From owner-freebsd-stable@FreeBSD.ORG Tue Dec 3 15:12:48 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9AC7261E for ; Tue, 3 Dec 2013 15:12:48 +0000 (UTC) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6B8531A0D for ; Tue, 3 Dec 2013 15:12:48 +0000 (UTC) Received: from compute4.internal (compute4.nyi.mail.srv.osa [10.202.2.44]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id E5F8E20E59 for ; Tue, 3 Dec 2013 10:12:45 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute4.internal (MEProxy); Tue, 03 Dec 2013 10:12:45 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:subject:date:in-reply-to :references; s=smtpout; bh=XHgIC2HXcZZMBQ/xTnpzLuhgt1M=; b=QI+1a p7rJR3r0W3ZTVvFMccS1Gho0aEHG5uuSIswxBK4iZSP4KSTtw+d0UkCm67J26xwn PaO5wEcdbCthJnZhn3N9FcJ3HOmPF5LpwA40sqPqL0ndvIGPGo7yZbPilcWJ+FE2 +lJkopdx1gy3V4BJ2kwSRF1CmlOfzi3cpOZkc0= Received: by web3.nyi.mail.srv.osa (Postfix, from userid 99) id C24F811C3BC; Tue, 3 Dec 2013 10:12:45 -0500 (EST) Message-Id: <1386083565.11989.54971285.12C03C19@webmail.messagingengine.com> X-Sasl-Enc: A5tD+WYCbkE3fJ13ySI+T4KCE4RmxDh7A3zMT93Cv/0A 1386083565 From: Mark Felder To: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-24db94df Subject: Re: BIND chroot environment in 10-RELEASE...gone? Date: Tue, 03 Dec 2013 09:12:45 -0600 In-Reply-To: <529D9CC5.8060709@rancid.berkeley.edu> References: <529D9CC5.8060709@rancid.berkeley.edu> X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Dec 2013 15:12:48 -0000 On Tue, Dec 3, 2013, at 2:56, Michael Sinatra wrote: > I am aware of the fact that unbound has "replaced" BIND in the base > system, starting with 10.0-RELEASE. What surprised me was recent > commits to ports/dns/bind99 (and presumably other versions) that appears > to take away the supported chroot capabilities. OTOH, it appears that > unbound has been given these capabilities. > > I have no issues with removing BIND from base, but taking away the very > robust chroot support that FreeBSD had for BIND is something I would > oppose. I like the idea of leveling the playing field for users of > other systems, but the way things have been implemented thus far--taking > away functionality from BIND while preferring unbound--seems > counter-productive. It doesn't really level the playing field, it just > turns it the other way. > > It seems like it would be pretty easy to preserve the /etc/rc.d/named > startup script and BIND.chroot.dist from 9.x and add them to the BIND > ports, so that people who need to run a full-blown BIND installation can > "just install the port" as was advised back in 2012 when the > BIND/unbound change was first being discussed on -hackers. What are the > obstacles to doing something like this? > I would start by filing a PR; I don't think this was intentional.