Date: Fri, 6 Jun 2003 17:48:42 -0700 (PDT) From: Doug Barton <DougB@FreeBSD.org> To: freebsd-arch@FreeBSD.org Cc: Bill Moran <wmoran@potentialtech.com> Subject: Re: Way forward with BIND 8 Message-ID: <20030606173304.T15459@znfgre.qbhto.arg> In-Reply-To: <20030606161002.GC82589@dragon.nuxi.com> References: <20030605235254.W5414@znfgre.qbhto.arg> <a06001214bb060a199205@[10.0.1.2]> <20030606133644.GB49662@iconoplex.co.uk> <20030606161002.GC82589@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 6 Jun 2003, David O'Brien wrote:
> On Fri, Jun 06, 2003 at 10:28:06AM -0400, Bill Moran wrote:
> > The "at this time" part of his response says to me that the current "mixed"
> > status of 5 as -CURRENT as well as -RELEASE and the current effort to get
> > 5 -STABLE is what's preventing the import of BIND 9. Once 5 is branched
> > to a 6-CURRENT, I'm sure the possibility will open up to import BIND 9
> > again. At that time ...
>
> The problem is that means that all throughout the 5-STABLE branch (I'd
> figure 2 years), we have BIND8 in the tree
I don't think that's a valid conclusion. I have in mind at some point in
the future to import bind 9 into 6-current, and I don't think it would be
totally unreasonable to mfc it to 5-stable, assuming that the bind 9 code
stabilizes early enough in the 5-stable lifecycle to justify this.
> If we're going to forever stick with anchient versions of stuff in
> src/contrib;
BIND 8 isn't ancient.... it's still being actively developed, and bug
fixes for urgent security issues are released in a timely manner. It's not
the newest, shiniest toy, but in this case I think it's worthwhile to
stick with the older, more reliable model.
> we might as well kick BIND out and require the use of a port.
I've seriously considered that. The problem is, out of the 3 parts of
BIND, the named stuff is the only one we can seriously live without. We
have:
1. named, and related stuff like named-xfer
2. resolver libraries
3. userland stuff, like dig, host, nslookup (gag), etc.
Now we can definitely do without 1 in the base, and I'd love to make the
library stuff more modular, but every time we start to talk about that,
the discussion degenerates into people mumbling with glassy expressions on
their faces. As for 3, I don't think we can seriously ship FreeBSD without
basic dns diagnostic tools and still call it Unix-like.
As I mentioned in my previous post, there is also the issue of the output
formats for the userland stuff having changed dramatically in bind 9,
which is going to cause problems for people who've scripted stuff using
those tools.
> I use FreeBSD because I want fresh userland software (when it is
> ready, and surely by X.2.2 it is)
David, come on. You of all people should know better than to base
technology decisions on version numbers. :) Here is the problem, in more
detail for those who don't follow BIND development.
9.2.2 has actually reached a certain level of maturity and stability. The
problem is that with 9.3, they are starting from scratch on large portions
of the codebase, especially those related to dnssec. Thus, if we import
9.2.2 now, we're going to be faced with a decision down the road of
whether or not to import 9.3.0, and all those shiny new bugs. Virtually
all of the vulnerabilities discovered in the 8.x codebase over the last
several years have been related to just this area... dnssec and tsig.
Therefore, I'm very much of the opinion that we should put off considering
import of bind 9 until the 9.3.x branch, and then wait a version or two
for the code to stabilize. This should coincide nicely with our timing for
6-current.
> that is easily installable and upgradeable via 'make world'. Otherwise
> I'd use NetBSD.
So put 'NO_BIND' and 'PORT_REPLACES_BASE_BIND9' in /etc/make.conf, and
you're done. :) In fact, I'd like to encourage all those who are promoting
this change to do just that... I'd be interested in feedback from people
on this too.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030606173304.T15459>