From owner-freebsd-security@FreeBSD.ORG  Sun Jul  8 21:55:36 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53])
	by hub.freebsd.org (Postfix) with ESMTP id 368A61065672;
	Sun,  8 Jul 2012 21:55:36 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id DD39714DBCD;
	Sun,  8 Jul 2012 21:55:35 +0000 (UTC)
Message-ID: <4FFA01D7.8090807@FreeBSD.org>
Date: Sun, 08 Jul 2012 14:55:35 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:13.0) Gecko/20120621 Thunderbird/13.0.1
MIME-Version: 1.0
To: Dan Lukes <dan@obluda.cz>
References: <CA+QLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com>
	<4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no>
	<89AB703D-E075-4AAC-AC1B-B358CC4E4E7F@lists.zabbadoz.net>
	<4FF8C3A1.9080805@FreeBSD.org>
	<0AFE3C4A-22DB-4134-949F-4D05BBFC4C6C@lists.zabbadoz.net>
	<4FF8CA35.7040209@FreeBSD.org>
	<CA+tpaK1R1miXTJv8YJUMZWQcKFk7RPDePDBiCEMdWHZX=qksSQ@mail.gmail.com>
	<4FF952FB.10200@FreeBSD.org>
	<alpine.BSF.2.00.1207081130540.2035@wojtek.tensor.gdynia.pl>
	<4FF99C12.8070004@obluda.cz>
In-Reply-To: <4FF99C12.8070004@obluda.cz>
X-Enigmail-Version: 1.4.2
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org, FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject: Re: Replacing BIND with unbound (Was: Re: Pull in upstream before
 9.1 code freeze?)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jul 2012 21:55:36 -0000

On 07/08/2012 07:41, Dan Lukes wrote:
>> The ideal, long-term solution is to re-think what "The Base" is, and
>> give users more flexibility at install time.
> 
> Flexibility is double-edged sword.
> 
> Feel free to replace one resolver with another resolver (but don't do it
> so often, please). Applications can be patched to fit new API, scripts
> can be modified to use other command-line utilities. It is OK for me, as
> long as it is rare big bang.

Sorry, you're not understanding what is being proposed. Specifically
you're confusing the system stub resolver (the bit that's compiled into
libc, and used by binaries) and the resolving name server (BIND). No one
is proposing to replace the stub.

> I'm definitely not interested to make decisions like ...
> 
> "if I will select resolver A at install time, then utility X will not
> work correctly with them - it work with resolver B only, unfortunately,
> port P can't be compiled against resolver B because it's maintainer is
> using A only"

No one is suggesting anything similar to what you're concerned about.


-- 

    This .signature sanitized for your protection