From owner-freebsd-stable@FreeBSD.ORG Thu Dec 5 01:51:30 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 22F6B7DC for ; Thu, 5 Dec 2013 01:51:30 +0000 (UTC) Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F332B12B3 for ; Thu, 5 Dec 2013 01:51:29 +0000 (UTC) Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id AB0CBC94B1; Thu, 5 Dec 2013 01:51:16 +0000 (UTC) (envelope-from marka@isc.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1386208289; bh=qP9jFVzaFDph9rfqUCvB+Bm8WlbgtY2lCDC0QSv6soE=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=ScoAvihv7SIsezhmccWc/OfKqUG3+lnc5L/PhP0zjehD79kYkJgDku0GAvt532xpj XdqpZdp6YBN3zIVL8w6h/rslOxJI/XItNSKDgummBMr8WjWhAF+zKu3NXwr1uh0ETX QRdcIVq7KjhjG/dV/7aDNodPl4XalfrK+LLFWlkw= Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP; Thu, 5 Dec 2013 01:51:16 +0000 (UTC) (envelope-from marka@isc.org) Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id A6A73160446; Thu, 5 Dec 2013 01:59:08 +0000 (UTC) Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id EE1A1160436; Thu, 5 Dec 2013 01:59:07 +0000 (UTC) Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id DA73BB2F12D; Thu, 5 Dec 2013 12:51:12 +1100 (EST) To: Lee Brown From: Mark Andrews References: Subject: Re: BIND chroot environment in 10-RELEASE In-reply-to: Your message of "Wed, 04 Dec 2013 16:15:54 -0800." Date: Thu, 05 Dec 2013 12:51:12 +1100 Message-Id: <20131205015112.DA73BB2F12D@rock.dv.isc.org> X-DCC--Metrics: post.isc.org; whitelist X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.pao1.isc.org Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Dec 2013 01:51:30 -0000 In message , Lee Brown writes: > Just a regular admin... > > Personally I would prefer to NOT have python in base, hidden or otherwise. > > I don't see BIND as being part of base anyway. The LWR is sufficient for > base. BIND is a service for other machines on the network. Just like I > wouldn't want apache to be in base. Then you really do not understand BIND. > For example I'm installing FreeBSD on a laptop. Do I really need BIND? > Not really. However when I build a server for a LAN, then I want to bring > in BIND, git, apache, etc... Yes. You need a validating resolver reachable over a secure channel. Now one could argue about a desktop but anything mobile that connects to random hot spots needs to do its own validation and until every application that retrieves DNS data from the network that will continue to be true. options { dnssec-validation auto; listen-on { 127.0.0.1; }; listen-on-v6 { ::1; }; }; Named has lots of options almost all of which don't need to be set. named -c /dev/null makes a good recursive only resolver. add options { dnssec-validation auto; } and it becomes a good validating recursive only resolver. > If I have a one time migration of BIND in my migration from 9 to 10, so be > it. I'm used to having to do *some* work on a major number upgrade after > all. I'm happy to jail it and use the port vanilla. > > I do agree this could have been managed better though. This is not the > level of engineering I am used to from FreeBSD. Having said that, the > level of engineering is, IMHO, far superior to most other OSs I've worked > with. > > Thanks to all (past, present and future) who contribute to the effort. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org