From owner-freebsd-stable@FreeBSD.ORG Tue Jul 30 14:49:56 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id B9E6F2BD for ; Tue, 30 Jul 2013 14:49:56 +0000 (UTC) (envelope-from royce.williams@gmail.com) Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 3DA74287A for ; Tue, 30 Jul 2013 14:49:56 +0000 (UTC) Received: by mail-lb0-f180.google.com with SMTP id a16so2408749lbj.39 for ; Tue, 30 Jul 2013 07:49:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; bh=VoUhcRtaXjc23bbLEUODaQRfUotTTwLeIipT26i66Q0=; b=AOK0/gQDYuRzj3OgIdRv05sQ/GFtJcLi/WP1FkOSvvZLDnnI4Pxc96YPRoUxPCGJwT d6ED+Qv5C9E/daCUwSUYQqxwmJLc07YCHqCdGIl2enUYHC3t2N2Z0UfspnaXVlZHkiBA StRKWQWWoayqnToWPb86NQYqcal+nGhtUiZOyFy4fXzyHfQyR2ruCvqZRLhyIQQxnJoY 3BymMNTe7POOp6sibt6ceaRFZg/tZFFeRJOG5WngFXZm7qbqO5JpWVw7eR8aVmuyIPUp IK2w0aggA68GJhnkP8/aJgwaL9ExGdtQepepW0BgjliVAa56IfzeS3GcdOBAx160xPuh ZgdA== X-Received: by 10.112.92.73 with SMTP id ck9mr27571753lbb.69.1375195794141; Tue, 30 Jul 2013 07:49:54 -0700 (PDT) MIME-Version: 1.0 Sender: royce.williams@gmail.com Received: by 10.112.211.137 with HTTP; Tue, 30 Jul 2013 07:49:34 -0700 (PDT) In-Reply-To: <7cc4b6841ce070bef40ed28780ae00d6@mx1.enfer-du-nord.net> References: <1375186900.23467.3223791.24CB348A@webmail.messagingengine.com> <51F7B5C7.6050008@digsys.bg> <51F7C07C.9060606@digsys.bg> <1375193086.25610.3260371.08421FD0@webmail.messagingengine.com> <7cc4b6841ce070bef40ed28780ae00d6@mx1.enfer-du-nord.net> From: Royce Williams Date: Tue, 30 Jul 2013 06:49:34 -0800 X-Google-Sender-Auth: uaMgyg0flii7_n2UXK7kiWeSxcg Message-ID: Subject: Re: Bind in FreeBSD, security advisories To: freebsd-stable Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2013 14:49:56 -0000 On Tue, Jul 30, 2013 at 6:29 AM, Michael Grimm wrote: > > On 2013-07-30 16:04, Mark Felder wrote: > >> Unbound/NSD are suitable replacements if we really need something in >> base, and they have been picked up by OpenBSD for a good reason -- >> clean, secure, readable, maintainable codebases and their use across the >> internet and on the ROOT servers is growing. I don't know enough about BIND replacements to identify them all by sight, but according to bsdstats.org's ports/dns category: http://bsdstats.org/ports.php?category=27 ... across all OSes (I'm not sure how to filter on just FreeBSD), of the 23996 systems reporting , 4966 (~20.71%) are running something from ports that I roughly recognize as a potential replacement for BIND in base: bind84-base 15 bind9 152 bind9-base 187 bind9-dlz+mysql+db41 5 bind9-sdb-ldap 36 bind9-sdb-ldap-base 20 bind94 40 bind94-base 157 bind95 29 bind95-base 54 bind96 146 bind96-base 181 bind97 120 bind97-base 429 bind97-sdb 8 bind97-sdb-base 12 bind98 202 bind98-base 423 bind98-devel 13 bind99 259 bind99-base 405 bind99-devel 12 djbdns 629 djbdns-ipv6 392 nsd 140 powerdns 189 powerdns-devel 17 powerdns-recursor 120 udns 215 unbound 359 4966/23977 = 0.20712 Given how many PC-BSD boxes there are, and how many folks that are running FreeBSD and bsdstats may not know why (or how) to replace BIND, ~20% seems like a significant number. I'm not advocating either way; I'm just providing some data points. Royce