From owner-freebsd-stable@FreeBSD.ORG Wed Nov 6 14:00:13 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id B17F43C4; Wed, 6 Nov 2013 14:00:13 +0000 (UTC) (envelope-from erwin@lansing.dk) Received: from mail.droso.net (koala.droso.dk [IPv6:2a01:4f8:a0:7163::2]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F095F2176; Wed, 6 Nov 2013 14:00:12 +0000 (UTC) Received: from [10.32.128.41] (80-62-116-41-mobile.dk.customer.tdc.net [80.62.116.41]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by mail.droso.net (Postfix) with ESMTPSA id 437C987D; Wed, 6 Nov 2013 15:00:06 +0100 (CET) Authentication-Results: koala.droso.dk; dmarc=none header.from=lansing.dk DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lansing.dk; s=lansing.dk-20130920; t=1383746408; bh=arl+6oKZiurIy4iR4qPk8zJH2an745+fjGHpmJsJ0x8=; h=References:In-Reply-To:Cc:From:Subject:Date:To; b=eeUHay9b4e0r9SuUJ8Ouv8R8ACAirTS79GxUIGG/3H6svPSCDaXQlK+eUIywUGYzP 54vo0CF22zpNVY0vd5KI+v9P+b9Uy3yAlvUA9bLal3ETvJcxW0gA59GZJFcYAhT21w 87wnZLFXSEeYxD4iyDA+CbskmL1DRn1aR7FUREhc= References: <20131103220654.GU52889@FreeBSD.org> <6AA4A8E1-CBCE-4C87-A320-BB08EC76715F@lassitu.de> <20131104083443.GZ52889@FreeBSD.org> <2B21E123-23BA-4E07-B9DD-9DE1CDE40D08@FreeBSD.org> <20131104163457.GJ52889@FreeBSD.org> Mime-Version: 1.0 (1.0) In-Reply-To: Message-Id: <868B00D6-101A-4B17-995F-A3E2AFE41908@lansing.dk> X-Mailer: iPhone Mail (11B511) From: Erwin Lansing Subject: Re: FreeBSD 10 Beta2 /etc/rc.d/named script and /etc/defaults/rc.conf Date: Wed, 6 Nov 2013 14:59:15 +0100 To: George Kontostanos X-Spam-Status: No, score=-0.3 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,MIME_QP_LONG_LINE,RDNS_NONE autolearn=no version=3.3.2 X-Spam-Report: * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's * domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.9 AWL AWL: From: address is in the auto white-list X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on koala.droso.dk Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-stable , =?utf-8?Q?=C3=96zkan_KIRIK?= , FreeBSD Current , Gleb Smirnoff , FreeBSD Release Engineering Team , =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= , Stefan Bethke X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2013 14:00:13 -0000 > On 06/11/2013, at 14.22, George Kontostanos wrote= : >=20 >> On Mon, Nov 4, 2013 at 6:34 PM, Gleb Smirnoff wrote= : >> On Mon, Nov 04, 2013 at 12:11:02PM +0100, Erwin Lansing wrote: >> E> > On Mon, Nov 04, 2013 at 01:41:01AM +0200, George Kontostanos wrote: >> E> > G> > Am 03.11.2013 um 23:06 schrieb Gleb Smirnoff : >> E> > G> > >> E> > G> > > On Sun, Nov 03, 2013 at 10:05:02PM +0200, =C3=96zkan KIRIK wr= ote: >> E> > G> > > =C3=96> Altough bind removed from FreeBSD 10 distribution, "/= etc/rc.d/named" >> E> > G> > script >> E> > G> > > =C3=96> still exists. >> E> > G> > > =C3=96> and this script depends on "/etc/mtree/BIND.chroot.di= st" file but >> E> > G> > there is >> E> > G> > > =C3=96> no such file in source tree. >> E> > G> > > =C3=96> I think this file was forgotten to be removed. >> E> > G> > > =C3=96> >> E> > G> > > =C3=96> And also, named_* definitions still exists in /etc/de= faults/rc.conf >> E> > G> > file. >> E> > G> > > >> E> > G> > > Please review attached file that removes named from /etc. >> E> > G> > >> E> > G> > It would be great if the port would learn to install its own sc= ript etc. >> E> > G> > in time for that change. (Unless it=E2=80=99s already there, an= d I=E2=80=99m just too blind >> E> > G> > to see it.) >> E> > G> >> E> > G> No you are not blind. Installing bind from ports still relies on t= he >> E> > G> /etc/rc.d/named script. >> E> > >> E> > Erwin, can you please handle that? >> E> >> E> Things are much worse that this, the ports are completely written unde= r the assumption that there is a Bind in base, which of course would already= break with WITHOUT_BIND before Bind was completely removed. It will be har= d to fix without breaking the installed base of 8 and 9. Sigh. >> E> >> E> I'll try to work on it this week, but unfortunately have a full schedu= le of meetings and travel as well. >=20 > Suggestion. An option to install the rc script would solve that problem.=20= > =20 If only it was that simple, it would have been done a long time ago. As Gle= b points out, the ports are broken by design. The rc script needs a complet= e rewrite, and that's only after fixing all configuration files, setting up c= hroot, etc etc and all that while not breaking the installed base on 8 and 9= . I spent most of yesterday on this and if I'm lucky, I'm halfway through. = =20 Erwin, sent from a phone at the train station >>=20 >> What should we do with src? >>=20 >> IMO, we should proceed with removal of remnants of bind in src. In the wo= rst case, >> if you can't handle it this week, the situation will be the following: >>=20 >> 1) 8.x, 9.x users are okay >> 2) 10+.x users w/o bind are okay >> 3) 10+.x users with bind have problems >>=20 >> If we skip updating src, then situation would be: >>=20 >> 1) 8.x, 9.x users are okay >> 2) 10+.x users w/o bind have problems >> 3) 10+.x users with bind are okay >>=20 >> I think, there are less 10.x users with bind, than 10.x without it. >=20 > Please warn about this in UPDATING. I am personally use 12 FreeBSD servers= as dedicated DNS servers only. =20 > =20 >> -- >> Totus tuus, Glebius. >=20 >=20 >=20 > --=20 > George Kontostanos > --- > http://www.aisecure.net