trivial once you've got ldns imported.
>>
>> Does that means loosing host(1) ?
Yes! Code must be free!!!!!11!!!! :)
>> That would be somewhat annoying.
Again, see my followup.
> There's a version of host based on unbound. At least, there's an
> unbound-host package for Debian Linux:
Yes, it's a SMOP. If we produced a BSDL version I'm fairly sure the
NLnet Labs guys would be interested. Dag-Erling probably wants to
contact them first to see if they are already working on something similar.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FF4B249.4010107>