From owner-freebsd-ports@FreeBSD.ORG Wed Jan 14 13:31:14 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 39EFF64A for ; Wed, 14 Jan 2015 13:31:14 +0000 (UTC) Received: from hades.sorbs.net (hades.sorbs.net [67.231.146.201]) by mx1.freebsd.org (Postfix) with ESMTP id 213C2C0 for ; Wed, 14 Jan 2015 13:31:13 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from isux.com (firewall.isux.com [213.165.190.213]) by hades.sorbs.net (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013)) with ESMTPSA id <0NI600FAT5RUNJ00@hades.sorbs.net> for freebsd-ports@freebsd.org; Wed, 14 Jan 2015 05:35:55 -0800 (PST) Message-id: <54B66F9D.4030005@sorbs.net> Date: Wed, 14 Jan 2015 14:31:09 +0100 From: Michelle Sullivan User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.24) Gecko/20100301 SeaMonkey/1.1.19 To: Matt Smith , Michelle Sullivan , freebsd-ports@freebsd.org Subject: Re: BIND REPLACE_BASE option References: <2A3ABE9AE68B3CE8E1B7C1A1@ogg.in.absolight.net> <20150113163325.3A8FCBDC24@prod2.absolight.net> <67897B782F897C2A66FCD458@atuin.in.mat.cc> <20150113233952.BF862BDC24@prod2.absolight.net> <20150114031156.400F2BDC3E@prod2.absolight.net> <507F8738895177F5640A4090@atuin.in.mat.cc> <20150114120852.GA17865@xtaz.uk> <54B66183.8040403@sorbs.net> <20150114124139.GB17865@xtaz.uk> In-reply-to: <20150114124139.GB17865@xtaz.uk> X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2015 13:31:14 -0000 Matt Smith wrote: > On Jan 14 13:30, Michelle Sullivan wrote: >> Matt Smith wrote: >>> Doug Barton who used to maintain BIND in both the base system and the >>> port used to always say that the version in the base system was only >>> designed to be used as a local resolver on a laptop/desktop. If it was >>> used as a proper DNS server the port version was meant to be used >>> instead. Based on this it makes perfect sense why BIND was replaced >>> with local Unbound in the base, and the ports system still has BIND >>> for people that were using it. >> >> Was this ever documented? (I've been using bind in base for servers for >> many years and this is the first time I've heard of it - and it is >> unlikely I'm the only one.) >> > > I'm not sure if it was documented anywhere in particular. I've just > seen it mentioned lots of times on these mailing lists in the past. > Specifically around the time he was experimenting with slaving the > root and arpa zones and there were a few configuration changes to > named.conf at that time. > > The main reasoning is that the versions of things in the base system > are usually old and rarely get updated. They occasionally get patches > if there's a serious security vulnerability but for minor bugs it's > unlikely you'll see any patch. And to patch it you quite often need to > do a full O/S upgrade which is very time consuming and probably needs > a reboot. The port versions are updated straight away, even for minor > bugs and because you've not also updated half the O/S in the process > you don't need to do anything other than restart named. > And that is precisely the reason I used the 'REPLACE_BASE' option... BTW, what happens if you /usr/local/etc/rc.d/named start and /etc/rc.d/named start now (particularly the latter) ? ... I'm assuming some thought of this and removed /etc/rc.d/named as part of a freebsd-update ...? (note: some of use cannot 'freebsd-update' the 'delete-old' stuff because some got it also to delete the pkg_* tools - which some of us have to use currently - despite that same attempting to force production systems into untested configurations... even when patching exploits. Regards, -- Michelle Sullivan http://www.mhix.org/