Date: Sat, 07 Jul 2012 16:17:53 -0700 From: Doug Barton <dougb@FreeBSD.org> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-security@freebsd.org, =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Replacing BIND with unbound (Was: Re: Pull in upstream before 9.1 code freeze?) Message-ID: <4FF8C3A1.9080805@FreeBSD.org> In-Reply-To: <89AB703D-E075-4AAC-AC1B-B358CC4E4E7F@lists.zabbadoz.net> References: <CA%2BQLa9B-Dm-=hQCrbEgyfO4sKZ5aG72_PEFF9nLhyoy4GRCGrA@mail.gmail.com> <4FF2E00E.2030502@FreeBSD.org> <86bojxow6x.fsf@ds4.des.no> <89AB703D-E075-4AAC-AC1B-B358CC4E4E7F@lists.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/07/2012 14:16, Bjoern A. Zeeb wrote:
>
> On 3. Jul 2012, at 12:39 , Dag-Erling Smørgrav wrote:
>
>> Doug Barton <dougb@FreeBSD.org> writes:
>>> The correct solution to this problem is to remove BIND from the base
>>> altogether, but I have no energy for all the whinging that would happen
>>> if I tried (again) to do that.
>>
>> I don't think there will be as much whinging as you expect. Times have
>> changed.
>>
>> I'm willing to import and maintain unbound (BSD-licensed validating,
>> recursive, and caching DNS resolver) if you remove BIND.
>
> I'd object to it. Trading one for another without gaining anything does
> not help us much.
Au contraire. It solves the problem of BIND release cycles not matching
up with ours. This is a very important problem to solve.
I've already written at length as to what I think the dream solution is,
but we don't have anyone willing to code that yet, and even if we did,
there is no guarantee that we'd get the buy-in to make it happen. In
addition to being a good first step, doing this for DNS will also help
us shake out the exact issues you allude to below.
> Don't get me wrong I have both running for years and even maintain patches
> for unbound for 2 years now for functionality they do not provide, which
> named happily gives me.
Other than authoritative DNS, what features does unbound lack that you want?
> If you want to do this, I would prefer a properly laid out action plan
> as the import is by far the easiest but the integration into various
> parts of the system is harder.
BIND in the base today comes with a full-featured local resolver
configuration, which I'm confident that Dag-Erling can do for unbound
(and which I would be glad to assist with if needed). Other than that,
what integration are you concerned about?
... and just in case, these are sincere "project requirement gathering"
questions, I'm not attempting to be snarky in any way.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FF8C3A1.9080805>