Date: Tue, 30 Jul 2013 15:47:03 +0300 From: Daniel Kalchev <daniel@digsys.bg> To: freebsd-stable@freebsd.org Subject: Re: Bind in FreeBSD, security advisories Message-ID: <51F7B5C7.6050008@digsys.bg> In-Reply-To: <1375186900.23467.3223791.24CB348A@webmail.messagingengine.com> References: <CAO%2BPfDctepQY0mGH7H%2BgOSm4HJwhe-RCND%2BmxAArnRxpWiCsjg@mail.gmail.com> <1375186900.23467.3223791.24CB348A@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30.07.13 15:21, Mark Felder wrote: > People don't seem upset about not having a webserver, IMAP/POP daemon, > or LDAP server in base, so I don't understand what the big deal is about > removing BIND. I believe the primary reason these things are not in the base system is that they have plenty of dependencies, with possibly conflicting licenses etc. > If the concern is over the rare case when you absolutely > need a DNS recursor and there are none you can reach I suppose we should > just import Unbound. There are many and good reasons to include an fully featured name server, or at least full recursive resolver. For example, for properly supporting DNSSEC. We could in theory remove the BIND's authoritative name server executable... if that is attracting the SAs. The justification "reduce the number of SA's", that is, "the bad PR" is probably not enough. Going that direction, we should consider Comrade Stalin's maxim "FreeBSD exists, there are problems, here is the solution -- no FreeBSD, no problems!" :-) Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51F7B5C7.6050008>