Date: Thu, 05 Dec 2013 12:51:12 +1100 From: Mark Andrews <marka@isc.org> To: Lee Brown <leeb@ratnaling.org> Cc: freebsd-stable@freebsd.org Subject: Re: BIND chroot environment in 10-RELEASE Message-ID: <20131205015112.DA73BB2F12D@rock.dv.isc.org> In-Reply-To: Your message of "Wed, 04 Dec 2013 16:15:54 -0800." <CAFPNf58F-YsZsOYc0BEqHcivFEtwWjvX83EWbvnUEjPpo4CXNA@mail.gmail.com> References: <CAFPNf58F-YsZsOYc0BEqHcivFEtwWjvX83EWbvnUEjPpo4CXNA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <CAFPNf58F-YsZsOYc0BEqHcivFEtwWjvX83EWbvnUEjPpo4CXNA@mail.gmail.com>, Lee Brown writes:
> Just a regular admin...
>
> Personally I would prefer to NOT have python in base, hidden or otherwise.
>
> I don't see BIND as being part of base anyway. The LWR is sufficient for
> base. BIND is a service for other machines on the network. Just like I
> wouldn't want apache to be in base.
Then you really do not understand BIND.
> For example I'm installing FreeBSD on a laptop. Do I really need BIND?
> Not really. However when I build a server for a LAN, then I want to bring
> in BIND, git, apache, etc...
Yes. You need a validating resolver reachable over a secure channel.
Now one could argue about a desktop but anything mobile that connects
to random hot spots needs to do its own validation and until every
application that retrieves DNS data from the network that will
continue to be true.
options {
dnssec-validation auto;
listen-on { 127.0.0.1; };
listen-on-v6 { ::1; };
};
Named has lots of options almost all of which don't need to be set.
named -c /dev/null
makes a good recursive only resolver. add
options { dnssec-validation auto; }
and it becomes a good validating recursive only resolver.
> If I have a one time migration of BIND in my migration from 9 to 10, so be
> it. I'm used to having to do *some* work on a major number upgrade after
> all. I'm happy to jail it and use the port vanilla.
>
> I do agree this could have been managed better though. This is not the
> level of engineering I am used to from FreeBSD. Having said that, the
> level of engineering is, IMHO, far superior to most other OSs I've worked
> with.
>
> Thanks to all (past, present and future) who contribute to the effort.
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131205015112.DA73BB2F12D>