From owner-freebsd-security@FreeBSD.ORG  Wed Jul  4 22:04:25 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53])
	by hub.freebsd.org (Postfix) with ESMTP id 1515D106566C;
	Wed,  4 Jul 2012 22:04:25 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id 2D2B61A6930;
	Wed,  4 Jul 2012 22:03:21 +0000 (UTC)
Message-ID: <4FF4BDA8.50303@FreeBSD.org>
Date: Wed, 04 Jul 2012 15:03:20 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; FreeBSD i386;
	rv:13.0) Gecko/20120624 Thunderbird/13.0.1
MIME-Version: 1.0
To: Brett Glass <brett@lariat.org>
References: <CA+QLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com>
	<4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no>
	<201207042156.PAA09080@lariat.net>
In-Reply-To: <201207042156.PAA09080@lariat.net>
X-Enigmail-Version: 1.4.2
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-security@freebsd.org,
	=?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>,
	Robert Simmons <rsimmons0@gmail.com>, freebsd-hackers@freebsd.org
Subject: Re: Pull in upstream before 9.1 code freeze?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2012 22:04:25 -0000

On 07/04/2012 14:55, Brett Glass wrote:
> At 06:39 AM 7/3/2012, Dag-Erling Smørgrav wrote:
>  
>> I'm willing to import and maintain unbound (BSD-licensed validating,
>> recursive, and caching DNS resolver) if you remove BIND.
> 
> I've been using djb, and -- despite its quirks -- I'm very happy with
> it.

Completely aside from its "quirks," djbdns is wholly unsuitable in the
modern DNS world due to it's poor and/or total lack of support for IDNs
and DNSSEC.

> I'd like to have the option of installing dnscache, with the
> so-called "Jumbo" patch, as the default resolver.

As soon as you start talking about "with/without $option" you are
talking about a ports install, which is perfectly fine.

Other than that, if whoever actually pushes all the rocks uphill to make
the installer more modular in this regard decides to include djbdns,
more power to them. :)

Doug

-- 

    This .signature sanitized for your protection