From owner-freebsd-stable@FreeBSD.ORG Tue Dec 3 16:05:53 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8DC1B5C0 for ; Tue, 3 Dec 2013 16:05:53 +0000 (UTC) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5D6EC1E7F for ; Tue, 3 Dec 2013 16:05:53 +0000 (UTC) Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id EDB8E208CB for ; Tue, 3 Dec 2013 11:05:49 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Tue, 03 Dec 2013 11:05:49 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:in-reply-to:references :subject:date; s=smtpout; bh=oxCvk7SWZaEcTEV01DG5lXtyycU=; b=W+/ el2Mcxz56OB1bBSWd5V/lU9r5MdyGS/eFl9zP4ssIg6nd5VZVseqRFvsrwx/veG9 sRAeo5Nhy8ZMtmQSro4lGGxvUtylVnYO4d+XzfrAmIIC1mxsA7R+m1dCubhh9xT0 1AoDjWzTvye/rxMyS79DgsqJneT5Ys7OFtpyaj1c= Received: by web3.nyi.mail.srv.osa (Postfix, from userid 99) id CE1C511CC55; Tue, 3 Dec 2013 11:05:49 -0500 (EST) Message-Id: <1386086749.9599.54995173.6CD35E54@webmail.messagingengine.com> X-Sasl-Enc: lpjyWU+rCtM580XHatvtouL3g8lKkISXxTLYjzCXBvV+ 1386086749 From: Mark Felder To: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-24db94df In-Reply-To: References: <529D9CC5.8060709@rancid.berkeley.edu> <529DF7FA.7050207@passap.ru> Subject: Re: BIND chroot environment in 10-RELEASE...gone? Date: Tue, 03 Dec 2013 10:05:49 -0600 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Dec 2013 16:05:53 -0000 On Tue, Dec 3, 2013, at 9:58, Royce Williams wrote: > On Tue, Dec 3, 2013 at 6:25 AM, Boris Samorodov wrote: > > > > 03.12.2013 12:56, Michael Sinatra =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > > > > > I am aware of the fact that unbound has "replaced" BIND in the base > > > system, starting with 10.0-RELEASE. What surprised me was recent > > > commits to ports/dns/bind99 (and presumably other versions) that appe= ars > > > to take away the supported chroot capabilities. > > > > /usr/ports/UPDATING has some info about the matter. >=20 >=20 > Specifically, 20131112 says: >=20 > All bind9 ports have been updated to support FreeBSD 10.x after > BIND was removed from the base system. It is now self-contained > in ${PREFIX}/etc/namedb, and chroot and symlinking options are > no longer supported out of the box. >=20 > Does that mean that those options now need to be manually configured > by each team running BIND? >=20 > If so, that is a net negative for security. Even if everyone running > public-facing BIND knows how to chroot, it means more work -- and more > potential implementation errors. >=20 I had not seen that UPDATING entry... I assume that due to shortage of time by the maintainer and the urgency to just get the port working it has been discarded for now. You could try adding the features back to the port and seeing if the maintainer accepts them. Unfortunately I don't have any inside information to assist you further.