Hi, For years, a lot of security advisories have been present for bind. I'm just guessing if it's not a good idea to remove bind from base? This will probably free by half the number of FreeBSD SA's in the future. Regards, -- Demelier David
People don't seem upset about not having a webserver, IMAP/POP daemon, or LDAP server in base, so I don't understand what the big deal is about removing BIND. If the concern is over the rare case when you absolutely need a DNS recursor and there are none you can reach I suppose we should just import Unbound. However, if you can't reach any DNS servers I assume you can't reach the roots either, so I don't understand what a local recursor will gain you. I support removing BIND from base, but there's a larger conversation to be had (again).
On Tue, Jul 30, 2013 at 8:55 AM, David Demelier <demelier.david at gmail.com> wrote:> Hi, > > For years, a lot of security advisories have been present for bind. > I'm just guessing if it's not a good idea to remove bind from base? > > This will probably free by half the number of FreeBSD SA's in the future. >Sure, but no bind in base also implies no dig, nslookup or host. Cheers Tom
On 2013-07-30 12:55 AM, "David Demelier" <demelier.david at gmail.com> wrote:> > Hi, > > For years, a lot of security advisories have been present for bind. > I'm just guessing if it's not a good idea to remove bind from base? > > This will probably free by half the number of FreeBSD SA's in the future.Hasn't this discussion occurred several times already on the -current mailing list over the past year? And hadn't unbound and/or ldns been imported into - current already? This just seems very familiar somehow...
David Demelier <demelier.david at gmail.com> writes:> For years, a lot of security advisories have been present for bind. > I'm just guessing if it's not a good idea to remove bind from base?There are plans to do so. It's not as trivial as people seem to think. DES -- Dag-Erling Sm?rgrav - des at des.no