From owner-freebsd-stable@FreeBSD.ORG Wed Dec 4 21:10:08 2013 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D60BCF2C; Wed, 4 Dec 2013 21:10:08 +0000 (UTC) Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 70D021150; Wed, 4 Dec 2013 21:10:08 +0000 (UTC) Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id 136F423839C; Wed, 4 Dec 2013 21:09:54 +0000 (UTC) (envelope-from marka@isc.org) Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id A015F160446; Wed, 4 Dec 2013 21:17:44 +0000 (UTC) Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 714E2160436; Wed, 4 Dec 2013 21:17:44 +0000 (UTC) Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 7917AB276B4; Thu, 5 Dec 2013 08:09:50 +1100 (EST) To: Erwin Lansing From: Mark Andrews References: <529D9CC5.8060709@rancid.berkeley.edu> <529DF7FA.7050207@passap.ru> <529E179D.7030701@rancid.berkeley.edu> <20131203211606.F2E17B100EB@rock.dv.isc.org> <20131204094730.GX29825@droso.dk> Subject: Re: BIND chroot environment in 10-RELEASE...gone? In-reply-to: Your message of "Wed, 04 Dec 2013 10:47:31 +0100." <20131204094730.GX29825@droso.dk> Date: Thu, 05 Dec 2013 08:09:50 +1100 Message-Id: <20131204210950.7917AB276B4@rock.dv.isc.org> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mx.ams1.isc.org Cc: stable@freebsd.org, freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Dec 2013 21:10:09 -0000 In message <20131204094730.GX29825@droso.dk>, Erwin Lansing writes: > On Wed, Dec 04, 2013 at 08:16:06AM +1100, Mark Andrews wrote: > > > > As for 9.9.x ESV it will be support for to at least June 2017, which > > is 5+ years from BIND 9.9.0, and 4 years after 9.9.x was announced > > as the ESV series with BIND 9.9.3. > > > > BIND 9.6 went ESV in Mar 2010 and will be EoL in Jan 2014. > > > > BIND 9.10 in is alpha at the moment. > > > > BIND 10 is still in development. > > > > Thanks for chiming in Mark. As you can see, there's some confusion > about BIND9's lifetime, so getting this straight from the horse's mouth > is good. > > I did a presentation at the recent ICANN meeting about why BIND was > removed from base, slides are at > http://people.freebsd.org/~erwin/presentations/20131118-ICANN-FreeBSD-DNS.pdf > > Note that most of the reasons all fall back to reducing code base and > complexity, and some of the other bullets all follow from that. It has > more to do with how BIND was integrated into FreeBSD than BIND itself > and unbound just has the advantage that it does not have an authoritatve > part (and key management etc), with associated options and potential > security vulnerabilities, and thus hopefully will be easier to maintain > in the base system. Yet you need the authoritative part for supplying addresses in the home which it is named vs Casper. B.T.W. It is don't be a recursive server if you are a authoritative server for a zone (i.e. listed in the NS records). Not staight split of rolls. Recursive server expect to be talking to authoritative servers. Stub resolvers don't care if some of the answers they get are from a authoritative zone or from a cache. They do care if they are not offered a recursive service. As with many things in the DNS there are lots of caveats and exceptions to any "rule". As for key management you only need to worry about that if you are signing the zones. As for potential bugs. Having authoritative support in the server adds very little additional code overall. You still need to parse queries. You still need code to assemble responses to the client. You still need code to parse responses from authoritative servers. About the only thing you do extra is read some zone content from disk or transfer it from other authoritative servers and write zone content out to disk. The arguements don't stack up for anyone truly aware of how nameservers work. Mark > Erwin > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org